Abstract
Nowadays, user authentication on mobile devices is principally based on a secret (e.g., password, PIN), while recently two-factors authentication methods have been proposed to make more secure such secret-based methods. Two-factors authentication methods typically combine knowledge factors with user’s characteristics or possessions, obtaining high authentication performances. In this paper, we propose a novel two-factors authentication method based on users’ cognitive skills. Cognitive abilities are caught through the users’ performance to small games, which replicated the classical attentional paradigms of cognitive psychology. In particular, we introduced three games that rely on selective attention, attentional switch and Stroop effect. While users were solving a game on their smartphones, we collected cognitive performance (in terms of accuracy and reaction times), touch features (interactions with touch screen), and sensors features (data from accelerometer and gyroscope). Results show that our cognitive-based games can be used as a two-factors authentication mechanism on smartphones. Relying on touch and sensors features as behavior biometrics, we are able to achieve an authentication accuracy of \(97\%\), with a Equal Error Rate of \(1.37\%\).
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
Home page of “You Are How You Play” project:
http://spritz.math.unipd.it/projects/youarehowyouplay/index.html.
References
Alexander DL, Alina H, Frederik B, Christian L, Heinrich H (2012) Touch me once and i know its you! implicit authentication based on touch screen patterns. In: Proceedings of the SIGCHI conference on human factors in computing systems. ACM, pp 987–996
Christien K, Martin SO (2012) Gamifying authentication. In: 2012 Information security for South Africa. IEEE, pp 1–8
Clarke NL, Furnell SM (2007) Authenticating mobile phone users using keystroke analysis. Int J Inf Secur 6(1):1–14
Conti M, Santo ED, Spolaor R (2016) Delta: data extraction and logging tool for android. arXiv:1609.02769
S. developers (2016) scipy documentation
Di Nuovo S (2006) La valutazione dell’attenzione. Dalla ricerca sperimentale ai contesti applicativi, vol 284. FrancoAngeli
Elaine S, Yuan N, Markus J, Richard C (2011) Implicit authentication through learning user behaviour. Springer International Publishing
Emanuel VZ, Anton K, Alexander DL, Heinrich H (2013) Making graphic-based authentication secure against smudge attacks. In: Proceedings of the 2013 international conference on Intelligent user interfaces. ACM, pp 277–286
Emiliano M, Alexander V, Suhrid B, Romit Roy C (2012) Tapprints: your finger taps have fingerprints. In: Proceedings of the 10th international conference on mobile systems, applications, and services. ACM, pp 323–336
Emmanuel O, Jun H, Sauvik D, Adrian P, Joy Z (2012) Accessory: password inference using accelerometers on smartphones. In: Proceedings of the twelfth workshop on mobile computing systems and applications. ACM
Frode Eika S, Xiaoli Z (2012) User identification based on touch dynamics. In: 2012 9th international conference on Ubiquitous intelligence and computing and 9th international conference on autonomic and trusted computing (UIC/ATC)
Frdric B, Jean-Franois B, Corinne F, Guillaume G, Sylvain M (2004) A tutorial on text-independent speaker verification. EURASIP J Appl Signal Proc 430–451:2014
Giovagnoli AR, Del Pesce M, Mascheroni S, Simoncelli M, Laiacona M, Capitani E (1996) Trail making test: normative values from 287 normal adult controls. Ital J Neurol Sci 17(4):305–309
Giuffrida C, Majdanik K, Conti M, Bos H (2014) I sensed it was you: authenticating mobile users with sensor-enhanced keystroke dynamics. Springer International Publishing
Hugo G, Sebastian U, Christopher W (2014) Continuous authentication on mobile devices by analysis of typing motion behavior. In: Proceedings GI SICHERHEIT 2014. CiteSeerX
Kennedy E, Millard C (2016) Data security and multi-factor authentication: analysis of requirements under eu law and in selected eu member states. Comput Law Secur Rev 32:91–110
Liang C, Hao C (2011) Touchlogger: inferring keystrokes on touch screen from smartphone motion. In: Proceedings of the sixth USENIX workshop on hot topics in security. USENIX, p 9
Lingjun L, Xinxin Z, Guoliang X (2013) Unobservable re-authentication for smartphone. In: Proceedings of the 20th network and distributed system security symposium
Lingjun L, Xinxin Z, Guoliang X (2013) Unobservable reauthentication for smartphones. In: NDSS’13. Internet Society
