You are How You Touch:User Verification on Smartphones via Tapping Behaviors

Nan Zheng∗, Kun Bai†, Hai Huang† and Haining Wang‡∗College of William and Mary, Williamsburg, VA, USA

†IBM T.J. Watson Research Center, Yorktown Heights, NY, USA‡University of Delaware, Newark, DE, USA

Email: nzheng@cs.wm.edu, {kunbai,haih}@us.ibm.com, hnw@udel.edu

Abstract—Smartphone users have their own unique behavioralpatterns when tapping on the touch screens. These personalpatterns are reflected on the different rhythm, strength, andangle preferences of the applied force. Since smartphones areequipped with various sensors like accelerometer, gyroscope,and touch screen sensors, capturing a user’s tapping behaviorscan be done seamlessly. Exploiting the combination of fourfeatures (acceleration, pressure, size, and time) extracted fromsmartphone sensors, we propose a non-intrusive user verificationmechanism to substantiate whether an authenticating user is thetrue owner of the smartphone or an impostor who happens toknow the passcode. Based on the tapping data collected fromover 80 users, we conduct a series of experiments to validate theefficacy of our proposed system. Our experimental results showthat our verification system achieves high accuracy with averagedequal error rates of down to 3.65%. As our verification systemcan be seamlessly integrated with the existing user authenticationmechanisms on smartphones, its deployment and usage aretransparent to users and do not require any extra hardwaresupport.

I. INTRODUCTION

Smartphones have become ubiquitous computing platformsallowing users anytime access to the Internet and many onlineservices. On one hand, as a personal device, a smartphonecontains important private information, such as text messages,always-logged-in emails, and contact list. On the other hand,as a portable device, a smartphone is much easier to get lostor stolen than conventional computing platforms. Therefore,to prevent the private information stored in smartphones fromfalling into the hands of adversaries, user authentication mech-anisms have been integrated into mobile OSes like Androidand iOS.

Due to having a much smaller screen and keyboard ona smartphone than the traditional user input/output devices,PIN-based and pattern-based passcode systems have beenwidely used in smartphones for user authentication. However,many people tend to choose weak passcodes for ease ofmemorization. A recent survey on iPhone 4-digit passcodereveals that the ten most popular passcodes represent 15%of all 204,508 passcodes and the top three are 1234, 0000,and 2580 [1]. Moreover, recent studies show that an attackercan detect the location of screen taps on smartphones basedon accelerometer and gyroscope readings and then derive theletters or numbers on the screen [2], [3], [4], [5]. An attacker

could even exploit the oily residues left on the screen of asmartphone to derive the passcode [6]. Therefore, it is highlydesirable to enhance the smartphone’s user authentication witha non-intrusive user verification mechanism, which is user-transparent and is able to further verify if the successfullylogged-in user is the true owner of a smartphone.

In this paper, we explore the feasibility of utilizing usertapping behaviors for user verification in a passcode-enabledsmartphone. The rationale behind our work is that individualhuman users have their own unique behavioral patterns whiletapping on the touch screen of a smartphone. In other words,you are how you tap on the screen, just like you are how youwalk on the street. The rich variety of sensors equipped witha smartphone including accelerometer, gyroscope, and touchscreen sensors, make it possible to accurately characterize anindividual user’s tapping behaviors in a fine-grained fashion.With over 80 smartphone users participated in our study, wequantify the user tapping behaviors in four different aspects:acceleration, pressure, size, and time. Based on the behavioralmetrics extracted from these four features, we apply the one-class learning technique for building an accurate classifier,which is the core of our user verification system.

We evaluate the effectiveness of our system through aseries of experiments using the empirical data of both 4-digitand 8-digit PINs. In terms of accuracy, our approach is ableto classify the legitimate user and impostors with averagedequal error rates of down to 3.65%. Overall, our verificationsystem can significantly enhance the security of a smartphoneby accurately identifying impostors. Especially for practicaluse, our tapping-behavior-based approach is user-transparentand the usability of traditional passcodes on a smartphoneremains intact. As our approach is non-intrusive and doesnot need additional hardware support from smartphones, itcan be seamlessly integrated with the existing passcode-basedauthentication systems.

Unlike previous works [7], [8], [9] on touch-based user re-authentication for smartphones, we choose one-class classifierover two-class classifier. This is because two-class classifierrequires input data from impostors or non-target users atthe training phase, which is unrealistic and raises privacyconcerns. In contrast, one-class classifier conducts its trainingpurely based on the target user’s data, and thus is a much moreviable solution than the two-class approach./978-1-4799-6204-4/14$31.00 c©2014 IEEE

The remainder of the paper is structured as follows. Sec-tion II reviews the background of this work. Section IIIdescribes our data collection and measurement, including ourchoice of metrics. Section IV details the proposed classifier foruser verification. Section V presents our experimental designand results. Section VI discusses additional issues which arisefrom the details of our approach. Section VII surveys relatedwork, and finally Section VIII concludes.

II. BACKGROUND

The tapping behaviors of individual users on touchscreenvary from person to person due to differences in hand ge-ometry and finger agility. Each user has a unique personaltapping pattern, reflected on the different rhythm, strength,and angle preferences of the applied force. As our tapping-behavior-based approach verifies the owner of a smartphonebased on “who you are” – your physical and behavioral traits,instead of “what you know”, it belongs to biometrics-baseduser authentication. In general, a biometrics authenticationsystem authenticates users either by their physiological traitslike faces, voices and pulse-response signals [10], [11], [12]or behavioral patterns like finger typing and hand move-ments [13], [14].

While physiological traits can achieve high accuracy in theprocess of user authentication, they have not been widely usedin mobile devices. Recent studies have also shown that thephysiology-based mechanisms deployed in mobile devices aresensitive to certain environmental factors, which could signif-icantly diminish their accuracy and reliability. For example,face recognition may fail due to a different viewing angle andpoor illumination [15], and voice recognition degrades dueto background noise [10]. However, given the same mobiledevice, behavioral biometrics tend to be less sensitive to thesurrounding environmental factors like darkness or noise.

Exploiting the behavioral information captured by multiplesensors on a smartphone, we can exclusively create a detaileduser profile for verifying the owner of the smartphone. Sinceour approach works seamlessly with the existing passcode-based user authentication mechanisms in mobile devices, itplays a role of implicit authentication. In other words, ourapproach can act as a second factor authentication method andsupplement the passcode systems for stronger authenticationin a cost-effective and user-transparent manner. More recently,seminal works have been proposed to explore the feasibility ofuser authentication employing the behaviors of pattern-basedpasswords [16]. However, the false reject rate (FRR) of theirwork is rather high, which means there is a high chance thatthe owner of a mobile device would be mistakenly regardedas an impostor and be blocked from accessing the device.

