Behavior Based Authentication using Gestures and Signatures

August 8, 2012
Muhammad Shahzad | Microsoft Research Intern

Research community has done a significant amount of work on authenticating users based upon their typing behavior. The arrival of touch interface devices has opened up a new direction for research in user authentication. We explore two ideas of authenticating the users on touch screen devices:

Identifying distinct patterns in the way a user performs certain gestures on the touch screen and using those patterns to authenticate the user
Identifying distinct behavioral patterns in the way a user performs his/her signature and using those patterns to authenticate the user

The use of a set of predefined gestures eliminates the need to remember a password. The user is shown the gesture that he needs to perform and all he has to do is to perform that gesture on the screen. Using the training data, the gesture is evaluated and decision is made whether the user is a legitimate user or an imposter. For now, we have evaluated this scheme only on smart phones.

The idea of authenticating the user using his behavior of performing the signature is evaluated for tablets. The user is required to do his signature on the touch screen for authentication. The behavior of doing the signature is evaluated using the training data and a classification decision is made. Forging of signature has always been a problem. Our scheme eliminates this problem. If a signature has been very accurately copied such that the forged and actual signatures look exactly alike, a human eye can usually not distinguish between the two. We will show that our scheme can distinguish even between signatures that look alike to the point that a human eye cannot distinguish between them.

Speaker Details

Muhammad Shahzad is a 5th year PhD student at the Department of Computer Science and Engineering, Michigan State University. He is a second time intern at Microsoft Research. His research interests lie in statistical and learning algorithms for designing and analysing large scale systems. He has worked on a diverse set of topics including Mobile Computing, RFID Systems, User Authentication, Network Measurements, Data Analytics, and Host and Network Security. His professional services include serving on the organizing and program committees of several conferences. More details about his projects, publications, and services can be found at https://www.msu.edu/~shahzadm/.