This paper introduces DialerAuth - a mechanism which leverages the way a smartphone user taps/enters any “text-independent" 10-digit number (replicating the dialing process) and the hand’s micro-movements she makes while doing so. DialerAuth authenticates the user on the basis of timing differences in the entered 10-digit strokes. DialerAuth provides enhanced security by leveraging the transparent and unobservable layer based on another modality - user’s hand micro-movements. Furthermore, Dialerauth increases the usability and acceptability by utilizing the users’ familiarity with the dialing process and the flexibility of choosing any combination of 10-digit number. We implemented DialerAuth for both data collection and proof-of-concept real-time analysis. We collected, in total ≈10500 legitimate samples involving 97 users, through an extensive unsupervised field experiment, to evaluate the effectiveness of DialerAuth. Analysis using one-class Multilayer Perceptron (MLP) shows a TAR of 85.77% in identifying the genuine users. Security analysis involving ≈240 adversarial attempts proved DialerAuth as significantly resilient against random and mimic attacks. A usability study based on System Usability Scale (SUS) reflects a positive feedback on user acceptance (SUS score = 73.29).
Dialerauth: A motion-assisted touch-based smartphone user authentication scheme / Buriro, Attaullah; Gupta, Sandeep; Crispo, Bruno; Del Frari, Filippo. - 2018-:(2018), pp. 267-276. (Intervento presentato al convegno 8th ACM Conference on Data and Application Security and Privacy, CODASPY 2018 tenutosi a Tempe, AZ USA nel 19th - 21st March, 2018) [10.1145/3176258.3176318].
Dialerauth: A motion-assisted touch-based smartphone user authentication scheme
Buriro, Attaullah;Gupta, Sandeep;Crispo, Bruno;Del Frari, Filippo
2018-01-01
Abstract
This paper introduces DialerAuth - a mechanism which leverages the way a smartphone user taps/enters any “text-independent" 10-digit number (replicating the dialing process) and the hand’s micro-movements she makes while doing so. DialerAuth authenticates the user on the basis of timing differences in the entered 10-digit strokes. DialerAuth provides enhanced security by leveraging the transparent and unobservable layer based on another modality - user’s hand micro-movements. Furthermore, Dialerauth increases the usability and acceptability by utilizing the users’ familiarity with the dialing process and the flexibility of choosing any combination of 10-digit number. We implemented DialerAuth for both data collection and proof-of-concept real-time analysis. We collected, in total ≈10500 legitimate samples involving 97 users, through an extensive unsupervised field experiment, to evaluate the effectiveness of DialerAuth. Analysis using one-class Multilayer Perceptron (MLP) shows a TAR of 85.77% in identifying the genuine users. Security analysis involving ≈240 adversarial attempts proved DialerAuth as significantly resilient against random and mimic attacks. A usability study based on System Usability Scale (SUS) reflects a positive feedback on user acceptance (SUS score = 73.29).| File | Dimensione | Formato | |
|---|---|---|---|
|
p267-buriro.pdf
Solo gestori archivio
Tipologia:
Versione editoriale (Publisher’s layout)
Licenza:
Tutti i diritti riservati (All rights reserved)
Dimensione
1.8 MB
Formato
Adobe PDF
|
1.8 MB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione
