Empirical evaluation of rhythm-based authentication method for mobile devices

Abstract

Mobile devices require a screen lock method for authentication. Although conventional screen locks are typically based on pattern, PIN code or password authentication, they are vulnerable to shoulder-surfing attacks and video recording attacks. To avoid such vulnerability, a rhythm-based authentication (RA) method that leverages the timing of screen taps has been proposed as an authentication factor. This method uses features, such as tap pressure, distance between taps, and tap timing, for authentication. However, this method requires a server for a user to be authenticated. In this paper, we propose an improved RA method that can be applied in a mobile device by using a Random Forest classifier. We conducted a series of experiments to clarify (i) importance of the features (ii) classification accuracy, and (iii) required number of taps. The proposed RA method was tested by 24 participants. After carefully choosing features, we show that when the number of taps is five, the accuracy is 94.16%, which is an improvement of 1.79%.