Touch screen devices have evolved rapidly in recent years as demand and manufacture have skyrocketed. While smartphone capability continues to grow, progress in security has stagnated. This increasing gap between smartphone ability and security poses a significant problem. Physiological biometrics involve the unique physical characteristics of an individual such as their face, fingerprints, or iris. Behavioral biometrics involve how a person interacts with their device such as their typing, swiping, or tapping patterns. Biometrics authentication applies the user’s unique biological or behavioral features to phone security, which is more difficult to replicate by attackers in comparison to knowledge-based authentication.
1. Introduction
Touch screen devices have evolved rapidly in recent years as demand and manufacture have skyrocketed. While smartphone capability continues to grow, progress in security has stagnated. This increasing gap between smartphone ability and security poses a significant problem. Today, smartphone users keep unprecedented amounts of sensitive data on their device, including photos, financial records, and private correspondence. Research into progressing the security of smartphone devices is necessary to protect the sensitive information of smartphone users.
To counter this issue, researchers and manufacturers have invested time and resources into developing and improving different types of smartphone authentication methods. Currently, the most common method of authentication in today’s mobile phones are knowledge-based methods such as a password or a personal identification number (PIN)
[1]. Since this method relies on the user’s own knowledge, it runs the risk of the user choosing an easy to remember password that can easy be stolen or lost
[1]. Due to the insecurity of knowledge-based authentication, researchers have turned to other methods such as physiological and behavioral biometrics. Physiological biometrics involve the unique physical characteristics of an individual such as their face, fingerprints, or iris. Behavioral biometrics involve how a person interacts with their device such as their typing, swiping, or tapping patterns
[2]. Biometrics authentication applies the user’s unique biological or behavioral features to phone security, which is more difficult to replicate by attackers in comparison to knowledge-based authentication
[1]. In recent years, biometrics-based authentication methods have shown promising results when tested with machine learning and deep learning algorithms. Deep learning algorithm-centric methods have gained popularity as of late due to recent tech advances enabling their efficiency, such as an increased availability of deep neural network (DNN) training datasets and increased computational power
[3].
2. Physiological Biometrics
Physiological biometrics are effective since it is difficult to copy or share a unique physical characteristic. They are often performed as a method of static authentication
[1]. One physiological dynamic that will be discussed in this research is facial recognition, where the user is identified by matching captured images to the image stored in the device’s database
[1]. Facial recognition has benefits in authentication since faces are distinctive and usually readily available and unintrusive for capturing
[4]. Nonetheless, facial recognition encounters challenges such as facial changes over time
[4] as well as requiring high quality camera hardware that may not be up to par in all mobile devices
[1]. Another dynamic prevalent in physiological biometric authentication is ocular recognition. The human eye contains many different features that can be used for authentication such as the iris and retina and has benefits due to the unchanging nature of the iris
[4]. Challenges in ocular authentication include the difficulty of capturing the small retina, which requires specific hardware that may not be readily available in some mobile devices
[1]. Fingerprint authentication is another popular physiological dynamic for mobile authentication and is used to secure a device by capturing and comparing fingerprint traits such as arches, loops, and whorls
[1]. Fingerprint authentication is considered one of the most acceptable biometrics today for user authentication
[1]. While fingerprint recognition requires additional sensor hardware, fingerprint sensors are now more common in everyday devices, and are becoming cheaper and more accessible with time
[4]. Overall, physiological dynamics have benefits due to their unique nature to each individual, yet have the drawback of often requiring additional expensive hardware.
Behavioral biometrics have been called to attention for research since they can be captured without needing additional hardware or sensors
[2] and can be used to dynamically authenticate while the device owner interacts with their phone
[1]. Often, behavioral biometric authentication requires less direct user input than static methods. Behavioral biometrics-based models record how the user interacts with their device as data and uses it for authentication
[1]. One dynamic that will be reviewed is touch-based authentication. Touch based authentication uses touchscreen inputs from the device, such as coordinates, pressure, and touch size to correctly identify the phone user. It is often paired with motion-dynamics to record phone micromovements while the device is swiped and tapped. Motion dynamics record data from motion sensors within most smart devices such as the accelerometer, gyroscope, and magnetometer. Motion data can be recorded from how the phone may be moved while in use. Another dynamic that will be discussed is keystroke authentication, which often involves a combination of touch and motion data. Keystroke dynamics use typing data to secure the device. The final behavioral dynamic that will be reviewed is gait dynamics. Gait dynamic-based methods record walking patterns using the phone’s motion sensors. Gait dynamics are difficult to imitate, yet require movement to authenticate and are vulnerable to variation due to the user’s environment
[5]. While behavioral biometrics benefit as a dynamic and hardware-cheap method for authentication, they require events with the chosen trait to authenticate. If the user is not currently performing actions of the chosen trait, the behavioral system cannot secure the device, resulting in impractical time windows to detect intruders
[5].
This entry is adapted from the peer-reviewed paper 10.3390/jcp3020013