The newly launched iPhone 5S uses fingerprint recognitionas an optional unlock method [17]. However, on one hand, itis possibly bypassable through a carefully printed fingerprintimage [18]. On the other hand, the fingerprint on currentiPhone must associate with a regular password. More specif-ically, an attacker with knowledge of the password can still

(a) ApplicationLayout

(b) Two-Hand Typing

Fig. 1. Screen layout of our data collection application, and the two-handtyping action.

enter the system after getting rejected five times by fingerprintrecognition.

III. MEASUREMENT AND CHARACTERIZATION

For data collection, we invite graduate and undergraduatestudents in our institution to participate in this study. Theexperiment has been filed and approved by the InstitutionalReview Board (IRB) to ensure participants are treated ethi-cally. The consent form can be found in the appendix. Werespect user privacy and conform to ethical standards, inspecific to make sure: (1) no data are being collected regardingpersonal credentials, e.g., we do not ask for participants’personal credentials; (2) the informed consent form indicatesthat participation will take no more than 5 minutes. We will askeach participant to be eligible for our study if he/she plans toperform tasks on a smartphone for at least 5 minutes; (3) onlyraw events from smartphone sensors will be collected, and nouser identities or any other user-related information will berecorded. The trace data are further anonymized if necessary.The collected data will be used for academic research only;(4) participants are invited to take part in this tapping behaviorstudy. The consent form informs them why this research studyis being conducted, what will happen in the research study,and possible risks and benefits to them. If there is anythingparticipants do not understand, they are welcomed to askquestions. Then they can decide if they want to participateor continue this study or not.

Over 80 participants are involved in our data collection. Fivedifferent PINs are tested, in which three of them are 4-digit,and two are 8-digit. Here we choose PINs 3-2-4-4, 1-2-5-9-7-3-8-4, and 1-2-5-9-8-4-1-6 to represent these normal cases, butPINs 1-1-1-1 and 5-5-5-5 to represent the two extreme cases,one at the corner and the other at the center, respectively. Eachparticipant is asked to enter an error-free PIN for at least 25times and we collect a total of 11,062 error-free actions. Theuser’s timing and motion data are recorded during the process.In this paper, we refer to an action (or user input action) as theprocess of tapping one PIN, instead of individual digits. Thedetailed information of the collected data is listed in Table I.

The timing information is in resolution of milliseconds.Occasionally, some participants fail to make a smooth tappingintentionally or unintentionally. Therefore, we employ a simpleoutlier removal process to all the collected raw data. An outlier

TABLE ICOLLECTED DATA

PIN Users Actions Average Actions Per User Filtered-Out3-2-4-4 53 1,751 33 0.80%1-1-1-1 41 2,577 63 2.64%5-5-5-5 42 2,756 66 3.70%

1-2-5-9-7-3-8-4 27 1,939 72 7.37%1-2-5-9-8-4-1-6 25 2,039 82 4.76%

tapping action is often signaled by a markedly longer-than-usual time interval, especially for a user who is very familiarwith its own PIN. In our data set, a smooth PIN tapping actiontakes at most 600 milliseconds between subsequent keys forall participants. As a result, an inter-key time of greater thanone second always signals such an outlier behavior. By thisstandard, a small amount of raw data is filtered out, as listedin the right-most column of Table I.

All the data are collected on a Samsung Galaxy Nexus.Its fastest sampling rate on motion sensor readings is about100Hz. Figure 1(a) shows the layout of our Android ap-plication for the data collection. In the experiments, all theparticipants are asked to hold the phone with their left hands,and tap with their right hand index fingers, as shown inFigure 1(b).

We make use of the Android APIs to detect the touchevent, including both key-press and key-release. Between eachkey-press and key-release, we record raw data of times-tamps, acceleration, angular acceleration, touched-size, andpressure. Acceleration and angular acceleration are from APISensorEvent, while touched-size and pressure are fromAPI MotionEvent.

A. Feature Extraction

Based on the raw data, we compute four sets of featuresfor each PIN typing action: acceleration, pressure, size, andtime. We describe each of them in the following:

• Acceleration: For each digit d in a PIN action, wecalculate the five acceleration values:

– Ad,1: the magnitude of acceleration when the digitd is pressed down;

– Ad,2: the magnitude of acceleration when the digitd is released;

– Ad,3: the maximum value of magnitude of accelera-tion during digit d key-press to key-release;

– Ad,4: the minimum value of magnitude of accelera-tion during digit d key-press to key-release;

– Ad,5: the average value of magnitude of accelerationduring digit d key-press to key-release.

All above values are the magnitude of acceleration‖~a‖ =

√a2x + a2y + a2z . We choose not to use individual

components, because the phone coordinate system is

TABLE IIFEATURES OF TOUCHSCREEN TAPPING BEHAVIORS

# of Dimensions

Feature Set Description 4-digit 8-digit

Acceleration At TouchDown 8 16(linear & At TouchUp 8 16angular) Min in key-hold 8 16

Max in key-hold 8 16Mean in key-hold 8 16

Pressure At TouchDown 4 8At TouchUp 4 8

Touched Size At TouchDown 4 8At TouchUp 4 8

Time Key hold time 4 8Inter-key time 3 7

Total All features 63 127

sensitive to location change. A similar procedure is ap-plied to calculate the features from angular accelerations.Combining both acceleration- and angular-acceleration-related features, there are total of 40 in a 4-digit PINaction and 80 in an 8-digit PIN action.

• Pressure: We obtain the pressure readings through An-droid API MotionEvent.getpressure(). The re-turned pressure measurements are of an abstract unit,ranging from 0 (no pressure at all) to 1 (normal pressure),however the values higher than 1 could occur dependingon the calibration of the input device (according toAndroid API documents). In the feature set, we includepressure readings at both key-press and key-release.There are 8 pressure-related features for a 4-digit PIN,and 16 for an 8-digit PIN.

• Size: Similar to pressure readings, another Android APIcall MotionEvent.getsize() measures the touchedsize, associated with each touch event. According toAndroid document, it returns a scaled value of the ap-proximate size for the given pointer index. This representsthe approximation of the screen area being pressed. Theactual value in pixels corresponding to the touch isnormalized with the device’s specific range and is scaledto a value between 0 and 1. For each key-press and key-release, we record the size readings and include in the

X1!

X2!Target User!

Impostors!Boundary!

Fig. 2. An illustration of two-feature space of a target user and many others.X1 and X2 are the two features. The dashed lines define the boundary ofthe target user’s behavior. Because the target user’s behavior is limited to aconcentrated area, the boundary blocks the majority of potential impostors.

feature set. A 4-digit PIN contains 8 size-related features,and an 8-digit PIN contains 16.

