Cybersecurity (Aug 2018)

Making a good thing better: enhancing password/PIN-based user authentication with smartwatch

  • Bing Chang,
  • Yingjiu Li,
  • Qiongxiao Wang,
  • Wen-Tao Zhu,
  • Robert H. Deng

DOI
https://doi.org/10.1186/s42400-018-0009-4
Journal volume & issue
Vol. 1, no. 1
pp. 1 – 13

Abstract

Read online

Abstract Wearing smartwatches becomes increasingly popular in people’s lives. This paper shows that a smartwatch can help its bearer authenticate to a login system effectively and securely even if the bearer’s password has already been revealed. This idea is motivated by our observation that a sensor-rich smartwatch is capable of tracking the wrist motions of its bearer typing a password or PIN, which can be used as an authentication factor. The major challenge in this research is that a sophisticated attacker may imitate a user’s typing behavior as shown in previous research on keystroke dynamics based user authentication. We address this challenge by applying a set of machine learning and deep learning classifiers on the user’s wrist motion data that are collected from a smartwatch worn by the user when inputting his/her password or PIN. Our solution is user-friendly since it does not require users to perform any additional actions when typing passwords or PINs other than wearing smartwatches. We conduct a user study involving 51 participants so as to evaluate the feasibility and performance of our solution. User study results show that the best classifier is the Bagged Decision Trees, which yields 4.58% FRR and 0.12% FAR on a QWERTY keyboard, and 6.13% FRR and 0.16% FAR on a numeric keypad.

Keywords