Please hold on: Unobtrusive user authentication using smartphone's built-in sensors

Smartphones provide anytime-anywhere communications and are being increasingly used for a variety of purposes, e.g, sending email, performing online transactions, connecting with friends and acquaintances over social networks. As a result, a considerable amount of sensitive personal information is often generated and stored on smartphones. Thus, smartphone users may face financial as well as sentimental consequences if such information fall in the wrong hands. To address this problem all smartphones provide some form of user authentication, that is the process of verifying the user's identity. Existing authentication mechanisms, such as using 4-digit passcodes or graphical patterns, suffer from multiple limitations - they are neither highly secure nor easy to input. As a results, recent studies found that most smartphone's users do not use any authentication mechanism at all. In this paper, we present a fully unobtrusive user authentication scheme based on micro-movements of the user's hand(s) after the user unlocks her smartphone. The proposed scheme collects data from multiple 3-dimensional smartphone sensors in the background for a specific period of time and profiles a user based on the collected hand(s) movement patterns. Subsequently, the system matches the query pattern with the pre-stored patterns to authenticate the smartphone owner. Our system achieved a True Acceptance Rate (TAR) of 96% at an Equal Error Rate (EER) of 4%, on a dataset of 31 qualified volunteers (53, in total), using Random Forest (RF) classifier. Our scheme can be used as a primary authentication mechanism or can be used as a secondary authentication scheme in conjunction with any of the existing authentication schemes, e.g., passcodes, to improve their security.