• Time: key-hold times and inter-key time intervals be-tween two nearby keys. They are measured from theTouchEvent timestamps, of both TouchUps andTouchDowns. Overall, a 4-digit PIN action contains 7time-related features, while 8-digit PIN contains 15.

For a 4-digit PIN, each action results in a total of 63features; for an 8-digit PIN, the number of features for oneaction is 127. Table II summarizes the description of the abovefour feature sets.

B. Touchscreen Tapping Characterization

Our underlying assumption is that a user’s feature dis-tribution should be clustered within a reliably small rangecompared with many others. As a result, those metrics canbe exploited to block the majority of impostors, as illustratedin Figure 2.

1) Uniqueness of User Pattern: As described above, wedefine four sets of features in order to characterize a user’stapping behaviors on smartphones: acceleration (both linearand angular), pressure, size, and time. All these features canbe easily obtained from a smartphone’s on-board sensors, andcan accurately characterize a user’s unique tapping behaviors.Based on the feature data, we observe that each user demon-strates consistent and unique tapping behaviors, which can beutilized for differentiating itself from other users.

Figure 4 shows the timestamps of entering the same PIN3-2-4-4 from three different users, including the moments ofeach key-press and key-release. Each individual’s timing pat-terns clearly differ, but are very consistent within themselves.This is similar to the observations on a regular computerkeyboard [19].

In addition to timing information, motion data such as pres-sure, touched size, and acceleration also reveal user-specificpatterns. Generally speaking, acceleration is proportional tothe tapping force applied to the touchscreen, while angular

0

10

20

0

10

20

0

10

20

0 500 1000 1500 2000

Re

pe

titio

n I

nd

ex

Time [ms]

User #1

User #2

User #3

3 2 4 4

3 2 4 4

3 2 4 4

Fig. 4. Timing of tapping on the smartphone from three different users,shown in three vertical panels. Each user typed 20 times of the number string“3244”. The solid dots represent key-press time, and the open dots are key-release time. Different colors represent the timestamps of different digits.

acceleration represents the moment of force. Touched size isrelated to both user finger size and tapping force. Figure 3shows the tapping pressure from three different users. Wecan see that three different users’ tapping pressure formdistinguishable individual patterns, with Subject #1 taps thehardest, Subject #2 taps much more gently, and Subject #3 isgentlest. Meanwhile, the level of tapping pressure is relativelyconsistent within one subject.

2) Dissimilarity Measures: We represent each user actionas n-dimensional feature vectors, where n is the number offeature dimensions. Using the dissimilarity score between twofeature vectors, we further verify if our extracted features ofa user remain relatively stable over multiple repetitions, incomparison with those of the other participants.

As the first step, we compute a target user’s template as anaverage feature vector over its N PIN tapping actions, whereN = 150 in our case. At the same time, each feature’s standarddeviation is computed based on these N actions.

In our approach, given a new biometric data sample, weevaluate its dissimilarity score from the target user’s templateas follows. Suppose the new data sample’s feature vector isX = {X1, X2, ..., Xi, ..., Xn}, where Xi represents the ithfeature dimension; and the target user’s template is representedsimilarly as T = {T 1, T 2, ..., Tn}. The dissimilarity scoreis the accumulated deviation from the two vectors over allnormalized features:

D(X,T) =∑i

∥∥∥∥Xi − T i

σi

∥∥∥∥ , (1)

where σi denotes the standard deviation of the ith featureover the N trials in obtaining the target user’s template. Bydividing σi, we give higher weights to those features thathave smaller variation within the target user, because theymore reliably reflect the target user’s specific pattern. Thisis a standard procedure mostly seen in outlier removal (alsoknown as standard score or z-score in statistics [20]).

Figures 5, 6, and 7 show the distributions of dissimilarityscores, calculated from a target user’s template entering three

1

4

7

2

5

8

3

6

9

Fig. 3. Users’ tapping pressure on smartphone touchscreen, while entering an 8-digit PIN 1-2-5-9-7-3-8-4. Each figure shows pressure readings on a 3×3smartphone number pad. Darker color indicates a larger tapping pressure. Note that number “6” has no pressure because it is not in the PIN. Figures in thesame row are from a same user while typing the PIN for three times.

different PINs, respectively, to both the target user itself andthe rest of other users. It is clear that in all three PINs,the dissimilarity scores to the target user itself is highlyconcentrated on the lower end, indicating a high similarityto its own behavioral template. Meanwhile, the dissimilarityscores of other users are dispersed and located on the higherend. For the 4-digit PIN 3-2-4-4 (Figure 5), there is a smalloverlap of the target user itself with others. It implies that onlyfew members among the other 52 users behave similarly to thetarget user, and may be misclassified. For the two 8-digit PINs(Figures 6 and 7), the target user’s and others’ distributioncurves are completely separated with a clear gap in between.Likely this is because an 8-digit PIN action contains morecognitive information that is user-specific than a 4-digit PINaction.

IV. CLASSIFICATION

The system architecture of our approach consists of a featuremodule, a classifier module, and a decision maker module asshown in Figure 8. Firstly, raw data are recorded during user’stapping actions. Then, four sets of features are calculated andfed into the classifier, which derives a decision score featuringits similarity to the target user’s template. The decision scoreis used by the decision maker to make a final decision, withrespect to a predefined threshold value. The final decision isto label whether an user tapping action is originated from the

0

0.05

0.1

0.15

0.2

0.25

0.3

1 2 3 4 5 6

Pro

babi

lity

Dissimilarity Score

Target userOther 52 users

Fig. 5. Distribution of dissimilarity score of typing 3-2-4-4 from a targetuser’s template, to both the target user itself and other 52 users.

target user or an impostor.User behavioral pattern can be derived from either one-

class or two-class learning. In one-class learning, only thetarget user’s data is needed in training phase; but the learnedmodel can be applied to classify both the target user oran unknown impostor. Additionally, if other users’ data areavailable, together with the target user’s own data, we canconduct a two-class learning. One-class learning is straight-forward and more practical because it does not involve otherusers’ data, but with slightly lower authentication accuracy.

0

0.05

0.1

0.15

0.2

0.25

0.3

1 2 3 4 5 6

Pro

babi

lity

Dissimilarity Score

Target userOther 26 users

Fig. 6. Distribution of dissimilarity score of typing the 8-digit PIN 1-2-5-9-7-3-8-4 from a target user’s template, to both the target user itself and otherusers.

For a two-class classifier, device manufacturers could pre-loadsome anonymized user data into smartphones before shippingthem to their customers. With the pre-load anonymized userdata, two-class classification is also feasible to perform inpractice and can achieve higher authentication accuracy. Dueto page limit, here we only present one-class learning and itsevaluation results in Section V.

