SGFA: A Two-Factor Smartphone Authentication Mechanism Using Touch Behavioral Biometrics

SGFA: A Two-Factor Smartphone Authentication Mechanism Using Touch Behavioral Biometrics

연구 분야: Analysis

학회: CompSysTech '20: Proceedings of the 21st International Conference on Computer Systems and Technologies

In this paper we propose a user authentication method on smartphone devices based on the popular pattern lock mechanism, called the Simple Game For Authentication (SGFA). The SGFA mechanism resembles a simple game involving connecting points on the touch screen that is relatively easy to perform. To provide increased security, the mechanism utilizes both the user's knowledge and behavioral biometrics based on touch screen interaction an active layer of defence against unauthorized access. Based on an initial experiment, we determine the minimum number of strokes forming a password to reach a satisfying level of success rate. We discuss possible problems and attacks that can potentially break the process and evaluate the impact of over-the-shoulder attacks on the security of the password-matching layer. We further evaluate the biometric layer in terms of user authentication error rates. In an experiment involving 33 participants, the biometric layer achieved the false acceptance rate (FAR) and false rejection rate (FRR) of approx. 1.4% and 2%, respectively. Combined with the password-matching layer, the SGFA mechanism provides a more secure approach than pattern locks.