LatentGesture: Active User Authentication through Background Touch Analysis

We propose a new approach for authenticating users of mobile devices that is based on analyzing the user's touch interaction with common user interface (UI) elements, e.g., buttons, checkboxes and sliders. Unlike one-off authentication techniques such as passwords or gestures, our technique works continuously in the background while the user uses the mobile device. To evaluate our approach's effectiveness, we conducted a lab study with 20 participants, where we recorded their interaction traces on a mobile phone and a tablet (e.g., touch pressure, locations), while they filled out electronic forms populated with UI widgets. Using classification methods based on SVM and Random Forests, we achieved an average of 97.9% accuracy with a mobile phone and 96.79% accuracy with a tablet for single user classification, demonstrating that our technique has strong potential for real-world use. We believe our research can help strengthen personal device security and safeguard against unintended or unauthorized uses, such as small children in a household making unauthorized online transactions on their parents' devices, or an impostor accessing the bank account belonging to the victim of a stolen device.