This paper introduces DialerAuth - a mechanism which leverages the way a smartphone user taps/enters any “text-independent" 10-digit number (replicating the dialing process) and the hand’s micro-movements she makes while doing so. DialerAuth authenticates the user on the basis of timing differences in the entered 10-digit strokes. DialerAuth provides enhanced security by leveraging the transparent and unobservable layer based on another
modality - user’s hand micro-movements. Furthermore, Dialerauth increases the usability and acceptability by utilizing the users’ familiarity with the dialing process and the flexibility of choosing any combination of 10-digit number.We implemented DialerAuth for both data collection and proof-of-concept real-time analysis. We collected, in total ≈10500 legitimate samples involving 97 users, through an extensive unsupervised field experiment, to evaluate the
effectiveness of DialerAuth. Analysis using one-class Multilayer Perceptron (MLP) shows a TAR of 85.77% in identifying the genuine users. Security analysis involving ≈240 adversarial attempts proved DialerAuth as significantly resilient against random and mimic attacks. A usability study based on System Usability Scale (SUS) reflects a positive feedback on user acceptance (SUS score = 73.29).
DialerAuth: A Motion-assisted Touch-based Smartphone User Authentication Scheme
The work described in this website has been conducted within the project NeCS. This project has received funding from the European Union’s Horizon 2020 (H2020) research and innovation programme under the Grant Agreement no 675320. This website and the content displayed in it do not represent the opinion of the European Union, and the European Union is not responsible for any use that might be made of its content.
Author (ESR):
Sandeep Gupta (Universita Degli Studi Di Trento)
Links:
Venue:
The 8th ACM Conference on Data and Application Security and Privacy, March 19 - 21, 2018. Tempe, AZ, USA
Date:
Wednesday, March 21, 2018