This document proposes ShakeIn, a smartphone authentication system based on how users shake their phone with one hand. It extracts physiological and behavioral characteristics from accelerometer and gyroscope sensor readings during the shake to uniquely identify users. In a training phase, users perform a small number of shakes to establish an identification model. In the authentication phase, it verifies the user's identity by comparing a new shake to the model. Evaluation showed it achieved 1.2% equal error rate using only 35 training samples, even under shoulder surfing attacks. It aims to provide strong authentication that is also convenient for users.
SHAKEIN: SECURE USER AUTHENTICATION OFSMARTPHONES WITH HABITUAL SINGLE-HANDEDSHAKES
1. CONTACT: PRAVEEN KUMAR. L (,+91 – 9791938249)
MAIL ID: , praveen@nexgenproject.com
Web: www.nexgenproject.com,
SHAKEIN: SECURE USER AUTHENTICATION OFSMARTPHONES
WITH HABITUAL SINGLE-HANDEDSHAKES
ABSTRACT
Smartphones have been widely used with a vast array of sensitive and private information stored
on these devices. Tosecure such information from being leaked, user authentication schemes are
necessary. Current password/pattern-based userauthentication schemes are vulnerable to
shoulder surfing attacks and smudge attacks. In contrast, stroke/gait-based schemes aresecure but
inconvenient for users to input. In this paper, we propose ShakeIn, a handy user authentication
scheme for secure unlockingof a smartphone by simply shaking the phone. With embedded
motion sensors, ShakeIn can effectively capture the unique and reliablebiometrical features of
users about how they shake. In this way, even if an attacker sees a user shaking his/her phone,
the attacker canhardly reproduce the same behaviour. Furthermore, by allowing users to
customise the way how they shake the phone, ShakeInendows users with the maximum operation
flexibility. We implement ShakeIn and conduct both intensive trace-driven simulations andreal
experiments on 20 volunteers with about 530; 555 shaking samples collected over multiple
months. The results show that ShakeInachieves an average equal error rate of 1:2% with a small
number of shakes using only 35 training samples even in the presence ofshoulder-surfing attacks.
PROPOSED SYSTEM:
we propose a smartphone user authenticationscheme, called ShakeIn, based on customised
single-handed shakes. As shown in Figure 1(a), a shake refers to ato-and-fro movement with one
hand holding a smartphoneand swinging the x- and y-axis coordinate plane of thephone around
the elbow in the air. In essence, ShakeInadopts a machine learning methodology, consisting of
atraining phase and an authentication phase. More specifically,in the training phase, ShakeIn first
2. CONTACT: PRAVEEN KUMAR. L (,+91 – 9791938249)
MAIL ID: , praveen@nexgenproject.com
Web: www.nexgenproject.com,
asks a legitimateuser to choose his/her preferred shaking styles and collectsa small number of
shakes. For each of such shakes, uniqueand reliable biometrical features are derived from the
rawreadings of the embedded 3D accelerometer and the gyroscopesensors, and then utilised to
establish a SupportingVector Machines (SVM) classifier. In the authenticationphase, ShakeIn use
the pre-trained classifier to verify thelegitimacy of shaking attempts from a user and unlock
thephone if the user passes the verification. The key insightbehind ShakeIn is that people have
consistent and distinguishingphysiological characteristics (e.g., the physicalstructure of the arm)
and behavioural characteristics (e.g.,shaking behaviour patterns) while doing shakes
EXISTIONG SYSTEM:
Several schemes have been proposed that utilise theaccelerometer in smartphones to recognise
human biometricgait. In general, these schemes have low true positive ratesas it is sensitive to
many uncontrollable factors such as thephone placement and the types of the ground surface
andshoes. Other physiological characteristics such as fingerprints, face and sound could be
utilised for authentication.Typing behaviour with physical keyboards can be utilisedto
authenticate users but the performance of theseschemes when applied to smartphones is
uncertain as typingbehaviour on touch screens is more difficult to model.Some schemes have
been proposed to draw specialgestures on the touch screen of a smartphone for
authentication.OpenSesame and uWave are the two schemesmostly related to our work.
OpenSesame allows users toshake or roll their phones with no special requirementsand derives
four types of geometric features with threeaxisraw acceleration readings. Probability density
functions(PDFs) of those feature samples are further used to trainclassifiers and verify a user.
