A New Non-Intrusive Authentication Method based on the Orientation Sensor for Smartphone Users

Chien-Cheng Lin Dept. of Computer Science and Engineering

National Taiwan Ocean University Keelung, Taiwan. R.O.C. hammerlin@hotmail.com

Chin-Chun Chang Dept. of Computer Science and Engineering

National Taiwan Ocean University Keelung, Taiwan. R.O.C. cvml@mail.ntou.edu.tw

Deron Liang Dept. of Computer Science and Information Engineering

National Central University Jhongli City, Taoyuan County, Taiwan, R.O.C.

drliang@csie.ncu.edu.tw

Ching-Han Yang Dept. of Computer Science and Information Engineering

National Central University Jhongli City, Taoyuan County, Taiwan, R.O.C.

yang.chinghan@gmail.com

Abstract—With more advanced features loaded, smartphones nowadays are used not only for telecommunication but also for many emerging applications, such as m-banking. In this paper, we propose a novel non-intrusive authentication mechanism using the information collected from the orientation sensor of the smartphone. This new approach is based on the hypothesis that a user has a unique way to hold and operate his/her smartphone while working on some apps; and such behavioral biometrics can be captured from the readings of the orientation sensor. We design an authentication mechanism that adopts 53 new features transformed from those readings. To validate this hypothesis, we have developed an application to collect user’s behavioral biometrics of up-down flicks and left-right flicks from the orientation sensor. The experimental results show that the proposed approach has an equal error rate about 6.85%. We find that the feature subset selected to build an authentication model with satisfactory performance is generally small, varying 3 to 8 for different users. We also find that the feature subsets are significantly different among different users. Finally, we show that the proposed non-intrusive mechanism can be used together with existing intrusive mechanisms, such as password and/or fingerprints, to build a more robust authentication framework for smartphone users.

Keywords- Non-intrusive authentication; Continuous authentication; Orientation sensor

I. INTRODUCTION With the advances in information and communication

technology, the performance and the features of hand-held devices are rapidly increased. This enables to use such devices not only as communication tools but also in business applications such as m-banking [13][14]. These new applications raise new security issues to smartphone users, including the client-side security when engaged in online transactions and privacy protection of personal sensitive data stored in the phone [9]. The current protection mechanisms of these devices are usually based either on PIN codes, passwords,

or biometric-based methods, such as fingerprints [19][32] or IRIS [23][24]. Both fingerprints and password entry are intrusive in the sense that they require explicit action from the user, which is not convenient in frequent use. According to recent surveys [20][27][28], 60% to 80% of users choose to turn these verification features off simply because of its inconvenience. In order to improve the security of the mobile devices, non-intrusive authentication mechanisms are desirable [5].

Recently, many biometric modalities are proposed as non-intrusive authentication methods for smartphone users. References [7] and [12] proposed a gait-based authentication mechanism based on the accelerometer of the device attached to the user. This mechanism is useful when the user is in some forms of motion activities such as walking. Conti et al. proposed to use both accelerometer and orientation sensor to authenticate a smartphone user when answering (or placing) a phone call [6]. Six sets of data sensed by the two sensors, (the values of x, y, and z-axis from the accelerometer, and the values of pitch, roll, and yaw from the orientation sensor), are analyzed using dynamic time warping (DTW) algorithm. Shi et al. introduced a non-intrusive multi-modality authentication system that was based on four different smartphone sensors, the microphone, GPS, touch screen, and accelerometer. One sensor is activated to continuously authenticate the user in one out of four usages conditions [26]. For example, accelerometer is used while the user is walking, and the touch screen sensor is used to monitor user’s touching activities while he/she is engaged in some applications. (We therefore refer to this type of applications as touch screen applications.) Recent surveys showed that smartphones are used more frequently for touch screen applications than the telecommunication [13][14]. We observe that people tend to have unique ways of holding and operating their smartphones. The holding posture can be represented by the pitch and roll values of the orientation sensors. We further observe that flicking or clicking on the touch screen causes vibration of the smartphone; and the

This work was partially supported by the National Science Council of R.O.C. under Contract Nos. 100-2218-E-008-003 and 100-2218-E-008-004 and Software Research Center of National Central University.