Our one-class learning process consists of the enrollmentand testing phases. In the enrollment of a target user I , takingits N input actions, we calculate the standard deviations ofevery feature as σj for the jth feature. In the testing phase,given an unknown sample as n-dimensional feature vectorXQ, its distance from each of the N feature vectors in theenrollment phase is calculated as:

d(XQ, Xi) =

n∑j=1

‖XQ,j −Xi,j‖σj

, i = 1, ..., N, (2)

where XQ,j is the jth feature of feature vector XQ, and Xi,j

is the jth feature of the ith feature vector in the enrollmentphase. Following this, the distance of XQ’s nearest neighbordmin(XQ, I) will be chosen as the dissimilarity measurementto the target user’s template. The underlying assumption isthat if XQ belongs to the target user, it should have a shortdistance to its nearest neighbor in the target user’s data. Andif dmin(XQ, I) is below a pre-defined threshold value, it islabeled as from the target user; otherwise, it is labeled as fromimpostors. Implementation wise, setting a large threshold valuemeans a higher probability of recognizing the target user, butallowing more impostors to slip through. A small thresholdvalue strictly blocks out impostors, but may falsely reject thetarget user.

In short, our classification approach is based on a simplenotion of nearest neighbor distance to the training data. Alarger distance indicates higher likelihood of being an impos-tor. Furthermore, each feature dimension is normalized by itsstandard deviation in the training data, so that features withlarge variation are given small weights.

0

0.05

0.1

0.15

0.2

0.25

0.3

1 2 3 4 5 6

Pro

babi

lity

Dissimilarity Score

Target userOther 24 users

Fig. 7. Distribution of dissimilarity score of typing another 8-digit PIN 1-2-5-9-8-4-1-6 from a target user’s template, to both the target user itself andother users.

V. EXPERIMENTAL EVALUATION

Generally, the accuracy of a biometrics-based authenticationis evaluated by the following error rates:

• False Reject Rate (FRR) — the probability that a user iswrongly identified as an impostor;

• False Accept Rate (FAR) — the probability that animpostor is incorrectly identified as a legitimate user.

The point at which both FAR and FFR are equal is denoted asthe Equal Error Rate (EER). The value of EER can be obtainedby tuning a certain threshold until FAR and FAR are equal.

A formal description of a biometric-based authenticationsystem is summarized as [21]: given an unknown sample tobe verified towards a target user I , its feature vector XQ iscompared with the target user’s template XI . A dissimilarityscore D(XQ, XI) is calculated, where D is a function thatevaluates the dissimilarity between two feature vectors. Thedissimilarity function D varies with different methods ofclassification. Finally, a threshold value t is set to determineif XQ is from the target user or an impostor:

(I,XQ) ∈

{target user, if D(XQ, XI) ≤ timpostor, otherwise

Tuning the threshold would give the classifier a preferencetowards either the target user or the impostors, thus reducingone error rate while increasing the other. Because our approachacts as a second factor authentication, which supplements thepasscode-based mechanisms for higher assurance authentica-tion in a cost-effective fashion, we focus more on being user-transparent and user-friendly while enhancing the security ofPIN-based authentication.

In the following, we present the evaluation results of theone-class based verification system, along with the effect ofthreshold and number of actions in training, the comparisonwith different combination of PINs, and the associated systemoverhead.

A. Verification Accuracy

There are two parameters that affect the accuracy in one-class learning: the number of actions in training, and the

User Input Time

Acceleration

Pressure

Size

Features

Classifier Decision Maker

Decision Score Target User? Impostor?

Fig. 8. System Architecture

TABLE IIIUSER VERIFICATION ACCURACY

PIN Equal Error Rate (EER)a

3-2-4-4 3.65% (3.58%)1-1-1-1 6.96% (6.01%)5-5-5-5 7.34% (5.38%)

1-2-5-9-7-3-8-4 4.55% (6.23%)1-2-5-9-8-4-1-6 4.45% (4.15%)a with standard deviation in parenthesis

3

4

5

6

7

8

9

10

11

12

10 20 30 40 50 60 70 80

EE

R [

%]

Number of User Actions in Training

3-2-4-41-1-1-15-5-5-5

1-2-5-9-7-3-8-41-2-5-9-8-4-1-6

Fig. 9. Variation of average EER with number of user actions in one-classtraining for five PIN combinations.

threshold.By increasing the number of actions in training, user be-

havioral patterns become more precise since more actionsyield a higher statistical significance. Figure 9 shows that theaveraged equal error rate (EER) decreases as more user actionsare included in training. All five PIN combinations presentsimilarly shaped curves, while the results of 1-1-1-1 and 5-5-5-5 are less accurate than those of 3-2-4-4 and the two 8-digitPINs. From lower accuracy of 1-1-1-1 and 5-5-5-5, it seemsthat a PIN number with higher repetition of digits reduces thedifference in individual users’ tapping behaviors, leading to aless accurate verification result. Moreover, for all five PINs,the accuracy remains on a similar level after 20 user actions.This implies, as more user actions are added in training, thereis a diminishing gain in accuracy. For example, increasing useractions from 20 to 40 requires twice the time waiting for userinput, but only limited accuracy increase is seen.

Table III further lists the exact values of averaged EER, withits standard deviation in parenthesis. In computing EERs, thereare 85 user actions included in the training process. As shownin Figure 11, in all three PIN combinations, there is a trade-offbetween FRR and FAR.

As mentioned earlier, four sets of features are included:acceleration, pressure, size, and time. To measure how thefour sets of features contribute to the final accuracy, we makefour additional rounds of classification, solely based on eachfeature set. Figure 10 shows the accuracy results for the fourindividual feature sets, as well as those of combining them alltogether.

It can be seen from Figure 10 that, the combination ofall four feature sets always outperforms individual featureset, as it is always with the smallest EER in all differentscenarios. This is because the four feature sets capture thedifferent aspects of user tapping behaviors, and having themall together should most precisely represent who the targetuser is. Meanwhile, among the four individual feature sets,acceleration, pressure, and time perform similarly well andachieve more accurate results than size.

B. System Overhead

In our implementation, the verification system is entirelybuilt on a smartphone. As a stand-alone system, there isonly a single user present for verification at any given time.There is no communication overhead associated with our userverification.

We first estimate the memory overhead of the verificationprocess. The verification process is profiled using the AndroidSDK tool DDMS, and we find out that it only consumes11.195 MBytes of heap memory during a one-class testingprocess and this memory consumption is a one-time cost.The computational overhead is the sum of CPU costs in rawdata processing (calculating features) and detecting (includingclassifying and decision making). The pre-processing on oneuser input action of a 4-digit PIN takes only 0.022 seconds.The detecting process takes another 0.474 seconds, wherethe major part lies in finding the nearest neighbor from all85 reference feature vectors. The CPU cost is measured ona Samsung Galaxy Nexus, using two Date.getTime()utility call at the beginning and end of the running time.Overall, the induced computational overhead is minor on thesmartphone. In terms of disk space for storing user template,

0

5

10

15

20

25

30

1-1-1-1

5-5-5-5

3-2-4-4

1-2-5-9-7-3-8-4

1-2-5-9-8-4-1-6

Equal E

rror

Rate

[%

]

PIN Number

SizeTime

AccelerationPressure

All-Together

Fig. 10. Comparison of performance from each feature set in one-class learning, as well as when they are combined together.

the signature of a single user profile generated by the trainingprocess consumes only 150.67KBytes. It is very affordable onan entry-level smartphone, let alone high-end models.

