Mobile devices equipped with touch screens have increasingly rich functionality, enhanced computing power, and greater storage capacity. These devices often contain private information such as personal photos, emails, and even corporate data. Therefore, it is crucial to have secure yet convenient user authentication mechanisms for touch screen devices. However, the widely used password/PIN/pattern based solutions are susceptible to shoulder surfing (as mobile devices are often used in public settings where shoulder surfing often happens either purposely or inadvertently) and smudge attacks (as oily residues left by fingers on touch screens can be recognized by impostors) and are sometimes inconvenient for users to input when they are walking or driving.
The goal of this project is to develop a behavior based user authentication approach for touch screen devices. Rather than authenticating users solely based on what they input (such as a password/PIN/pattern), Behavioral Authentication is based upon how users provide input input. Specifically, a user is first asked to perform certain actions, such as gestures/signatures, on touch screens and then the behavior feature information (such as velocity magnitude and device acceleration) is extracted from the actions to authenticate the user based on machine learning techniques. The intuition behind the proposed approach is that people have consistent and distinguishing behavior of performing gestures and signatures on touch screens. Compared with current user authentication schemes for touch screen devices, the proposed approach is significantly more difficult to compromise because it is nearly impossible for impostors to reproduce the behavior of others doing gestures/signatures through shoulder surfing or smudge attacks - they can see it, but they cannot do it.
This project will advance the knowledge and understanding of behavior based user authentication on touch screen devices. This is potentially transformative research with high-impact. If successful, this project will not only yield a theoretical foundation for behavior based user authentication on touch screen devices but also invite future research along this direction.
