SocialAuth: Designing touch behavioral smartphone user authentication based on social networking applications

Weizhi Meng*, Wenjuan Li, Lijun Jiang, Jianying Zhou

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review

Abstract

Modern smartphones expressed an exponential growth and have become a personal assistant in people’s daily lives, i.e., keeping connected with peers. Users are willing to store their personal data even sensitive information on the phones, making these devices an attractive target for cyber-criminals. Due to the limitations of traditional authentication methods like Personal Identification Number (PIN), research has been moved to the design of touch behavioral authentication on smartphones. However, how to design a robust behavioral authentication in a long-term period remains a challenge due to behavioral inconsistency. In this work, we advocate that touch gestures could become more consistent when users interact with specific applications. In this work, we focus on social networking applications and design a touch behavioral authentication scheme called SocialAuth. In the evaluation, we conduct a user study with 50 participants and demonstrate that touch behavioral deviation under our scheme could be significantly decreased and kept relatively stable even after a long-term period, i.e., a single SVM classifier could achieve an average error rate of about 3.1% and 3.7% before and after two weeks, respectively.

Original languageEnglish
Title of host publicationICT Systems Security and Privacy Protection - 34th IFIP TC 11 International Conference, SEC 2019, Proceedings
EditorsGurpreet Dhillon, André Zúquete, Fredrik Karlsson, Karin Hedström
Number of pages14
PublisherSpringer
Publication date1 Jan 2019
Pages180-193
ISBN (Print)9783030223113
DOIs
Publication statusPublished - 1 Jan 2019
Event34th IFIP TC 11 International Conference on Information Security and Privacy Protection, SEC 2019 - Lisbon, Portugal
Duration: 25 Jun 201927 Jun 2019

Conference

Conference34th IFIP TC 11 International Conference on Information Security and Privacy Protection, SEC 2019
CountryPortugal
CityLisbon
Period25/06/201927/06/2019
SeriesIFIP Advances in Information and Communication Technology
Volume562
ISSN1868-4238

Keywords

  • Behavioral user authentication
  • Machine learning
  • Smartphone security
  • Social networking
  • Touch gestures
  • Usable security

Cite this

Meng, W., Li, W., Jiang, L., & Zhou, J. (2019). SocialAuth: Designing touch behavioral smartphone user authentication based on social networking applications. In G. Dhillon, A. Zúquete, F. Karlsson, & K. Hedström (Eds.), ICT Systems Security and Privacy Protection - 34th IFIP TC 11 International Conference, SEC 2019, Proceedings (pp. 180-193). Springer. IFIP Advances in Information and Communication Technology, Vol.. 562 https://doi.org/10.1007/978-3-030-22312-0_13
Meng, Weizhi ; Li, Wenjuan ; Jiang, Lijun ; Zhou, Jianying. / SocialAuth : Designing touch behavioral smartphone user authentication based on social networking applications. ICT Systems Security and Privacy Protection - 34th IFIP TC 11 International Conference, SEC 2019, Proceedings. editor / Gurpreet Dhillon ; André Zúquete ; Fredrik Karlsson ; Karin Hedström. Springer, 2019. pp. 180-193 (IFIP Advances in Information and Communication Technology, Vol. 562).
@inproceedings{703344b0a1594cbd97addd1b77930f33,
title = "SocialAuth: Designing touch behavioral smartphone user authentication based on social networking applications",
abstract = "Modern smartphones expressed an exponential growth and have become a personal assistant in people’s daily lives, i.e., keeping connected with peers. Users are willing to store their personal data even sensitive information on the phones, making these devices an attractive target for cyber-criminals. Due to the limitations of traditional authentication methods like Personal Identification Number (PIN), research has been moved to the design of touch behavioral authentication on smartphones. However, how to design a robust behavioral authentication in a long-term period remains a challenge due to behavioral inconsistency. In this work, we advocate that touch gestures could become more consistent when users interact with specific applications. In this work, we focus on social networking applications and design a touch behavioral authentication scheme called SocialAuth. In the evaluation, we conduct a user study with 50 participants and demonstrate that touch behavioral deviation under our scheme could be significantly decreased and kept relatively stable even after a long-term period, i.e., a single SVM classifier could achieve an average error rate of about 3.1{\%} and 3.7{\%} before and after two weeks, respectively.",
keywords = "Behavioral user authentication, Machine learning, Smartphone security, Social networking, Touch gestures, Usable security",
author = "Weizhi Meng and Wenjuan Li and Lijun Jiang and Jianying Zhou",
year = "2019",
month = "1",
day = "1",
doi = "10.1007/978-3-030-22312-0_13",
language = "English",
isbn = "9783030223113",
series = "IFIP Advances in Information and Communication Technology",
publisher = "Springer",
pages = "180--193",
editor = "Gurpreet Dhillon and Andr{\'e} Z{\'u}quete and Fredrik Karlsson and Karin Hedstr{\"o}m",
booktitle = "ICT Systems Security and Privacy Protection - 34th IFIP TC 11 International Conference, SEC 2019, Proceedings",

