Search results

The use of mobile devices in handling our daily activities that involve the storage or access of sensitive data (e.g. on-line banking, paperless prescription services, etc.) is becoming very common. These mobile electronic services typically use a knowledge-based authentication method to authenticate a user (claimed identity). However, this authentication method is vulnerable to several security attacks. To counter the attacks and to make the authentication process more secure, this paper aims to investigate the use of touch dynamics biometrics in conjunction with a personal identification number (PIN)-based authentication method, and demonstrate its benefits in terms of strengthening the security of authentication services for mobile devices.

The investigation has made use of three light-weighted matching functions and a comprehensive reference data set collected from 150 subjects.

The investigative results show that, with this multi-factor authentication approach, even when the PIN is exposed, as much as nine out of ten impersonation attempts can be successfully identified. It has also been discovered that the accuracy performance can be increased by combining different feature data types and by increasing the input string length.

The novel contributions of this paper are twofold. Firstly, it describes how a comprehensive experiment is set up to collect touch dynamics biometrics data, and the set of collected data is being made publically available, which may facilitate further research in the problem domain. Secondly, the paper demonstrates how the data set may be used to strengthen the protection of resources that are accessible via mobile devices.

Security technology on mobile devices is increasingly more important as smartphones are becoming more versatile and, thus, store more sensitive information. Among the three indispensable factors of owner authentication technologies on mobile devices, security, usability and system efficiency, usability is considered the key factor. This paper aims to challenge the limits of usability on mobile device authentication technology with respect to input size.

This paper introduces one tap authentication as a novel authentication method on mobile devices. A user just has to tap the screen of a smartphone once, and he or she will be authenticated.

One tap authentication is proven possible in this paper. The average equal error rate among 10 owners against 25 unauthorized users is as low as 3.8.

This paper focuses on verifying the possibility on one tap authentication. However, the application to various environments, such as when standing or walking or on a train, is not explored.

This research explores tap authentication with a single tap for the first time in the field. To the best of the authors’ knowledge, the minimum number of taps required in tap authentication has been 4.

The purpose of this paper is to extract the user behaviour and transform it into a unique signature that can be used as implicit authentication technique. Smart devices are equipped with multiple authentication techniques and still remain prone to attacks because all of these techniques require explicit intervention of the user. Entering a pin code, a password or even having a biometric print can be easily hacked by an adversary.

In this paper, the authors introduce a novel authentication model to be used as complementary to the existing authentication models. Particularly, the duration of usage of each application and the occurrence time were examined and modelled into a user signature. During the learning phase, a cubic spline function is used to extract the user signature based on his/her behavioural pattern.

Preliminary field experiments show a 70 per cent accuracy rate in determining the rightful owner of the device.

The main contribution of this paper is a framework that extracts the user behaviour and transforms it into a unique signature that can be used to implicitly authenticate the user.

The popularity of mobile devices and the evolving nature of the services and information they can delivery make them increasingly desirable targets for misuse. The ability to provide effective authentication of the user becomes imperative if protection against misuse of personally and financially sensitive information is to be provided. This paper discusses the application of biometrics to a mobile device in a transparent and continuous fashion and the subsequent advantages and disadvantages that are in contention with various biometric techniques.

An investigation was conducted to evaluate the feasibility of utilising signature recognition, to verify users based upon written words and not signatures, thereby enabling transparent handwriting verification. Participants were required to write a number of common words, such as “hello” “sorry” and “thank you”. The ability to correctly verify against their own template and to reject impostors was then established.

Totally, 20 users participated in the study and an average FAR and FRR of 0 and 1.2 per cent, respectively, were experienced across eight common words.

The initial study has proven very successful, however, further investigations need to be established with a larger population of users and a wider vocabulary of words.

This study has verified the feasibility of applying an existing signature recognition technique to transparent handwriting verification.

Personal mobile devices currently have access to a significant portion of their user's private sensitive data and are increasingly used for processing mobile payments. Consequently, securing access to these mobile devices is a requirement for securing access to the sensitive data and potentially costly services. The authors propose and evaluate a first version of a pan shot face unlock method: a mobile device unlock mechanism using all information available from a 180° pan shot of the device around the user's head – utilizing biometric face information as well as sensor data of built‐in sensors of the device. The paper aims to discuss these issues.

This approach uses grayscale 2D images, on which the authors perform frontal and profile face detection. For face recognition, the authors evaluate different support vector machines and neural networks. To reproducibly evaluate this pan shot face unlock toolchain, the authors assembled the 2013 Hagenberg stereo vision pan shot face database, which the authors describe in detail in this article.

Current results indicate that the approach to face recognition is sufficient for further usage in this research. However, face detection is still error prone for the mobile use case, which consequently decreases the face recognition performance as well.

The contributions of this paper include: introducing pan shot face unlock as an approach to increase security and usability during mobile device authentication; introducing the 2013 Hagenberg stereo vision pan shot face database; evaluating this current pan shot face unlock toolchain using the newly created face database.

This research aims to build a system that will continuously. This paper is an extended version of SECPRE 2021 paper and presents a research on the development and validation of a behavioral biometrics continuous authentication (BBCA) system that is based on users keystroke dynamics and touch gestures on mobile devices. This paper aims to build a system that will continuously authenticate the user of a smartphone.

