The enhanced performance and reduced cost have made mobile devices deeply penetrate into daily life and reform people's habits in modern society. While people enjoy the convenient services and diversified contents provided through mobile devices, the prosperity of mobile device also leads to serious security concerns in mobile devices. User authentication plays an indispensable role in protecting computer systems and applications from unauthorized access. Many user authentication methods have been proposed and implemented to protect desktop computer system, but do not provide optimal security and convenience for the new generation of touchscreen-equipped devices. Therefore, there is especially high demand for a new user authentication method, which achieves high accuracy, usability, compatibility, and low cost for mobile devices. In this paper, we present a novel touchscreen-based authentication scheme that utilizing both static and dynamic features generated by different hand's gestures. We collect raw data including position, size, pressure, time of each individual touch-point generated by fingertip movements which correspond to distinct characters of gestures of different users. Then, we convert raw data to static and dynamic features to achieve accurate pattern recognition. Several volunteers are invited to help experiment the proposed scheme and collect sample data by performing different gestures for multiple times on different touch-screen devices. Afterwards, we run statistical analysis to identify discriminative features to reduce the complexity and enhance accuracy for classification. In the end, we apply and compare various machine learning approaches with selected features to build stable and robust classification models. As a proof-of-concept, a mobile app is developed to implement the proposed scheme for android tablet due to its API and hardware supports. When a user uses this app at first time, the app will ask the user to sign up an account. Then, it leads the user to a sign-up screen and asks the user to enter a unique username and an email address. In the next step, the user is directed to another screen where he/she can select a preferred picture as the gesture background. Then, the app asks user to perform a gesture for three times to obtain initial gesture pattern data. In meantime, it also tests the similarities among the gestures. If an unstable pattern is detected, it will ask user to redo the gesture until the similarity meets pre-defined requirements. After successful registration, the user can sign in with the username and secret gesture. Each gesture will be evaluated by the classification model associated with the user account. Empirical research and experiments show that the proposed scheme overcome the drawbacks of the existing methods, and achieve high accuracy and usability for user authentication. Therefore, we believe it has great potentials to provide secure protection for systems, applications, and data in touch-screen equipped mobile devices.
展开▼