DialerAuth: A Motion-assisted Touch-based Smartphone User Authentication Scheme

Author (ESR): 
Sandeep Gupta (Universita Degli Studi Di Trento)
Authors: 
Attaullah Buriro
Bruno Crispo
Filippo Del Frari

This paper introduces DialerAuth - a mechanism which leverages the way a smartphone user taps/enters any “text-independent" 10-digit number (replicating the dialing process) and the hand’s micro-movements she makes while doing so. DialerAuth authenticates the user on the basis of timing differences in the entered 10-digit strokes. DialerAuth provides enhanced security by leveraging the transparent and unobservable layer based on another
modality - user’s hand micro-movements. Furthermore, Dialerauth increases the usability and acceptability by utilizing the users’ familiarity with the dialing process and the flexibility of choosing any combination of 10-digit number.We implemented DialerAuth for both data collection and proof-of-concept real-time analysis. We collected, in total ≈10500 legitimate samples involving 97 users, through an extensive unsupervised field experiment, to evaluate the
effectiveness of DialerAuth. Analysis using one-class Multilayer Perceptron (MLP) shows a TAR of 85.77% in identifying the genuine users. Security analysis involving ≈240 adversarial attempts proved DialerAuth as significantly resilient against random and mimic attacks. A usability study based on System Usability Scale (SUS) reflects a positive feedback on user acceptance (SUS score = 73.29).

Venue: 
The 8th ACM Conference on Data and Application Security and Privacy, March 19 - 21, 2018. Tempe, AZ, USA
Date: 
Wednesday, March 21, 2018