2012 IEEE Sixth International Conference on Software Security and Reliability

978-0-7695-4742-8/12 $26.00 © 2012 IEEE

DOI 10.1109/SERE.2012.37

245

degree of this vibration depends on the finger agility of a user. To model this type of user’s biometrics require more sophisticate features than the raw data such as the values of the orientation sensors. In this paper, we proposed 53 new features based on the readings of the orientation sensor to capture the behavioral biometrics of smartphone users.

The goal of this paper is to investigate the feasibility of using behavioral biometrics collected from the orientation sensor to authenticate smartphone users. We seek answers of the following questions:

1. How accurate can this non-intrusive authentication be? 2. What features that are captured from the orientation

sensor are more effective than others in building the proposed authentication mechanism?

3. Are there features more effective in authenticating one user than other people?

To demonstrate the feasibility of the proposed approach, an app has been implemented on the Android™ 2.2 operating system [15] to collect the biometrics from the orientation sensor of 11 users when they operate the smartphones in their hands. For each smartphone user, an authentication model is constructed based on 53 new features representing behavioral biometrics that includes the movements of wrist flexion (or extension), the forearm pronation (or supination), and the wrist radial (or ulnar) [21][30].

To construct the authentication model, stepwise linear regression is used to select a good feature set for each participant, and k-nearest neighbor (KNN) is used as the classification algorithm. A commonly used strategy of cross-validation, namely leave-one-person-out, is used [10]. Besides, the majority vote based on a few of the classification results of the KNN is employed to improve the authentication accuracy. Our empirical results with respect to twenty participants show that the proposed approach has an equal error rate of about 6.85% when the number of votes is seven.

Our work evaluates the feasibility of using biometrics from orientation sensor to authenticate users engaged in relatively stationary activities, such as holding the device to perform business transactions. At a broad level, authentication mechanisms based on physiological approaches typically show better performance than behavioral models [3][11]. Recent studies, however, show that several behavioral modalities can be combined to provide satisfactory performance, comparing with physiological modalities, such as fingerprints [19][32] or IRIS [23][24]. It should be noted that we do not propose the proposed orientation sensor model as a replacement or sole mechanism of authentication but rather as a complementary mechanism that can be used to improve security in hand-held devices. Users can still use strong biometrics or password explicitly when authenticating for the first time. Then, the orientation biometric can be applied implicitly for re-verification in a continuous authentication manner.

II. THE PROPOSED APPROACH In this section, the orientation sensor, the structure of the

wrist, orientation-sensor-based features, data collection, and system modeling are presented as follows.

A. The Orientation Sensor The orientation sensor is a common device of a

smartphone. The orientation sensor is used to obtain the orientation of a smartphone with respect to three axes, namely, x-, y-, and z-axis as depicted in Fig. 1.

Figure 1. An illustration of the three axes of an orientation sensor with respect to a smartphone.

The definitions of the three axes are described as follows [22].

• The angle around the x-axis is referred to the azimuth and often used to implement a digital compass. When the smartphone is toward the north, the azimuth is 0° or 360°. The azimuth is 90°, 180°, and 270° when the smartphone is toward the east, the south, and the west, respectively.

• The angle around the y-axis is the pitch angle of a smartphone. The pitch angle of a smartphone is 0° when the smartphone is lying faceup, -90° when it is upright, 90° when it is upside down, and 180° or -180° while it is lying facedown.

• The angle around the z-axis is the roll angle of a smartphone, which represents the sideways tilt between -90° and 90°. When the screen of a smartphone faces left, the roll angle is -90°. The roll angle is 90° when the screen faces right. While the roll angle is 0°, the smartphone is lying faceup.

B. The Structure of the Wrist To define the orientation-sensor-based feature, we must

know the relationship between the wrist motion and the reading of orientation sensor while a user holds and operates a smartphone. As shown in Figures 2 to 4, our wrist offers three dimensions of freedom. In anatomical terms, they are the wrist flexion and extension, the supination and the pronation, and finally, the wrist radial and ulnar deviation [21][30].

Wrist extension is the upward movement of the wrist to which results in the palm facing outward, while wrist flexion is the downward or inward movement of the wrist which results in the palm facing inward (shown in Fig. 2). Both movements reduce available strength; however flexion can cause up to 55% reduction in strength at just 25° of motion from a neutral position. The movement in this dimension corresponds to the pitch direction (y-axis) of the orientation sensor.

