Facial recognition, accelerometers, gyroscopes and acoustic signals: there is a variety of methods that can be used to enable or deny access to a smartphone. SilentSense, with its ‘touch-based biometrics’ approach, demonstrates a number of advantages.
In the face of an increasing number of security issues around smartphone access, researchers have been working on a variety of possible solutions, including random keyboards, tags and digital fingerprints. Now researchers from the Illinois Institute of Technology in the United States and Tsinghua University, Beijing, China, have developed a software package they call SilentSense. This app enables the device to identify a user silently by using dynamics data mined from the user’s habitual touch behaviour and the micro-movement of the device caused by his/her normal screen-touch actions. The software extracts the main identifiable features of normal user-behaviour and builds up a ‘touch-based biometrics’ model of the device’s owner. It can then subsequently verify whether the person currently using the phone is the owner or a ‘guest’ – who might be an unauthorised attacker.
Both static and dynamic parameters
When users are on-the-go, however, the large-scale movements of the phone will render purely touch-based biometrics ineffective. To address this problem, the SilentSense developers have integrated movement-based biometrics for each user with previous touch-based biometrics so that the user can still access his/her phone. For the touch-based biometrics, the app makes use of the phone's accelerometer and gyroscope in combination with the touchscreen sensors in order to obtain a more accurate mapping of habitual usage. Recording such elements as the unique pressure, duration and fingertip size and position each user exhibits will in most cases enable the app to make an instant identification. Research shows that these individual behaviours are very difficult for any other person to reproduce and, as a result, testing of the SilentSense system has shown a high degree of accuracy – achieving correct identification rates of between 98% and 99% on user profiles.
App design helps reduce power consumption
In order to recognise the touch-based biometrics, the app takes readings on an ongoing basis. However, when working continuously, a smartphone app tends to consume a great deal of power. The Illinois-Tsinghua researchers have therefore built in a feature that makes it possible to de-activate the sensors and authenticate the owner using recorded data on his/her habitual movements. In this case, however, authentication is no longer instantaneous but takes a few moments. The app’s web interface allows a user to choose between sensor activation and de-activation – a compromise which further research should soon render unnecessary.