}

Meng, W, Li, W, Jiang, L & Zhou, J 2019, SocialAuth: Designing touch behavioral smartphone user authentication based on social networking applications. in G Dhillon, A Zúquete, F Karlsson & K Hedström (eds), ICT Systems Security and Privacy Protection - 34th IFIP TC 11 International Conference, SEC 2019, Proceedings. Springer, IFIP Advances in Information and Communication Technology, vol. 562, pp. 180-193, 34th IFIP TC 11 International Conference on Information Security and Privacy Protection, SEC 2019, Lisbon, Portugal, 25/06/2019. https://doi.org/10.1007/978-3-030-22312-0_13

SocialAuth : Designing touch behavioral smartphone user authentication based on social networking applications. / Meng, Weizhi; Li, Wenjuan; Jiang, Lijun; Zhou, Jianying.

ICT Systems Security and Privacy Protection - 34th IFIP TC 11 International Conference, SEC 2019, Proceedings. ed. / Gurpreet Dhillon; André Zúquete; Fredrik Karlsson; Karin Hedström. Springer, 2019. p. 180-193 (IFIP Advances in Information and Communication Technology, Vol. 562).

Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review

TY - GEN

T1 - SocialAuth

T2 - Designing touch behavioral smartphone user authentication based on social networking applications

AU - Meng, Weizhi

AU - Li, Wenjuan

AU - Jiang, Lijun

AU - Zhou, Jianying

PY - 2019/1/1

Y1 - 2019/1/1

N2 - Modern smartphones expressed an exponential growth and have become a personal assistant in people’s daily lives, i.e., keeping connected with peers. Users are willing to store their personal data even sensitive information on the phones, making these devices an attractive target for cyber-criminals. Due to the limitations of traditional authentication methods like Personal Identification Number (PIN), research has been moved to the design of touch behavioral authentication on smartphones. However, how to design a robust behavioral authentication in a long-term period remains a challenge due to behavioral inconsistency. In this work, we advocate that touch gestures could become more consistent when users interact with specific applications. In this work, we focus on social networking applications and design a touch behavioral authentication scheme called SocialAuth. In the evaluation, we conduct a user study with 50 participants and demonstrate that touch behavioral deviation under our scheme could be significantly decreased and kept relatively stable even after a long-term period, i.e., a single SVM classifier could achieve an average error rate of about 3.1% and 3.7% before and after two weeks, respectively.

AB - Modern smartphones expressed an exponential growth and have become a personal assistant in people’s daily lives, i.e., keeping connected with peers. Users are willing to store their personal data even sensitive information on the phones, making these devices an attractive target for cyber-criminals. Due to the limitations of traditional authentication methods like Personal Identification Number (PIN), research has been moved to the design of touch behavioral authentication on smartphones. However, how to design a robust behavioral authentication in a long-term period remains a challenge due to behavioral inconsistency. In this work, we advocate that touch gestures could become more consistent when users interact with specific applications. In this work, we focus on social networking applications and design a touch behavioral authentication scheme called SocialAuth. In the evaluation, we conduct a user study with 50 participants and demonstrate that touch behavioral deviation under our scheme could be significantly decreased and kept relatively stable even after a long-term period, i.e., a single SVM classifier could achieve an average error rate of about 3.1% and 3.7% before and after two weeks, respectively.

KW - Behavioral user authentication

KW - Machine learning

KW - Smartphone security

KW - Social networking

KW - Touch gestures

KW - Usable security

U2 - 10.1007/978-3-030-22312-0_13

DO - 10.1007/978-3-030-22312-0_13

M3 - Article in proceedings

AN - SCOPUS:85068208647

SN - 9783030223113

T3 - IFIP Advances in Information and Communication Technology

SP - 180

EP - 193

BT - ICT Systems Security and Privacy Protection - 34th IFIP TC 11 International Conference, SEC 2019, Proceedings

A2 - Dhillon, Gurpreet

A2 - Zúquete, André

A2 - Karlsson, Fredrik

A2 - Hedström, Karin

PB - Springer

ER -

Meng W, Li W, Jiang L, Zhou J. SocialAuth: Designing touch behavioral smartphone user authentication based on social networking applications. In Dhillon G, Zúquete A, Karlsson F, Hedström K, editors, ICT Systems Security and Privacy Protection - 34th IFIP TC 11 International Conference, SEC 2019, Proceedings. Springer. 2019. p. 180-193. (IFIP Advances in Information and Communication Technology, Vol. 562). https://doi.org/10.1007/978-3-030-22312-0_13