246

Figure 2. The wrist flexion and extension

Supination is to rotate the forearm so that the palm faces forward. Pronation is to rotate the forearm so that the palm faces backward. The movement in this dimension corresponds to the roll direction (z-axis) of the orientation sensor (shown in Fig. 3).

Figure 3. The Supination & the Pronation

Radial and ulnar deviation is the side-to-side movement of the hand at the wrist, toward or away from the thumb. Radial deviation causes up to a 20% reduction in hand strength with just 25° of motion from a neutral position. At 40% ulnar deviation a similar drop in available strength is observed (shown in Fig. 4). The movement in this dimension corresponds to the Azimuth direction (x-axis) of the orientation sensor.

Figure 4. The wrist radial and ulnar deviation

The precision of the orientation sensor can reach within 1° in accuracy. We further observe that a user interacts with the smartphone through his/her fingertips via clicking or sliding on the touch panel. These interactions result in vibrations of the wrist in all three dimensions, and they are reflected on the

readings of the orientation sensor in terms of ranges, variances, velocity, and acceleration in three axes as shown in Figures 2-4. Generally speaking, the vibration ranges from -90° to 30° in pitch direction, -60° to 60° in roll direction, and 0° to 20° in Azimuth direction.

C. Orientation-sensor-based Features In addition to these angles, a combination of the pitch and

the roll angle is adopted due to the fact that the movement of the wrist and forearm are often physically dependent on each other. This combined angle is defined as:

2 2combined angle w y z= + , (1)

where y and z are the pitch and the roll angle, respectively. In summary, the roll, pitch, and the combined angle may reflect the habit and stability of a user for holding and/or operating a smartphone. The average, maximum, minimum of the three angles may reflect the habit, and the range and the standard deviation of the three angles may be related to the stability. Besides, the motion characteristics in general are related to the agility of a user. Thus, similar features defined by the angle velocity and the angle acceleration are also adopted. Since a flick is often conducted in a short period of time, the standard deviation of the angle acceleration is usually unstable and thus not used.

TABLE I. ADOPTED ORIENTATION FEATURES

Features Feature Type

Original Velocity Acceleration

Pitch (y-axis)

Average (y) ( y) ( y) Maximum y) y) Minimum y) y)

Range y) y) Standard Deviation y) n/a

Roll (z-axis)

Average (z) ( z) ( z) Maximum z) z) Minimum z) z)

Range z) z) Standard Deviation z) n/a

A combination of the pitch and the roll

angle

Average (w) ( w) ( w) Maximum w) w) Minimum w) w)

Range w) w) Standard Deviation w) n/a

Azimuth (x-axis)

Average n/a ( x) ( x) Maximum n/a x) x) Minimum n/a x) x)

Range x) x) Standard Deviation x) n/a

n/a: not applicable

Different from the values of pitch and roll, the Azimuth values represents the direction that the user currently faces, which has little to do with user’s behavioral patterns. However, the range and/or the deviation of the Azimuth values represent the movement (or vibration) in a horizontal direction, when the user flicks the touch screen to the left or right direction (see Fig.

247

4). Therefore, we include these features into our model. Accordingly, a total of 53 features, shown in Table I, are defined for the orientation-sensor-based biometrics. (The formula used to calculate these features are shown in Appendix A.)

D. Data Collection The touch gesture of smartphone apps can be classified into

several types: left-right flick, up-down flick, spread, pinch, etc. we find the first two types as shown in Fig. 5 and Fig. 6 are by far the most commonly used gestures in all apps. We therefore design an app on HTC™ [17] Wildfire with Android™ 2.2 platform [15] to collect user’s behavioral biometrics of these flicks from the orientation sensor.

As shown in Fig. 5, the up-down flicks may be used to collect the holding behavior while a user conducts a vertical flick motion of her/his finger. The left-right flicks, shown in Fig. 6, is used to collect the holding behavior while a user slides her/his finger over the screen horizontally. Once a user’s finger touches the screen of the smartphone, the app continuously collects the orientation-sensor-based features at a sampling rate of about 30 Hz until her/his finger does not touch the screen for a while. To collect experimental data, the participant was asked to sit down on a chair. Fig. 7 shows one of our participants sitting on a chair and operating the designed app for data collection.