UWave can verify the legitimacyof a user by comparing the time series of three-axisacceleration
readings of a testing gesture drawn in the airto a pre-defined template library by employing
dynamictime warping (DTW). These schemes have relatively highfalse positive errors especially
under shoulder-surfing attacks.ShakeIn differs from both schemes essentially in howfeatures are
3. CONTACT: PRAVEEN KUMAR. L (,+91 – 9791938249)
MAIL ID: , praveen@nexgenproject.com
Web: www.nexgenproject.com,
extracted. In ShakeIn, both physiological andbehavioural characteristics are considered, which
makesShakeIn easy to use and at the same time resilient toshoulder-surfing attacks
CONCLUSION
In this paper, we have proposed a smartphone user authenticationscheme, called ShakeIn, based
on customised onehandshakes. ShakeIn is resilient to shoulder-surfing andbiometrics hacking
attacks as it adopts both physiologicaland behavioural characteristics to profile users.
Furthermore,ShakeIn is handy as it allows customised shakes andsingle-hand operations.
ShakeIn is quite reliable and canwork well with different modes of transport. As ShakeInneeds
only off-the-shelf devices, it is easy to gain a widedeployment. Nevertheless, ShakeIn also has
several limitations.For example, if a user forgets how he/she shakesduring the training phase, it
is very likely for ShakeInto refuse this user for unlocking. We suggest that a userchooses the
most comfortable shaking styles as his/her“passwords”. Another limitation of ShakeIn is that
currentlyit can work with two common people postures, i.e., sittingand standing. It would be
more practical if more posturesare supported. In addition, extending ShakeIn to other
mobiledevices bigger than smartphones in size such as tabletsis also challenging. Moreover, we
would also investigate touse more advanced classifiers such as Structural MinimaxProbability
Machine in the future.
REFERENCES
[1] European Union Agency for Network and InformationSecurity, “Top Ten Smartphone
Risks,”https://www.enisa.europa.eu/activities/Resilience-andCIIP/critical-
applications/smartphone-security-1/top-ten-risks.
[2] F. Tari, A. Ozok, and S. H. Holden, “A Comparison of Perceivedand Real Shoulder-surfing
Risks between Alphanumeric andGraphical Passwords,” in Proceedings of the second ACM
Symposiumon Usable privacy and security, 2006, pp. 56–66.
4. CONTACT: PRAVEEN KUMAR. L (,+91 – 9791938249)
MAIL ID: , praveen@nexgenproject.com
Web: www.nexgenproject.com,
[3] F. Schaub, R. Deyhle, and M. Weber, “Password Entry Usabilityand Shoulder Surfing
Susceptibility on Different Smartphone Platforms,”in Proceedings of the 11th ACM International
Conference onMobile and Ubiquitous Multimedia, 2012.[4] A. J. Aviv, K. Gibson, E. Mossop,
M. Blaze, and J. M. Smith,“Smudge Attacks on Smartphone Touch Screens,” WOOT, vol.
10,pp. 1–7, 2010.
[5] The Apple Inc., “About Touch ID Security on iPhone and iPad,”https://support.apple.com/en-
us/HT204587.
[6] M. Shahzad, A. X. Liu, and A. Samuel, “Secure Unlocking ofMobile Touch Screen Devices
by Simple Gestures: You can seeit but you can not do it,” in Proceedings of ACM MobiCom,
2013.
[7] J. R. Kwapisz, G. M. Weiss, S. Moore et al., “Cell Phone-basedBiometric Identification,” in
Proceedings of IEEE Biometrics Compendium,2010.[8] D. Gafurov, K. Helkala, and T. Søndrol,
“Biometric Gait AuthenticationUsing Accelerometer Sensor,” Journal of Computers, vol. 1,no. 7,
pp. 51–59, 2006.
[9] C. Yuan, X. Sun, and R. Lv, “Fingerprint Liveness Detection Basedon Multi-Scale LPQ and
PCA,” China Communications, vol. 13,no. 7, pp. 60–65, 2016.
[10] F. Monrose, M. K. Reiter, and S. Wetzel, “Password HardeningBased on Keystroke
Dynamics,” International Journal of InformationSecurity, vol. 1, no. 2, pp. 69–83, 2002.
[11] S. Zahid, M. Shahzad, S. A. Khayam, and M. Farooq, “KeystrokebasedUser Identification
on Smart Phones,” in Proceedings ofthe 12th International Symposium on Recent Advances in
IntrusionDetection. Springer, 2009.
[12] A. De Luca, A. Hang, F. Brudy, C. Lindner, and H. Hussmann,“Touch Me Once and I
Know It’s You!: Implicit AuthenticationBased on Touch Screen Patterns,” in Proceedings of
ACM SIGCHI,2012.