Mario F, Ralf B, Eugene M, Ivan M, Dawn S (2012) Touchanalytics: on the applicability of touchscreen input as a behavioral biometric for continuous authentication. IEEE Trans Inf Forens Secur 8(1):136–148
Matthias T, Frank O (2012) Biometric authentication through a virtual keyboard for smartphones. Int J Comput Sci Inf Technol 4(5)
Michael S, Gradeigh C, Yulong Y, Shridatt S, Arttu M, Janne L, Antti O, Teemu R (2014) User-generated free-form gestures for authentication: security and memorability. In: Proceedings of the 12th annual international conference on mobile systems, applications, and services. ACM, pp 176–189
Michalski RS, Carbonell JG, Mitchell TM (2013) Machine learning: an artificial intelligence approach
Moskovitch R, Feher C, Messerman A, Kirschnick N, Mustafic T, Camtepe A, Lohlein B, Heister U, Moller S, Rokach L et al (2009) Identity theft, computers and behavioral biometrics. In: IEEE international conference on intelligence and security informatics, 2009 ISI’09. IEEE, pp 155–160
Nan Z, Kun B, Hai H, Haining W (2014) You are how you touch: user verification on smartphones via tapping behaviors. In: 2014 IEEE 22nd international conference on network protocols. IEEE, pp 221–232
Jonathon PP, Ross BJ, Bruce AD, Geof G (2011) An introduction to the good, the bad, & the ugly face recognition challenge problem. In: 2011 IEEE international conference on automatic face & gesture recognition and workshops (FG 2011). IEEE, pp 346–353
Pedregosa F, Varoquaux G, Gramfort A, Michel V, Thirion B, Grisel O, Blondel M, Prettenhofer P, Weiss R, Dubourg V, Vanderplas J, Passos A, Cournapeau D, Brucher M, Perrot M, Duchesnay E (2011) Scikit-learn: machine learning in python. J Mach Learn Res 12:2825–2830
Sasse MA, Brostoff S, Weirich D (2001) Transforming the weakest linka human/computer interaction approach to usable and effective security. BT Technol J 19(3):122–131
Saurabh S, Madhavi S (2013) Pattern construction by extracting user specific features in keystroke authentication system. In: 2013 4th international conference on computer and communication technology (ICCCT). IEEE, pp 181–184
Shahzad M, Liu AX, Samuel A (2013) Secure unlocking of mobile touch screen devices by simple gestures: you can see it but you can not do it. In: Proceedings of the 19th annual international conference on mobile computing & networking. ACM, pp 39–50
Sharp H, Rogers Y, Preece J (2007) Interaction design: beyond human-computer interaction
Stanciu V-D, Spolaor R, Conti M, Giuffrida C (2016) On the effectiveness of sensor-enhanced keystroke dynamics against statistical attacks. In: Proceedings of the sixth ACM conference on data and application security and privacy. ACM, pp 105–112
Stroop JR (1935) Studies of interference in serial verbal reactions. J Exp Psychol 18(6):643
Weizhi M, Wenjuan L, Duncan SW, Jianying Z (2016) TMGuard: a touch movement-based security mechanism for screen unlock patterns on smartphones. Springer International Publishing
Zhi X, Kun B, Sencun Z (2012) Taplogger: inferring user inputs on smartphone touchscreens using on-board motion sensors. In: Proceedings of the fifth ACM conference on security and privacy in wireless and mobile networks. ACM, pp 113–124
Acknowledgements
Mauro Conti is supported by a Marie Curie Fellowship funded by the European Commission (agreement PCIG11-GA-2012-321980). This work is also partially supported by the EU TagItSmart! Project (agreement H2020-ICT30-2015-688061), the EU-India REACH Project (agreement ICI+/2014/342-896), “Physical-Layer Security for Wireless Communication”, and “Content Centric Networking: Security and Privacy Issues” funded by the University of Padua. This work is partially supported by the grant n. 2017-166478 (3696) from Cisco University Research Program Fund and Silicon Valley Community Foundation. This work is also partially funded by the project CNR-MOST/Taiwan 2016–17 “Verifiable Data Structure Streaming”.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this paper
Cite this paper
Spolaor, R. et al. (2018). You Are How You Play: Authenticating Mobile Users via Game Playing. In: Baldi, M., Quaglia, E., Tomasin, S. (eds) Proceedings of the 2nd Workshop on Communication Security. WCS 2017. Lecture Notes in Electrical Engineering, vol 447. Springer, Cham. https://doi.org/10.1007/978-3-319-59265-7_6
Download citation
DOI: https://doi.org/10.1007/978-3-319-59265-7_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-59264-0
Online ISBN: 978-3-319-59265-7
eBook Packages: EngineeringEngineering (R0)