SocialAuth: Designing touch behavioral smartphone user authentication based on social networking applications

Modern smartphones expressed an exponential growth and have become a personal assistant in people’s daily lives, i.e., keeping connected with peers. Users are willing to store their personal data even sensitive information on the phones, making these devices an attractive target for cyber-criminals. Due to the limitations of traditional authentication methods like Personal Identification Number (PIN), research has been moved to the design of touch behavioral authentication on smartphones. However, how to design a robust behavioral authentication in a long-term period remains a challenge due to behavioral inconsistency. In this work, we advocate that touch gestures could become more consistent when users interact with specific applications. In this work, we focus on social networking applications and design a touch behavioral authentication scheme called SocialAuth. In the evaluation, we conduct a user study with 50 participants and demonstrate that touch behavioral deviation under our scheme could be significantly decreased and kept relatively stable even after a long-term period, i.e., a single SVM classifier could achieve an average error rate of about 3.1% and 3.7% before and after two weeks, respectively. Copyright © 2019 IFIP International Federation for Information Processing.