VI. ADDITIONAL ISSUES IN REALITY

In this section, we will discuss four additional issues in real-ity: multiple positions, mimic attacks, user behavior changes,and passcode changes. They all stem from the complexityof human behaviors and environmental factors in smartphoneusage, and in turn affect our user verification performance invarious ways. However, there exist viable solutions to dealwith each of the issues.

A. Multiple Positions

So far we only measure the user tapping behaviors in agiven position. However, it is quite possible that a user typesin a passcode under different positions (e.g., single handedusing the thumb). To handle different input positions, we canmeasure and store multiple behavioral patterns for differentpositions during the training period. The rich sensors equippedwith smartphones allow us to easily detect the physical po-sition of the device and choose the appropriate behavioralpattern for verification. For example, accelerometer readingsstraightforwardly signal if a user is in a moving or non-movingstatus. And gyroscope readings can even infer the user’s handposition (one-handed vs. two-handed) when tapping on thesmartphone, as shown in a recent study [22].

To explore on multiple tapping positions, we further conducttwo more sets of empirical measurements. First, we collectdata with only one-handed tapping, which is in parallel withthe two-handed case in Section V. In one-handed tapping, thephone is held in one hand, and tapped with the thumb fingerof the same hand. Due to the use of a different finger, the one-handed tapping behavior is different from that of two-handed.However, with the one-handed data set as the training data,we perform the same evaluation process as in Section V andachieve an average EER of 3.37% over all PINs in the on-handed case, indicating the effectiveness of our approach justlike in two-handed tapping.

In addition to different hand positions, there are also variousbody positions a user would switch from time to time. Whiletapping a passcode, a user can be sitting, standing, lying on a

sofa/bed, or even walking. It is desirable to see how differentbody positions affect a user’s tapping behavior. To answer thisquestion, we carry out an additional experiment with ten users,who tap in PINs with four body positions: sitting, standing,lying and walking. Every user is asked to type in a given PINnumber 20 times under each body position.

In order to better characterize the tapping behaviors undermultiple positions, we have made two slight adaptions in thedata analysis. First, acceleration features are disabled, dueto their over-sensitivity especially in the walking scenario.Second, timing features are normalized with the total timeof entering a PIN. As a result, behavioral models of a givenuser are more consistent among multiple positions but stilldistinguishable from those of other users. Using the trainedmodel with one-handed tapping while sitting as the baseline,Figure 12 shows the average dissimilarity scores to fourdifferent body positions: sitting, standing, lying and walking,as well as the average dissimilarity score to all the othernine users while sitting with respect to each target user. Notethat in Figure 12 the dissimilarity scores under the sametapping position in training (which is “sitting” in our case)are not zero. This is because those biometric features cannotbe repeated exactly by human users every time. Therefore,the dissimilarity associated with “sitting” (shown as red dashlines in the figure) indicates the intrinsic noise level in tappingbehavior while sitting. From Figure 12, we can see that theaverage dissimilarities in different body positions are onlyslightly higher than the baseline, while still having a cleargap from those of the other users.

To summarize, our approach will work well for differentinput positions: sitting or walking, single-handed or two-handed. The challenge is merely to increase the training periodand cover different input positions with more feature sets,which will impose a larger memory and CPU overhead inuser verification. However, we could further reduce the systemoverhead by optimizing the classifier implementation fromdifferent aspects of mobile devices. Note that the current one-class classifier has not been optimized. We will further explorethis direction in our future work.

0

0.2

0.4

0.6

0.8

1

0.5 1 1.5 2 2.5

Err

or

Ra

te

Threshold

FRR (3-2-4-4)

FAR (3-2-4-4)

FRR (1-2-5-9-7-3-8-4)

FAR (1-2-5-9-7-3-8-4)

FRR (1-2-5-9-8-4-1-6)

FAR (1-2-5-9-8-4-1-6)

Fig. 11. Variation of FRR and FAR with the value of threshold for 3-2-4-4and the two 8-digit PINs for one target user.

B. Mimic Attacks

Theoretically, our behavior-based verification system canbe bypassed if an impostor can precisely mimic the tappingbehaviors of the device’s owner. However, this is extremelydifficult if not impossible in practice. Intuitively, even if theimpostor has overseen how the device’s owner previouslyentered the passcode, it might be able to mimic the timingaspect. But the other features, such as pressure, acceleration,and size, are much more difficult to observe and reproduce.

Figures 13 plots the dissimilarity scores from the targetuser’s model to the two impostors before and after their mimictrials. The subfigures from left to right correspond to allfeatures considered and four individual feature sets (accel-eration, pressure, touched size, and time). Our experimentalresults clearly show that there is no significant improvementin mimicking given the behavior observation. Taking all fourfeatures into account, it is evident that a mimic attack is veryhard to succeed. For each individual feature (acceleration,pressure, size, and time) shown in Figure 13, we can see thatonly the dissimilarity scores of acceleration are consistentlyreduced (i.e., its score range shifts towards that of the targetuser after observation). However, for the other three features(including pressure, size, and time), out of the 10 mimicattempts, just one or two trials may be slightly closer tothe target’s model, but their score ranges spread even wider.Thus, the behavior mimicking does not increase the chance ofevasion with respect to these three features.

• There are multiple dimensions in the features we used andmost of them are independent from each other. Althoughan impostor may mimic one dimension without muchdifficulty, mimicking multiple dimensions simultaneouslyis extremely difficult as small physical movements liketapping are hard to observe and precisely reproduce. Forexample, acceleration directly relates to tapping force(F = m · a), so if the impostor intentionally managesto tap in a gentler or harder fashion, its behavior canget closer to that of the target user. However, pressure isharder to mimic because it equals to tapping force divided

0.5

1

1.5

2

2.5

3

3244 1111 5555 8-digit-1 8-digit-2

Ave

rag

e D

issim

ilarity

Sco

re

PIN #

Trained from Tapping while Sitting (Averaged over 10 Users)

Sitting

Standing

Lying

Walking

Others-Sitting

Fig. 12. Comparison of multiple tapping positions for each PIN number,based on 10 users’ data. Red dashed lines indicate the baseline dissimilarityscores in the training position.

by touched area. These two independent factors must beadjusted at the same time, which is more challenging.Timing (or tapping rhythm) is also hard to mimic, becausetiming contains multiple dimensions in our approach:7 in a 4-digit PIN, and 15 in a 8-digit PIN. Thoseindividual time intervals (especially key-to-key intervals)are relatively independent. An impostor may mimic thetarget user with a roughly fast or slow rhythm, but it ishard to reproduce the specific key-to-key dynamics.

