Publication Type

Journal Article

Version

publishedVersion

Publication Date

12-2018

Abstract

Wearing smartwatches becomes increasingly popular in people’s lives. This paper shows that a smartwatch can help its bearer authenticate to a login system effectively and securely even if the bearer’s password has already been revealed. This idea is motivated by our observation that a sensor-rich smartwatch is capable of tracking the wrist motions of its bearer typing a password or PIN, which can be used as an authentication factor. The major challenge in this research is that a sophisticated attacker may imitate a user’s typing behavior as shown in previous research on keystroke dynamics based user authentication. We address this challenge by applying a set of machine learning and deep learning classifiers on the user’s wrist motion data that are collected from a smartwatch worn by the user when inputting his/her password or PIN. Our solution is user-friendly since it does not require users to perform any additional actions when typing passwords or PINs other than wearing smartwatches. We conduct a user study involving 51 participants so as to evaluate the feasibility and performance of our solution. User study results show that the best classifier is the Bagged Decision Trees, which yields 4.58% FRR and 0.12% FAR on a QWERTY keyboard, and 6.13% FRR and 0.16% FAR on a numeric keypad.

Keywords

Wearable devices, User authentication, Sensor, Machine learning, Deep learning

Discipline

Information Security

Research Areas

Cybersecurity

Publication

Cybersecurity

Volume

1

Issue

1

First Page

1

Last Page

13

ISSN

2523-3246

Identifier

10.1186/s42400-018-0009-4

Publisher

SpringerOpen

Copyright Owner and License

Authors

Creative Commons License

Creative Commons Attribution 4.0 International License
This work is licensed under a Creative Commons Attribution 4.0 International License.

Additional URL

https://doi.org/10.1186/s42400-018-0009-4

Share

COinS