A continuous fusion authentication for Android based on keystroke dynamics and touch gesture

摘要

As one of the most popular smartphone operating system nowadays, Android is used for various needs start from casual purpose such as games up to critical aims like banking. To avoid any access by impostor (unauthorized parties), the use of authentication system is a must. Android provides basic authentication system based on screen-lock using PIN, password, or pattern. However all those ways have several vulnerabilities, i.e: 1) leak or transfered key access, 2) only supports full binary authentication, and 3) no re-authentication nor revocation. This research aims at developing continuous behavioral authentication as a solution for those vulnerabilities. Our solution uses authentication score, not just a binary authentication. The score is constructed using fusion approach combining two modalities i.e. keystroke dynamics (typing behavior) and touch gesture (tap, swipe, and pinch behavior). Each of those authentication model is built using two-class machine learning classification. This authentication system is designed to run continuously on Android background, so it is possible to change authorization or make a revocation anytime needed. This proposed solution has been implemented as a prototype on a testing application. There are some tests have been held, first is modality experiment to find the best classifier each modality, second is continuous fusion authentication test, third is performance test. The result shows that our proposed fusion authentication get more accurate than if the modalities work respectively. Based on the continuous and live authentication testing on Android device, best fusion method is mean Olympic with a threshold 0.81 that makes the FAR and FRR equal in 0.26.