Abstract:
The main objective of this research study is to enhance the functionality of an Android pattern lock application that through testing, can help determine whether the time elements of a touch operation, in particular Time on Dot (TOD) and Time Between Dot (TBD), can be accurately used as biometric identifier input. This is driven by the challenges that are inherent in existing pattern lock applications; such as, susceptibility to smudge attacks and shoulder surfing attacks. The hypotheses that are tested through this study are the following: H1: There is a correlation between the number of touchstroke features used and the accuracy of the touch operation biometric system; Ho1: There is no correlation between the number of touchstroke features used and the accuracy of the touch operation biometric system; H2: There is a correlation between pattern complexity and accuracy of the touch operation biometric system; Ho2: There is no correlation between pattern complexity and accuracy of the touch operation biometric system; H3: There is a correlation between user training and accuracy of the touch operation biometric system; Ho3: There is no correlation between user training and accuracy of the touch operation biometric system
The study used convenience sampling on a United States International University - Africa population. This excluded students and members of faculty in the School of Science and Technology who may have had a technical advantage over a common representative user in the population. A within-subjects design involving repeated measures was incorporated when testing H1, Ho1, H2 and Ho2 hypotheses - on a total of 8 subjects. Testing of H3 and Ho3 hypotheses involved the selection of a new set of 4 subjects to eliminate the possibility of training through exposure to previous procedures. This translated to an overall sample size of 12 subjects who gave a total of 2,096 feature extracted data. Analysis was done using the Dynamic Time Warping (DTW) Algorithm of biometric accuracy.
Results for H1 revealed an increase in accuracy by lowering the False Rejection Rate (FRR) from 20% to 17% when an additional time feature was used. However, the False Acceptance Rates (FAR) increased from 34% to 39% leading to an overall decline in accuracy from 68% to 62%. This could be attributed to the DTW failing to manage the effect of outliers. The H1 hypothesis was therefore rejected.
Results for H2 when using two touchstroke features (Time Between Dot and Time on Dot) showed a 7% increase in accruracy from 62% in the case of a simple password to 69% when a complex password was used. The H2 hypothesis was therefore accepted.
Results for H3, when using the Time Between Dot touchstroke feature, showed a 26% increase in accruracy from 56% in the case of no training to 82% when training was introduced. An interesting thing to note about the results for H3 is that using two touchstroke features (Time Between Dot and Time on Dot) showed a 8% decrease in accruracy from 69% in the case of no training to 61% when training was introduced. The H3 hypothesis was therefore accepted for the case of one touchstroke feature.
The contribution made through this research study was that it was shown that the extraction of an additional touchstroke feature (Time Between Dot), coupled with pattern complexity and user training was able to yield high average accuracy levels of up to 82% in a touch operation biometric system. This study was done on low-end smart devices with average processing capabilities. This builds a case for the introduction of touch operation biometrics onto regular smart devices thereby providing stronger authentication without increasing system performance overheads or cost. For future work, it is recommended that more work be done by applying other algorithms to the existing data set and comparing their results with those obtained with DTW. Additionally, further research can explore whether the use of other touchstroke biometric features can have a better impact on accuracy.