Figure 5. up-down flicks Figure 6. left- right flicks

Figure 7. Experimetal Setup.

E. System Modeling In the learning phase, stepwise linear regression is adopted

to select a good feature subset from the 53 features for each participant, and the KNN classifier is used for classification. Each participant has an individual authentication model. The KNN classifier classifies a query sample by the k training samples nearest to the query sample. In our experiments, the k nearest training examples around a query sample are defined by the Euclidian distance. Since the experimental results with respect to k = 1, 3, 5, and 7 are similar, we only show the results with respect to k = 5 for simplicity. In the test phase, the majority voting [25] is adopted for improving the accuracy of the KNN classifier.

III. EXPERIMENTAL RESULTS Twenty participants including 16 males and 4 females

jointed this experiment. They range in ages from 18 to 40 years old, and have different smartphone experiences. Two data sets were collected: one is for the up-down flick and the other is for the left-right flick. These participants used the same smartphone to produce a total of 37,400 samples for each of the two data sets. The collected data were stored in embedded storage of the smartphone. Each participant conducted about 1,800 flick samples for each data set. About 3.8 percent of the samples were abandoned due to the operation duration less than 100 milliseconds.

In this experiment, the proposed approach was evaluated by three performance measures: the false acceptance rate (FAR), the false rejection rate (FRR), and equal error rate (EER). The FAR represents the percentage of times a system falsely accepting an imposter; the FRR represents the percentage of times a system falsely rejecting a genuine user; and the EER represents a rate that the FRR is equal to the FAR. This rate has become an important measurement to evaluate the performance of a biometric system. These three performance measures were estimated by the leave-one-person-out strategy based on the results of 200 runs. For each run, the training set contains 450 samples, and the test set has 500 samples. In addition, for each sample set, the numbers of the positive sample and the negative sample were equal.

Fig. 8 and Fig. 9 show the receiver operating characteristic (ROC) curve of the proposed approach with respect to the two data sets, where the FAR and the FRR with respect to different numbers of classification results for the majority vote are shown. In this study, a test sample is classified as a positive if the positive receives two-thirds of the votes. We have found that the performance rises as the number of votes increases. The ERR is about 6.85% when the number of votes is seven.

IV. DISCUSSION AND APPLICATIONS

A. Effectiveness analysis of the proposed features To demonstrate the effectiveness of the proposed features,

about half of our participants were randomly selected. Table II and Table III present the features selected to build the authentication models for the two applications, the up-down flicks and the left-right flicks, respectively. The rows of the two tables are the features used in the models for eleven

248

participants. We notice that only a few features are needed to build authentication models with satisfactory performance. For example, the up-down flicks models uses 4 to 8 features with 6.6 features in average, and the left-right flicks models uses 3 to 8 features with 6.45 features in average.

The last rows of both tables indicate the number counts of the features used in the authentication models of the eleven users. We find out that only one feature in each table (or each application) is universally effective in the sense that such feature is used in most models. They are the standard deviation of Azimuth axis (x) and the average angle in Pitch axis (y) for up-down flicks models and left-right flicks models, respectively. More than one third of the features, on the other hand, are not used in any of the users’ models; i.e., 19 and 18 out of 53 features are not used as shown in the tables. The rest of the features are not used frequently either. Table II shows that 33 features are used in 1 to 4 models with 2 in average. Similar observation can be made in Table III.

Based on the analysis, we conclude that users do have their own ways to hold the smartphones while using the applications loaded on the devices. We further analyze those features that are not selected in any models as shown in Appendix B and Appendix C. We can conclude that most of the acceleration related features and some of the velocity related features are not effective in discriminating the genuine user from the other users (or attackers). We further observe that the intensity of the vibration caused by sliding the small touch panel of a smartphone tends to be small for all users. This observation may explain why the acceleration related features are not helpful.

B. The limitations The ideal situation is that the person holds and operates the

smartphone in a similar style all the time. We did not address this issue in this paper. It is important to verify if impersonation attack can be improved by training of the hostile users; are there such users whose hold-and-operate style is relatively easy to mimic? Are there such attackers who can easily mimic other people? In Doddington et al. [8] terms, whether there are any “lambs” or “wolves” users in hold-and-operate mimicking.