Session authentication schemes establish the identity of the user only at the beginning of the session, so they are vulnerable to attacks that tamper with communications after the establishment of the authenticated session. Moreover, smartphones themselves are used as authentication means, especially in two-factor authentication schemes, which are often required by several services. Whether the smartphone is in the hands of the legitimate user constitutes a great concern and correspondingly whether the legitimate user is the one who uses the services. In response to these concerns, BBCA technologies have been proposed on a large corpus of literature. This paper presents a research on the development and validation of a BBCA system (named BioPrivacy), which is based on the user’s keystroke dynamics and touch gestures, using a multi-layer perceptron (MLP). Also, this paper introduces a new BB collection tool and proposes a methodology for the selection of an appropriate set of BB.

The system achieved the best results for keystroke dynamics which are 97.18% accuracy, 0.02% equal error rate, 97.2% true acceptance rate and 0.02% false acceptance rate.

This paper develops a new BB collection tool, named BioPrivacy, by which behavioral data of users on mobile devices can be collected. This paper proposes a methodology for the selection of an appropriate set of BB. This paper presents the development of a BBCA system based on MLP.

This study aims to investigate the differences in security-conscious (group A) and regular (group B) users’ behaviors and practices on mobile devices.

A survey was used to investigate the differences in behaviors and practices of security-conscious users (group A) and regular users (group B) on mobile devices. Each group will have 50 participants for a total of 100.

The analysis revealed differences in the behaviors and practices of security-conscious and regular users. The results indicated that security-conscious users engage in behaviors and practices that are more secure on mobile devices when compared with regular users.

The results will help recommend the best behaviors and practices for mobile device users, increasing mobile device security.

The results will help society to be more aware of security behaviors and practices on mobile devices.

This study answers the call for addressing the weaknesses and vulnerabilities in mobile device security. It develops a research instrument to measure the differences in behaviors and practices of security-conscious and regular mobile device users.

The purpose of this paper is to present a new paradigm, named BioGames, for the extraction of behavioral biometrics (BB) conveniently and entertainingly. To apply the BioGames paradigm, the authors developed a BB collection tool for mobile devices named BioGames App. The BioGames App collects keystroke dynamics, touch gestures, and motion modalities and is available on GitHub. Interested researchers and practitioners may use it to create their datasets for research purposes.

One major challenge for BB and continuous authentication (CA) research is the lack of actual BB datasets for research purposes. The compilation and refinement of an appropriate set of BB data constitute a challenge and an open problem. The issue is aggravated by the fact that most users are reluctant to participate in long demanding procedures entailed in the collection of research biometric data. As a result, they do not complete the data collection procedure, or they do not complete it correctly. Therefore, the authors propose a new paradigm and introduce a BB collection tool, which they call BioGames, for the extraction of biometric features in a convenient way. The BioGames paradigm proposes a methodology where users play games without participating in an experimental painstaking process. The BioGames App collects keystroke dynamics, touch gestures, and motion modalities.

The authors proposed a new paradigm for the collection of BB on mobile devices and created the BioGames application. The BioGames App is an Android application that collects BB data on mobile devices and sends them to a database. The database design allows multiple users to store their sensor data at any time. Thus, there is no concern about data separation and synchronization. BioGames App is General Data Protection Regulation (GDPR) compliant as it collects and processes only anonymous data.

The BioGames App is a publicly available tool that combines the keystroke dynamics, touch gestures, and motion modalities. In addition, it uses a methodology where users play games without participating in an experimental painstaking process.

The Android pattern lock screen (or graphical password) is a popular user authentication method that relies on the advantages provided by the visual representation of a password, which enhance its memorability. Graphical passwords are vulnerable to attacks (e.g. shoulder surfing); thus, the need for more complex passwords becomes apparent. This paper aims to focus on the features that constitute a usable and secure pattern and investigate the existence of heuristic and physical rules that possibly dictate the formation of a pattern.

The authors conducted a survey to study the users’ understanding of the security and usability of the pattern lock screen. The authors developed an Android application that collects graphical passwords, by simulating user authentication in a mobile device. This avoids any potential bias that is introduced when the survey participants are not interacting with a mobile device while forming graphical passwords (e.g. in Web or hard-copy surveys).

The findings verify and enrich previous knowledge for graphical passwords, namely, that users mostly prefer usability than security. Using the survey results, the authors demonstrate how biased input impairs security by shrinking the available password space.

The sample’s demographics may affect our findings. Therefore, future work can focus on the replication of our work in a sample with different demographics.

The authors define metrics that measure the usability of a pattern (handedness, directionality and symmetry) and investigate their impact to its formation. The authors propose a security assessment scheme using features in a pattern (e.g. the existence of knight moves or overlapping nodes) to evaluate its security strengths.

Security questions are one of the techniques used to recover forgotten passwords. However, security questions have both security and memorability limitations. To limit their security vulnerabilities, stronger answers need to be used. As serious games can motivate users to change their security behaviour, the purpose of this paper is to explore the features and functionalities that users would require in a serious game that educates them to provide stronger answers to security questions.

A lab study was conducted to collect users’ feedback on the desired game features and functionalities. In Stage 1, participants selected security questions/answers. In Stage 2, participants played a game and evaluated the usability and the provided features.

The main findings reveal that most participants found the current features and functionalities to be desirable; socially oriented functionalities (e.g. getting help from other players) did not seem desirable because users feared that their acquaintances could gain access to their security questions.

This research recommends that designers of serious games for security education should: use intrinsic rewards to motivate users to have a better learning experience; provide easier challenges during the training period and provide harder challenges only when the game determines that the users learned to play the game; and design their games for mobile devices because even users who usually do not play games would play a security education game on a mobile device.