Full Program »
Challenge-Response Behavioral Mobile Authentication: A Comparative Study of Graphical Patterns and Cognitive Games
The most researched behavioral biometrics for mobile device authentication involves the use of touch gestures as the user enters a graphical pattern password (like the one used on Android) or otherwise interacts with the device. However, due to inherent static nature of these schemes, they are vulnerable to impersonation attacks. In this paper, we investigate challenge-response mechanisms to address this security vulnerability underlying the traditional static biometric schemes. We study the performance, security, and usability of two schemes of such challenge-response interactive biometric authentication geared for mobile devices and contrast them to static graphical pattern based biometrics. The first scheme is based on random graphical patterns. The second scheme, recently introduced for PC class of devices (not mobile), is based on a simple cognitive game involving semantic interactive random challenges. Our results show that the accuracy of user identification with these approaches is similar to static pattern based biometric scheme. Finally, we argue that utilizing interactivity and randomization significantly enhance the security against impersonation attacks. As an independent result, our work demonstrates that the use of motion sensors available on mobile device serves to improve the identification accuracy of schemes that only use touch-based gestures (static and interactive).