• The fine-grained measurement resolution makes our fea-tures hard to mimic. For example, in our experiment,timing is measured in order of millisecond. This timeresolution is much higher than human perception, andhence it is very hard for an impostor to accurately andconsistently mimic tapping rhythm at such a low-levelresolution.

• The physiological differences from the target user set upanother barrier for mimic impostors. In our feature set,the touched size is heavily affected by the finger size,and the tapping rhythms also depend on hand agilityand geometric shape. In general, it is very difficult for aperson with bigger hand/fingers to mimic someone withsmaller hand/fingers, and vice versa.

As more sensors have been available on mobile devices,more features will be included for more accurate user verifi-cation, and hence mimic attacks will just become less likelyto succeed.

C. User Behavior Changes

This work builds on the assumption that a user’s behavior isconsistent and no abrupt change happens over a short periodof time, but the assumption might not always be true, e.g.,due to a physical injury. In such scenarios, the behavioral-based verification mechanism should stay minimally intrusiveto the user. One feasible solution is to contact with the serviceproviders to disable the verification function remotely andstart the re-training. The purpose of our user verification isto provide additional security in common day-to-day usage

while still allowing the user to disable it in rare cases. As wehave shown previously, the sensitivity to false positives andnegatives are controlled by various threshold values. Whetheror not exposing the sensitivity control, e.g., setting it to Low,Medium, and High, can improve user experience is debatable.On one hand, it allows users to make a conscience choiceto trade off between security and convenience. On the otherhand, it is no longer user-transparent.

D. Passcode Changes

In our approach, only the tapping features of the currentlyactive passcode are measured and recorded in a user’s smart-phone. One might ask what happens when the user needto change its passcode? Although people do not frequentlychange their passcodes, updating passcode in a quarterly oryearly basis is recommended or required by most passcode-based systems. When this happens, our verification systemcould automatically remain inactive for a while and startanother training session to build a new set of tapping featuresbased on the newly created passcode. The characterizationof tapping features are conducted in background till a stablepattern has been successfully compiled after multiple trials.Note that the methodology of our scheme is not bounded tocertain passcodes. In other words, our approach can be appliedto any passcode a user chosen in practice.

VII. RELATED WORKS

This section reviews related works from three differentaspects: keystroke dynamics and graphical passwords, in-ferring tapped information from on-board motion sensors,and user (re-)authentication by their finger movements ontouch screens, approximately in chronological order and withincreasing closeness to our work.

A. Keystroke Dynamics

Keystroke dynamics, as one of the behavioral biometrics,has been extensively studied in distinguishing users by theway they type on a computer keyboard [23], [24], [13], [25].Monrose et al. [26], [27], [13] first developed the conceptof password hardening based on keystroke dynamics. It hasbeen found to be a practical solution to enhance the passwordsecurity in an unobtrusive way. Research done on the analysisof keystroke dynamics for identifying users as they type on amobile phone can be found in [28], [29], [30]. Clarke et al.[28] considered the dynamics of typing 4-digit PIN codes,achieving an average Equal Error Rate (ERR) of 8.5% onphysical keyboard on a Nokia 5110 handset. Karatzouni etal. [29] carried out another evaluation on a PDA phone withphysical keyboard, which yields an average EER of 12.2%.Zahid et al. [30] examined this approach on touchscreenkeyboards and achieved, in one best scenario, a low EqualError Rate of approximately 2% with training set required aminimum of 250 keystrokes.

Our work differs from the existing works above mainly intwo aspects. First, previous studies are all based on physicalkeyboards (either in computers or mobile phones), while our

work studies user tapping behaviors with on-screen touch-enabled keyboards, which are widely deployed in most smart-phones today. Second, besides keystroke timings, we includeadditional features (pressure, size, and acceleration) for userverification by exploiting various on-board smartphone sen-sors. This allows us to achieve a complete and fine-grainedcharacterization on user tapping behaviors.

B. Inferring Tapped Information from On-board Motion Sen-sors

Several independent researches have found that simply byusing data acquired by smartphone motion sensors, it issufficient to infer which part of the screen users tap on [2],[3], [4], [5]. The first effort was done by Cai et al. in 2011 [2].They utilized features from device orientation data on an HTCEvo 4G smartphone, and correctly inferred more than 70% ofthe keys typed on a number-only soft keyboard. Very soon,Xu et al. further exploited more sensor capabilities on smart-phones, including accelerometer, gyroscope, and orientationsensors [5]. Evaluation shows higher accuracies of greaterthan 90% for inferring an 8-digit password within 3 trials.Miluzzo et al. demonstrated another key inference methodon soft keyboard of both smartphones and tablets [3]. 90%or higher accuracy is shown in identifying English letters onsmartphones, and 80% on tablets. Owusu et al. [4] infers tapsof keys and areas arranged in a 60-region grid, solely basedon accelerometer readings on smartphones. Result showed thatthey are able to extract 6-character passwords in as few as 4.5trials.

C. User Authentication by Their Finger Movements on TouchScreens

Research has been done in exploring different biometricapproaches for providing an extra level of security for au-thenticating users into their mobile devices. Guerra-Casanovaet al. [31] proposed a biometric technique based on the ideaof authenticating a person on a mobile device by gesturerecognition, and achieve Equal Error Rate (EER) between2.01% and 4.82% on a 100-users base. Unobtrusive methodsfor authentication on mobile smart phones have emerged as analternative to typed passwords, such as gait biometrics (achiev-ing an EER of 20.1%) [32], [33], gesture-based scheme [34],or the unique movement users perform when answering orplacing a phone call (EER being between 4.5% and 9.5%)[35].

Recently De Luca et al. [16] introduced an implicit authen-tication approach that enhances password patterns on androidphones, with an additional security layer, which is transparentto user. The application recorded all data available from thetouchscreen: pressure (how hard the finger presses), size (areaof the finger touching the screen), x and y coordinates, andtime. Evaluation is based on 26 participants, with an averageaccuracy of 77%.