Besides, there are several scenarios that influence the holding and operating behaviors of smartphone users. For

example, a user uses the other hand instead of his/her regular one to operate the smartphone. In this situation, we believe that the most of the behavior-based authentication systems have to investigate substitute solutions to resolve the irregular behaviors of the genuine users. One of our substitute solutions is to collect the new behavior of the genuine user and rebuild his/her authentication model for security system. We therefore don’t address the exception issues in this paper.

C. The application of the proposed approach The applications of the hold-and-operate biometric can

include authentication and access control. It has been reported that the physiological approaches typically show better performance than behavioral models [3][11]. Table IV summarizes the performance of existing biometrics including both physiological ones as well as behavioral ones. The accuracy of the orientation sensor-based biometrics is not comparable with the strong biometric modalities such as fingerprints. It should be noted, however, that we do not propose orientation sensor as a replacement or sole mechanism of authentication but rather as a complementary mechanism that can be used to improve security in hand-held devices. Users can still use strong biometrics or password explicitly when authenticating for the first time. Then, orientation biometric can be applied implicitly for re-verification in a continuous authentication scenario.

Recent studies show that the performance of the proposed mechanism can be improved when it is combined with other types of authenticators [12]. Reference [29] has reported that combine two modalities, i.e., gait and voice, can improve the EER up to 1%~2.5% under various conditions, which is significant improvement over any single modality. This performance is also close to some modality based on strong biometrics, such as the fingerprint.

In order to reduce the inconvenience for the genuine users, one can set operating threshold of the system such that FRR is very low or zero, and FAR is medium to high levels, e.g., at a ZeroFRR. The zeroFRR is the minimum FAR, where FRR is zero. In our model, the zeroFRR is about 28%. This suggests that orientation biometric provides additional level of security, about 72% of attackers, which compromise first authentication, can be detected without causing usability inconvenience that would not be possible without this added level.

Figure 8. Experimental results of up-down flicks.

Figure 9. Experimental results of left-right flicks.

249

TABLE II. THE DISTRIBUTION OF INDIVIDUAL FEATURES USED ON UP-DOWN FLICKS MODEL

TABLE III. THE DISTRIBUTION OF INDIVIDUAL FEATURES USED ON LEFT-RIGHT FLICKS MODEL

TABLE IV. PERFORMANCE OF VARIOUS BIOMETRICS

Biometrics Performance, % Participants

Phys

iolo

gica

l IRIS [23] [24] Fingerprint [19] [32] Palmprint [24][31] Face [16][24] Voice [24]

EER = 0.0259 EER = 3.2 EER = 0.19 FRR = 16; FAR = 16 FRR = 7; FAR = 7

n/a n/a n/a n/a n/a

Beh

avio

ral Signature [18]

Keystroke [2][4] Mouse [1][25] Gait [12]

EER = 0.99-1.07 FRR = 4; FAR = 0.01 FRR = 2.461; FAR = 2.464 EER = 5 to 9

94 154, 32

22, 15-22 21

n/a: not applicable

V. CONCLUSIONS In this work, we propose a novel non-intrusive

authentication approach based on the orientation sensor of a smartphone. In this approach, we define 53 new features transformed from the readings of the orientation sensor. We have implemented an app for collecting orientation-sensor-based features. The experimental results indicate that the proposed approach is feasible.

We further discussed the effectiveness of the 53 features to find that the feature subset selected to build an effective authentication model is generally small for a given user. We also showed that the proposed mechanism can be used together

with existing intrusive mechanisms, such as password and/or fingerprints, to build a more robust authentication framework for smartphone users.

VI. FUTURE WORKS Currently, this work is a preliminary study, and will be

improved in several directions. First, experiments with more participants will be conducted. For example, experiments with 50 participants may provide more promising results. Second, the orientation-sensor-based features based on multiple types of flick motion will be adopted. Third, the effect of users’ postures on the proposed approach will be studied. Therefore, the general postures (e.g. resting, sitting, standing, walking, and lying on/in bed) will be discussed.

APPENDICES

Appendix A The adopted features (shown in Table I) are calculated for

each flick operation. Suppose that a flick operation contains a sequence of n raw angular data di, i=1, 2, …, n, where d is a raw angular data in x, y, z, or w axis as defined in Section 2. The formulas (2) and (3) are used to calculate velocity or acceleration of the angular data di denoted as d and d, respectively.

