Abstract
This paper introduces DIALERAUTH - a mechanism which leverages the way a smartphone user taps/enters any text-independent 10-digit number (replicating the dialing process) and the hand's micro-movements she makes while doing so. DIALERAUTH authenticates the user on the basis of timing differences in the entered 10-digit strokes. DIALERAUTH provides enhanced security by leveraging the transparent and unobservable layer based on another modality - user's hand micro-movements. Furthermore, DIALERAUTH increases the usability and acceptability by utilizing the users' familiarity with the dialing process and the flexibility of choosing any combination of 10-digit number. We implemented DIALERAUTH for both data collection and proof-of-concept real-time analysis. We collected, in total 10500 legitimate samples involving 97 users, through an extensive unsupervised field experiment, to evaluate the effectiveness of DIALERAUTH. Analysis using one-class Multilayer Perceptron (MLP) shows a True Acceptance Rate (TAR) of 85.77% in identifying the genuine users. Security analysis involving 240 adversarial attempts proved DIALERAUTH as significantly resilient against random and mimic attacks. A usability study based on System Usability Scale (SUS) reflects a positive feedback on user acceptance (SUS score = 73.29).
Original language | English |
---|---|
Title of host publication | CODASPY 2018 - Proceedings of the 8th ACM Conference on Data and Application Security and Privacy: proceedings |
Publisher | Association for Computing Machinery |
Pages | 267–276 |
Number of pages | 10 |
DOIs | |
Publication status | Published - Mar 2018 |
Externally published | Yes |