A concurrent work conducted by Sae-Bae et al. [36] makesuse of multi-touch screen sensor on iPad (not phone) to capturethe palm movement. They achieved a classification accuracy

Effect of Mimic Attack

0 0.5 1 1.5 2 2.5 3

Dissmilarity Score

All Features

Target UserImpostor #2 (After Observation)

Impostor #2 (Before Observation)Impostor #1 (After Observation)

Impostor #1 (Before Observation)

0 0.2 0.4 0.6 0.8 1 1.2

Dissmilarity Score

Time

0 0.2 0.4 0.6

Dissmilarity Score

Pressure

0 0.5 1 1.5 2

Dissmilarity Score

Acceleration

0 0.1 0.2 0.3

Dissmilarity Score

Size

Fig. 13. Effect of mimic attack shown in degree of dissimilarity from the target user. Subfigures, from left to right, correspond to all features considered, andeach individual feature set (acceleration, pressure, touched size, and time). There are two mimic “attackers”, and 10 trials before and after their observationson the target user.

of over 90%. However, palm movements is not suitable forsmartphone screens, since the screen is typically too smallfor palm movements. Citty et al. [37] presented an alternativeapproach to inputting PINs on small touchscreen devices. Ituses a sequence of 4 partitions of a selection of 16 images,instead of 4-digits PINs, to increase the possible combinationof authentication sequences. However, inputting the sequenceneeds extra efforts in memorizing the images sequences. Kimet al. [38] introduced and evaluated a number of novel tabletopauthentication schemes that exploit the features of multi-touchinteraction.

There are two recent works close to ours in re-authenticatingsmartphone users by continuously monitoring their fingermovements on the touchscreen [7], [8]. Frank et al. con-ducted a study on touch input analysis for smartphone userauthentication, which is referred to as touch biometrics [7].Based on a set of 30 behavioral features, the authors builtproof-of-concept classifiers that can pinpoint a target useramong 41 users with very low equal error rate. Given the non-trivial error rates, this kind of touch-based analysis is qualifiedas a complementary authentication mechanism. Shortly after,Li et al. conducted another detailed study aiming to pro-vide continuous re-authentication based on user touchscreenbehaviors [8]. Their system monitors and analyzes user in-teraction with touchscreens in background, and achieves ahigh authentication accuracy of up to 95.78%. Our workdiffers from these two studies in the following aspects. Firstof all, we focus on studying tapping behaviors exclusively,instead of sliding behaviors—the major gesture in the twoprevious works. This is because in our study, users make aconstructed sequence of tappings in entering PINs at lockscreen, which convey rich personal information. By contrast,Frank’s work solely focuses on sliding gestures; and in Li’swork, their focus is on those random touch screen behaviorsafter screen is unlocked. As random tappings do not providemuch user information, the sliding gestures play a dominaterole in Li’s work. Additionally, we focus on studying touchbiometrics in order to harden one-time static authentication(more specifically, passcode-based screen unlock), rather thanfor continuous re-authentication. In that sense, our system iscomplementary to these two works and can be deployed inparallel with them. Finally, unlike these works, we employone-class learning for user verification, which does not require

training data from other users, but purely relying on thesmartphone owner’s data.

Serwadda and Phoha [39] demonstrated a robot-arm-executed attack to evade swipe-based continuous verificationby exploiting general population statistics. However, the robotonly mimics the simple swipe gesture. The work has not shownany evidence on the mimicry of tapping behaviors for keyinga passcode (either 4 or 8 digits). Unlike swiping, tapping apasscode on smartphones is a much less casual gesture. Givena specific passcode, a user must perform tapping on a series oftouch positions with a certain order. Even if an attacker is ableto record the tapping behaviors using a high-speed camera andthe robot may accurately mimic the tapping behaviors in termsof timing metrics (i.e., key hold time and key-interval time),it would still be very challenging for the robot to accuratelymimic the tapping behaviors of individual users in terms ofsize (i.e., touched area), pressure, and acceleration. This isbecause the physical size of individual fingers and the physicalforce applied on a touch position are quite different fromperson to person. Therefore, we believe that our tap-basedapproach is much more robust against such a mimicry attackthan swipe-based methods.

VIII. CONCLUSION

As mobile devices have been widely used, ensuring theirphysical and data security has become a major challenge. Asimple peek over the shoulders of a device owner while a pass-code is being entered and a few minutes of hiatus would allowan attacker to access sensitive information stored on the device.Using more complex passcodes and/or secondary passcodescan reduce the chance of such attacks, but it brings significantinconvenience to the users. We have found that a user’s tappingsignatures if used in conjunction with the passcode itself canalso achieve the same goal, and moreover, the added securitycan be obtained in a completely user-transparent fashion.Previous works have shown the feasibility of this approach, buttheir high error rate makes these mechanisms impractical touse as too many false positives will defeat the purpose of beinguser-transparent. Having collected data of over 80 differentusers, explored the one-class machine learning technique, andutilized additional motion sensors on newest generation ofmobile devices, we are able to demonstrate accuracies withequal error rates of down to 3.65%.

REFERENCES

[1] D. Amitay, “Most Common iPhone Passcodes,” http://amitay.us/blog/files/most common iphone passcodes.php.

[2] L. Cai and H. Chen, “Touchlogger: inferring keystrokes on touch screenfrom smartphone motion,” in HotSec’11, 2011.

[3] E. Miluzzo, A. Varshavsky, S. Balakrishnan, and R. R. Choudhury,“Tapprints: your finger taps have fingerprints,” in ACM MobiSys’12,2012, pp. 323–336.

[4] E. Owusu, J. Han, S. Das, A. Perrig, and J. Zhang, “Accessory: passwordinference using accelerometers on smartphones,” in HotMobile’12, 2012,pp. 9:1–9:6.

[5] Z. Xu, K. Bai, and S. Zhu, “Taplogger: inferring user inputs onsmartphone touchscreens using on-board motion sensors,” in WISEC’12,2012, pp. 113–124.

[6] A. J. Aviv, K. Gibson, E. Mossop, M. Blaze, and J. M. Smith, “Smudgeattacks on smartphone touch screens,” in WOOT’10, 2010, pp. 1–7.

[7] M. Frank, R. Biedert, E. Ma, I. Martinovic, and D. Song, “Touchalytics:On the applicability of touchscreen input as a behavioral biometric forcontinuous authentication,” IEEE Transactions on Information Forensicsand Security, vol. 8, no. 1, pp. 136 –148, 2013.

[8] L. Li, X. Zhao, and G. Xue, “Unobservable re-authentication forsmartphones,” in NDSS’13, 2013.

[9] Y. Meng, D. S. Wong, R. Schlegel, and L.-f. Kwok, “Touch gesturesbased biometric authentication scheme for touchscreen mobile phones,”Information Security and Cryptology, vol. 7763, pp. 331–350, 2013.

[10] F. Bimbot, J.-F. Bonastre, C. Fredouille, G. Gravier, I. Magrin-Chagnolleau, S. Meignier, T. Merlin, J. Ortega-Garcıa, D. Petrovska-Delacretaz, and D. A. Reynolds, “A tutorial on text-independent speakerverification,” EURASIP J. Appl. Signal Process., vol. 2004, pp. 430–451,2004.

