Posture and Body Movement Effects on Behavioral Biometrics for Continuous Smartphone Authentication

• Published in: IEEE transactions on biometrics, behavior, and identity science Vol. 7; no. 1; pp. 3 - 15
• Main Authors: Cariello, Nicholas, Eslinger, Robert, Gallagher, Rosemary, Kurtzer, Isaac, Gasti, Paolo, Balagani, Kiran S.
• Format: Journal Article
• Language: English
• Published: Piscataway IEEE 01.01.2025; The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
• Subjects: 3D motion capture; Access control; Authentication; Behavioral biometrics; Biometrics; continuous authentication; Data collection; Datasets; Error analysis; Feature extraction; Motion capture; Motion perception; Posture; Sensors; Smart phones; smartphone authentication; Smartphones; Three dimensional motion; Wearable technology
• ISSN: 2637-6407; 2637-6407
• DOI: 10.1109/TBIOM.2024.3409349

Continuous authentication aims to authenticate users at regular intervals post-login, typically using biometric features that capture the user's behavior. One of the drawbacks of continuous authentication is that it usually introduces a high authentication latency, i.e., behavioral features need to be captured for 45-120 seconds in order to achieve acceptable authentication error rates. In this paper, we take a step towards addressing this problem by harnessing 3D motion capture data and creating an extensive set of body motion and posture features with the goal of achieving low authentication error rates with short (1-5 second) authentication latencies. To evaluate our features, we collected a dataset from 39 users engaged in a set of smartphone tasks performed in a 3D motion capture studio. To collect our data, we placed 41 IR-reflective markers on the subjects' body and 3 on the smartphone. The markers were tracked by 3D motion capture cameras. During data collection, subjects were either walking along a pre-determined path or sitting. We show that our features can lead to a low equal error rate (EER) of 6.4% with 1-second latency, and 5.4% with 5-second latency. In contrast, under the same experimental settings, swipe and phone-movement features alone led to an EER of 15.7% for a 60-second authentication latency. While our features demonstrate the potential to achieve low authentication error with very low authentication latencies, we envision that in practice these features will be collected using standard smartphone sensors and consumer-grade wearable devices. We believe that our results hold transformative potential, because they shift continuous authentication from a reactive (i.e., detection is successfully performed well into the attack) to a proactive security measure (i.e., detection happens as the attack starts). As part of our contributions, we have made the dataset used in this paper publicly available.