Towards Effective Behavioural Biometrics for Mobile Devices

Mobile devices store immense amounts of sensitive data, making them attractive targets for attackers. The first line of defence against attacks is authentication --- verifying the identity of an agent accessing the device. We examine behavioural biometrics as an effective authentication mechanism on mobile devices. Behavioural biometrics model an agent's behaviours to establish their identity. We construct an authentication system based on profiling the device sensors (touch screen, accelerometer and gyroscope) during a swipe, defined as a quick, simple movement across a touch screen. In addition, we explore the relationship between problem setting and evaluation methodology in authentication systems, producing a list of requirements necessary for accurate evaluation. Finally, we perform a user study to ascertain the effectiveness of our behavioural biometric mechanism. We conclude that this system is resistant to attacks which trivially bypass standard mechanisms such as PINs, while also potentially lightening the usability load imposed by authentication.