NOTE: The following materials are presented for timely
dissemination of
academic and technical work. Copyright and all other rights
therein are reserved by authors and/or other copyright
holders. Persoanl
use of the following materials is permitted and, however, people using
the materials or information
are expected to adhere to the terms and
constraints invoked by the related copyright.
TDAS: A Touch Dynamics based Multi-Factor Authentication
Solution for Mobile Devices
ABSTRACT
The use of mobile devices in handling our daily activities that involve the storage or access of sensitive data (e.g. on-line banking,
paperless prescription services, etc.) is becoming very common. These mobile electronic services typically use a knowledge-based
authentication method to authenticate a user (claimed identity). However, this authentication method is vulnerable to several security
attacks. To counter the attacks and to make the authentication process more secure, this paper investigates the use of touch dynamics
biometrics in conjunction with a PIN-based authentication method, and demonstrates its benefits in terms of strengthening the security of
authentication services for mobile device. The investigation has made use of three light-weighted matching functions and a comprehensive reference dataset collected from 150
subjects. The investigative results show that, with this multi-factor authentication approach, even when the PIN is exposed, as much as 9 out of 10
impersonation attempts can be successfully identified. It has also been discovered that the accuracy performance can be increased by
combining different feature data types and by increasing the input string length. The novel contributions of this paper are two-fold. Firstly, it describes how a comprehensive experiment is set up to collect touch dynamics
biometrics data, and the set of collected data is being made publically available, which may facilitate further research in the problem
domain. Secondly, the paper demonstrates how the dataset may be used to strengthen the protection of resources that are accessible via
mobile devices.
Click
ijpcc2016.pdf
for full text
.