250

1

1

i

i id

i i

d d

t tυ −

−

−=

− (2)

1

1

i i

i

d dd

i it tα υ υ −

−

−=

−

(3)

where d∈{y, x, z, w}, i=1, 2, …, n, with timestamp ti.

The followings are the formulas to calculate the adopted features: average, maximum, minimum, range, or standard deviation of the raw angular data (d), the velocity ( d), and the acceleration ( d). They are calculated as (f), (f), (f), (f), and (f) respectively with f∈{d, d , d}.

( ) 1 n

iif

fn

μ ==

(4)

( ) max( )if fδ = , i=1, 2, …, n (5)

( ) m in( )if fε = , i=1, 2, …, n

(6)

( ) ( ) ( ) | |f f fφ δ ε= − (7)

( ) ( ) 21( )

1

nii

f ff

nμ

σ =−

=− (8)

where f is a type of features, f∈{d, d , d}.

Appendix B The 19 features, which were made bold in word, are not

selected in any models of the up-down flicks.

Core Features Feature Type

Original Velocity Acceleration

Pitch (y-axis)

Average (y) ( y) ( y) Maximum y) y) Minimum y) y)

Range y) y) Standard Deviation y) n/a

Roll (z-axis)

Average (z) ( z) ( z) Maximum z) z) Minimum z) z)

Range z) z) Standard Deviation z) n/a

A combination of the pitch and the roll

angle

Average (w) ( w) ( w) Maximum w) w) Minimum w) w)

Range w) w) Standard Deviation w) n/a

Azimuth (x-axis)

Average n/a ( x) ( x) Maximum n/a x) x) Minimum n/a x) x)

Range x) x) Standard Deviation x) n/a

n/a: not applicable

Appendix C The 18 features, which were made bold in word, are not

selected in any models of the left-right flicks.

Core Features Feature Type

Original Velocity Acceleration

Pitch (y-axis)

Average (y) ( y) ( y) Maximum y) y) Minimum y) y)

Range y) y) Standard Deviation y) n/a

Roll (z-axis)

Average (z) ( z) ( z) Maximum z) z) Minimum z) z)

Range z) z) Standard Deviation z) n/a

A combination of the pitch and the roll

angle

Average (w) ( w) ( w) Maximum w) w) Minimum w) w)

Range w) w) Standard Deviation w) n/a

Azimuth (x-axis)

Average n/a ( x) ( x) Maximum n/a x) x) Minimum n/a x) x)

Range x) x) Standard Deviation x) n/a

n/a: not applicable

REFERENCES [1] A.A.E. Ahmed, and I. Traore, “A New Biometric Technology Based on

Mouse Dynamics,” IEEE Trans. on Dependable and Secure Computing, vol. 4, no. 3, pp. 165-179, 2007.

[2] F. Bergadano, D. Guneti, and C. Picardi, “User Authentication through Keystroke Dynamics,” ACM Trans. Information and System Security, vol. 5, no. 4, pp. 367-397 2002.

[3] R. Bolle, J.H. Connell, and N.K. Ratha, “Biometric perils and patches ” Pattern Recognition, vol. 35, pp. 2727-2738, 2002.

[4] N. Clarke, and S. Furnell, “Authenticating mobile phone users using keystroke analysis,” Int. J. Inf. Secur., vol. 6, pp.1-14, 2007.

[5] N. Clarke, S. Karatzouni, and S. Furnell, “Flexible and transparent user authentication for mobile devices,” IFIP Advances in Information and Communication Technology, 297/2009, 1-12, 2009.

[6] M. Conti, I. Z. Zlatea, and B. Crispo, “Mind how you answer me!: transparently authenticating the user of a smartphone when answering or placing a call.” In Proceedings of the 6th ACM Symposium on Information, Computer, and Communications Security, (ASIACCS '11). ACM, New York, NY, USA. pp. 249-259, March 22–24, 2011.

[7] M.O. Derawi, P. Bours, and K. Holien, “Improved Cycle Detection for Accelerometer Based Gait Authentication,” Intelligent Information Hiding and Multimedia Signal Processing (IIH-MSP), 2010 Sixth International Conference on. pp. 312-317, 2010.

