DIALERAUTH exploits the way a smartphone user taps or enters any text-independent 10-digit number (replicating the dialing process) and the hand's micro-movements while entering the numbers on the touchscreen of a smartphone.
  • DIALERAUTH authenticates a user on the basis of timing differences in the entered 10-digit taps and user's hand micro-movements recorded by using using accelerometer and gyroscope sensors.
  • DIALERAUTH provides enhanced security by leveraging the transparent and unobservable layer and increases the usability and acceptability by utilizing the users' familiarity with the dialing process and the flexibility of choosing any combination of 10-digit number.
  • This scheme can be utilized to authenticate users on their smartphone.

DIALERAUTH: A Motion-assisted Touch-based Smartphone User Authentication Scheme
Attaullah Buriro, Bruno Crispo, Sandeep Gupta, Filippo Del Frari. In: CODASPY '18 Proceedings of the 8th ACM Conference on Data and Application Security and Privacy Pages 267-276

Top Back to wiki
On-demand ride services and the rideshare infrastructure primarily focus on the minimization of travel time and cost. However, the safety of riders is overlooked by service providers. For driver authentication, existing identity management methods typically check the driving license, which can be easily stolen, forged, or misused. Further, background checks are not performed at all; instead, social profiles and peer reviews are used to foster trust, thereby compromising the safety and security of riders. Moreover, the present mechanism seems ineffective in discontinuing a malicious driver from offering the services.
DriverAuth — a fully transparent and easy-to-use authentication scheme for drivers that is based on common behavioral biometric modalities, such as hand movements, swipe action, and touch-strokes while the drivers interact with the dedicated smartphone-based application for accepting the booking
  • This scheme exploits 3 modalities, i.e., hand movements, swipe action, and touch-strokes.
  • This can be utilized for multi-user authentication in a client-server environment.
DriverAuth: Behavioral biometric-based driver authentication mechanism for on-demand ride and ridesharing infrastructure
S Gupta, A Buriro, B Crispo - ICT Express, 2018

TopBack to wiki
Hold and Sign
Hold and Sign is a bi-modal behavioral biometric solution for user authentication. The proposed mechanism takes into account micro-movements of a phone and movements of user's finger during writing or signing on the touchscreen. More specifically, it profiles a user based on how she holds the phone and based on the characteristics of the points being pressed on the touchscreen, and not the produced signature image.
  • This scheme exploits 2 modalities, i.e., hand movements, and users signature pattern.
  • This can be utilized for authenticating a user in banking scenario.

Hold and Sign: A Novel Behavioral Biometrics for Smartphone User Authentication
A Buriro, B Crispo, F Delfrari, K Wrona - Security and Privacy Workshops (SPW), 2016 IEEE, 2016

Please hold on: Unobtrusive user authentication using smartphone's built-in sensors.
Buriro, Attaullah, Bruno Crispo, and Yury Zhauniarovich; Identity, Security and Behavior Analysis (ISBA), 2017 IEEE International Conference on. IEEE, 2017.

TopBack to wiki
ITSME: a multi-modal behavioural biometric that uses features collected while the user slide-unlocks the smartphone to answer a call. In particular, we use the slide swipe, the arm movement in bringing the phone close to the ear and voice recognition to implement our behaviour biometric.
  • This is a trimodal authentication using arm movements, swipe action, and voice on smartphones.
  • This can be utilized for single user authentication.

Itsme: Multi-modal and unobtrusive behavioural user authentication for smartphones
Buriro A., Crispo B., Del Frari F., Klardie J., Wrona K. (2016). In: Stajano F., Mjølsnes S.F., Jenkinson G., Thorsheim P. (eds) Technology and Practice of Passwords. PASSWORDS 2015. Lecture Notes in Computer Science, vol 9551. Springer, Cham

TopBack to wiki
SnapAuth is a motion-based unobtrusive behavioral biometric-based user authentication solution - SnapAuth, for Android-based smartwatch. SnapAuth requires the user to perform finger-snapping action, while wearing the smartwatch to perform the authentication. SnapAuth profiles the arm-movements by collecting data from smartwatch's built-in accelerometer and gyroscope sensors, while the user performs this action.
  • This scheme exploits user's arm movements wearing a smartwatch.
  • SnapAuth could be widely accepted by users as it utilizes the users' familiarity with the very common finger-snapping action and users do not need to remember any secret.
  • This can also be utilized to authenticate the users in smart-homes.
We implemented and evaluated SnapAuth on Motorola Moto 3G smartwatch.

TopBack to wiki
Touchstroke is bi-modal biometric authentication solution, which leverages users' hand movements while they hold their smartphones, and touch-typing timing differences when they enter a text-dependent 4-digit PIN/password.
The scheme can be deployed as single user authentication, i.e., user authentication on smartphones, as well as multiple user authentication (implemented using client-server architecture), i.e., user authentication for sensitive application like banking apps.

Touchstroke: Smartphone User Authentication Based on Touch-Typing Biometrics
Buriro A., Crispo B., Del Frari F., Wrona K. (2015). In: Murino V., Puppo E., Sona D., Cristani M., Sansone C. (eds) New Trends in Image Analysis and Processing -- ICIAP 2015 Workshops. ICIAP 2015. Lecture Notes in Computer Science, vol 9281. Springer, Cham

Evaluation of motion-based touch-typing biometrics in online financial environments
Buriro, At., Gupta, Sa. & Crispo, Br., (2017). In: Brömme, Ar., Busch, Ch., Dantcheva, An., Rathgeb, Ch. & Uhl, An. (Hrsg.), BIOSIG 2017. Gesellschaft für Informatik, Bonn. (S. 219-226).

TopBack to wiki