Password hardening based on keystroke dynamics
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
Asymptotic behaviors of support vector machines with Gaussian kernel
Neural Computation
Estimating the Support of a High-Dimensional Distribution
Neural Computation
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
A hybrid GA-PSO fuzzy system for user identification on smart phones
Proceedings of the 11th Annual conference on Genetic and evolutionary computation
Keystroke-Based User Identification on Smart Phones
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
Smudge attacks on smartphone touch screens
WOOT'10 Proceedings of the 4th USENIX conference on Offensive technologies
LIBSVM: A library for support vector machines
ACM Transactions on Intelligent Systems and Technology (TIST)
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Biometric-rich gestures: a novel approach to authentication on multi-touch devices
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Touch me once and i know it's you!: implicit authentication based on touch screen patterns
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Password entry usability and shoulder surfing susceptibility on different smartphone platforms
Proceedings of the 11th International Conference on Mobile and Ubiquitous Multimedia
TIPS: context-aware implicit user identification using touch screen in uncontrolled environments
Proceedings of the 15th Workshop on Mobile Computing Systems and Applications
| Hi-index | 0.00 |
With the rich functionalities and enhanced computing capabilities available on mobile computing devices with touch screens, users not only store sensitive information (such as credit card numbers) but also use privacy sensitive applications (such as online banking) on these devices, which make them hot targets for hackers and thieves. To protect private information, such devices typically lock themselves after a few minutes of inactivity and prompt a password/PIN/pattern screen when reactivated. Passwords/PINs/patterns based schemes are inherently vulnerable to shoulder surfing attacks and smudge attacks. Furthermore, passwords/PINs/patterns are inconvenient for users to enter frequently. In this paper, we propose GEAT, a gesture based user authentication scheme for the secure unlocking of touch screen devices. Unlike existing authentication schemes for touch screen devices, which use what user inputs as the authentication secret, GEAT authenticates users mainly based on how they input, using distinguishing features such as finger velocity, device acceleration, and stroke time. Even if attackers see what gesture a user performs, they cannot reproduce the behavior of the user doing gestures through shoulder surfing or smudge attacks. We implemented GEAT on Samsung Focus running Windows, collected 15009 gesture samples from 50 volunteers, and conducted real-world experiments to evaluate GEAT's performance. Experimental results show that our scheme achieves an average equal error rate of 0.5% with 3 gestures using only 25 training samples.