Touch to Authenticate — Continuous Biometric Authentication on Mobile Devices

Abstract

Like no other device, smart phones influence our way of communication. The benefits of combining a variety of functionality (e.g. taking photos, navigating, surfing the web and exchanging information) into a single device led to a rich repository of private and commercial information. Although the information on smart phones in many cases is highly sensitive for either privacy or business reasons most users use simple and ineffective passcodes or patterns as authentication method. The security situation becomes even more complicated if companies encourage their employees by Bring-Your-Own-Device policies to shift workload to smart phones without a holistic security concept. As strong authentication methods will only be successful if they comply with the usability requirements of today’s users, biometric approaches pose an opportunity to close the gap between security and usability.In this paper we contribute to this research field by introduc- ing an approach for continuous biometric authentication using touchscreen gestures and related posture information as unique features. In first experiments, this new authentication layer for Android-based phones, which is using a fuzzy classifier in combination with a scoring model, demonstrated its feasibility by achieving an Equal Error Rate (EER) of 11,5%.