[11] C. Mallauran, J.-L. Dugelay, F. Perronnin, and C. Garcia, “Online facedetection and user authentication,” in MM’05, 2005, pp. 219–220.

[12] K. B. Rasmussen, M. Roeschlin, I. Martinovic, and G. Tsudik, “Authen-tication using pulse-response biometrics,” in NDSS ’14, 2014, availableonline: http://www.internetsociety.org/sites/default/files/08 1 0.pdf.

[13] F. Monrose and A. D. Rubin, “Authentication via keystroke dynamics,”in ACM CCS’97, 1997, pp. 48–56.

[14] N. Zheng, A. Paloski, and H. Wang, “An efficient user verificationsystem via mouse movements,” in ACM CCS’11, 2011, pp. 139–150.

[15] P. J. Phillips, J. R. Beveridge, B. A. Draper, G. Givens, A. J. OToole,D. S. Bolme, J. Dunlop, Y. M. Lui, H. Sahibzada, and S. Weimer, “Anintroduction to the good, the bad, & the ugly face recognition challengeproblem,” in FG’11, 2011, pp. 346 –353.

[16] A. De Luca, A. Hang, F. Brudy, C. Lindner, and H. Hussmann, “Touchme once and i know it’s you!: implicit authentication based on touchscreen patterns,” in ACM CHI’12, 2012, pp. 987–996.

[17] Apple Inc., http://support.apple.com/kb/HT5883.[18] Chaos Computer Club (CCC), http://www.ccc.de/en/updates/2013/

ccc-breaks-apple-touchid, 2013.[19] R. A. Maxion and K. S. Killourhy, “Keystroke biometrics with number-

pad input,” in IEEE DSN’10, 2010, pp. 201–210.[20] R. C. Sprinthall, Basic Statistial Analysis. Prentice Hall, 2011.[21] A. Jain, A. Ross, and S. Prabhakar, “An introduction to biometric

recognition,” IEEE Transactions on Circuits and Systems for VideoTechnology, vol. 14, no. 1, pp. 4 – 20, 2004.

[22] M. Goel, J. Wobbrock, and S. Patel, “Gripsense: using built-in sensorsto detect hand posture and pressure on commodity mobile phones,” inUIST’12, 2012, pp. 545–554.

[23] F. Bergadano, D. Gunetti, and C. Picardi, “User authentication throughkeystroke dynamics,” ACM Transactions on Information and SystemSecurity (TISSEC), vol. 5, no. 4, pp. 367–397, 2002.

[24] K. S. Killourhy and R. A. Maxion, “Comparing anomaly-detectionalgorithms for keystroke dynamics,” in IEEE DSN’09, 2009, pp. 125–134.

[25] K. Revett, Behavioral biometrics: a remote access approach. Wiley,2008.

[26] F. Monrose, M. K. Reiter, and S. Wetzel, “Password hardening basedon keystroke dynamics,” in ACM CCS’99, 1999, pp. 73–82.

[27] ——, “Password hardening based on keystroke dynamics,” InternationalJournal of Information Security, vol. 1, no. 2, pp. 69–83, 2002.

[28] N. L. Clarke and S. M. Furnell, “Authenticating mobile phone usersusing keystroke analysis,” Int. J. Inf. Secur., vol. 6, no. 1, pp. 1–14,2007.

[29] S. Karatzouni and N. Clarke, “Keystroke analysis for thumb-basedkeyboards on mobile devices,” New Approaches for Security, Privacyand Trust in Complex Environments, pp. 253–263, 2007.

[30] S. Zahid, M. Shahzad, S. A. Khayam, and M. Farooq, “Keystroke-baseduser identification on smart phones,” in RAID’09, 2009, pp. 224–243.

[31] J. Guerra-Casanova, C. Snchez-vila, G. Bailador, and A. Santos Sierra,“Authentication in mobile devices through hand gesture recognition,”International Journal of Information Security, vol. 11, no. 2, pp. 65–83,2012.

[32] M. O. Derawi, C. Nickel, P. Bours, and C. Busch, “Unobtrusive user-authentication on mobile phones using biometric gait recognition,” inIIH-MSP’10. IEEE, 2010, pp. 306–311.

[33] C. Nickel, M. O. Derawi, P. Bours, and C. Busch, “Scenario test foraccelerometer-based biometric gait recognition,” in IWSCN’11, 2011.

[34] M. Shahzad, A. X. Liu, and A. Samuel, “Secure unlocking of mobiletouch screen devices by simple gestures: You can see it but you can notdo it,” in MobiCom ’13, 2013, pp. 39–50.

[35] M. Conti, I. Zachia-Zlatea, and B. Crispo, “Mind how you answer me!:transparently authenticating the user of a smartphone when answeringor placing a call,” in ASIACCS’11, 2011, pp. 249–259.

[36] N. Sae-Bae, K. Ahmed, K. Isbister, and N. Memon, “Biometric-richgestures: a novel approach to authentication on multi-touch devices,” inACM CHI’12, 2012, pp. 977–986.

[37] J. Citty and D. R. Hutchings, “TAPI: Touch-screen authentication usingpartitioned images,” in Elon University Technical Report 2010-1, ser.Tech Report, 2010.

[38] D. Kim, P. Dunphy, P. Briggs, J. Hook, J. W. Nicholson, J. Nicholson,and P. Olivier, “Multi-touch authentication on tabletops,” in ACMCHI’10, 2010, pp. 1093–1102.

[39] A. Serwadda and V. V. Phoha, “When kids’ toys breach mobile phonesecurity,” in ACM CCS’13, 2013, pp. 599–610.

APPENDIX: PARTICIPANT CONSENT FORM IN DATACOLLECTION

The general nature of this study entitled “User Authenti-cation on Smartphones via Tapping Behaviors” conducted byDr. (name masked) has been explained to me. I understandthat I will be asked to (1) conduct regular tasks with asmartphone, like entering a designated 4-digit number; (2)tapping on the touchscreen in a regular way during the study;and (3) spend about 5 minutes for the entire process. No dataare being collected regarding personal credentials — e.g., notracking on my personal credentials, because I will be given adesignated number to enter. Only the physical input data fromthe touchscreen sensor are recorded, including taping pressure,contact size, acceleration of the phone, and timing information.I understand that my responses will be anonymous and thatmy name will not be associated with any results of this study. Iam aware that I am free to discontinue my participation at anytime and may report dissatisfactions with any aspect of thisexperiment to the Chair of the Protection of Human SubjectsCommittee, Dr. (name masked), (phone number masked) or(email address masked). I am aware that I must be at least 18years of age to participate. My signature below signifies myvoluntary participation in this project, and that I have receiveda copy of this consent form.