[8] G. Doddington, W. Liggett, A. Martin, M. Przybocki, and D. Reynolds, “Sheep, goats, lambs and wolves a statistical analysis of speaker performance in the NIST 1998 speaker recognition evaluation,” in 5th International Conference on Spoken Language Processing, 1998.

[9] M.N. Doja, and N. Kumar, “User authentication schemes for mobile and handheld devices,” INFOCOMP Journal of Computer Science, vol. 7, no. 4, pp.38-47, 2008.

[10] B. Efron, and R. Tibshirani, “Improvements on cross-validation: The .632 + Bootstrap Method,” Journal of the American Statistical Association, vol. 92, no. 438, pp. 548–560, June 1997.

251

[11] S. Furnell, N. Clarke, and S. Karatzouni, “Beyound the PIN: Enhancing user authentication for mobile devices,” Computer Fraud & Security, pp. 12-17, August2008

[12] D. Gafurov, K. Helkala, and T. Søndrol, “Biometric Gait Authentication Using Accelerometer Sensor,” Journal of Computers, vol. 1, pp.51-59, October/November 2006.

[13] Gartner Inc. “Gartner Says Number of mobile payment users worldwide to Increase 70 percent in 2009.” May 28, 2009 Press Releases. available from: http://www.gartner.com/it/page.jsp?id=995812 (2011/11/11).

[14] Gartner Inc. “Gartner identifies the top 10 consumer mobile applications for 2012.” November 18, 2009 Press Releases. available from: http://www.gartner.com/it/page.jsp?id=1230413 (2011/11/11).

[15] Google Inc. Android™ Platform. available from: http://www.android.com/, and http://developer.android.com/index.html (2011/11/11).

[16] Google. Inc. Face Recognition on Android™ (4.0 Ice Cream Sandwich). available from: https://sites.google.com/site/androidfacerecognition/Home (2011/11/11).

[17] HTC. Smartphone. available from: http://www.htc.com/us/products (2011/11/28).

[18] A. Kholmatov and B. Yanikoglu, “Identity authentication using improved online signature verification method,” Pattern Recognition Letters, vol. 26, no. 15, pp. 2400–2408, 2005.

[19] D. Maio, D. Maltoni, R. Capelli, J.L. Wayman, and A.K. Jain, “FVC2000: Fingerprint Verification Competition,” IEEE Trans. Pattern Analysis and Machine Intelligence, vol. 24, no. 3, pp. 402-412, Mar. 2002.

[20] O. Mazhelis, J. Markuula, and J. Veijalainen, “An integrated identity verification system for mobile erminals,” Information Management & Computer Security, vol. 13, no. 5, pp. 367-378, 2005.

[21] Medtrng.com. Postures and Direction of Movement. available from: http://www.medtrng.com/posturesdirection.htm (2011/12/23).

[22] R. Meier, Professional Android™ 2 Application Development. Wiley Publishing Inc., 2010. ISBN:978-0-470-56552-0.

[23] D.M. Monro, S. Rakshit, and D. Zhang, “DCT-Based iris recognition,” IEEE Transactions on Pattern Analysis and Machine Intelligence, vol. 29, no. 4, pp. 586-595, 2007.

[24] L. O’Gorman, “Comparing Passwords, Tokens, and Biometrics for User Authentication,” Proc. IEEE, vol. 91, no. 12, pp. 2021-2040, Dec. 2003.

[25] K. Revett, H. Jahankhani, S. Magalhães, and H. Santos, “A survey of user authentication based on mouse dynamics,” Communications in Computer and Information Science (Global E-Security), vol. 12, pp. 210-219, 2008.

[26] W. Shi, J. Yang, Y. Jiang, F. Yang, and Y. Xiong , “SenGuard: Passive User Identification on Smartphones Using Multiple Sensors.” 2011 IEEE 7th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob), Shanghai, China. pp. 141-148, 2011.

[27] Smart Credit. “Consumer Reports survey on mobile phones and security.” 2011 Press. available from: http://www.smartcredit.com/blog/2011/09/02/consumer-reports-survey-on-mobile-phones-and-security/ (2011/11/15).

[28] C. Theriault, “Survey says 70% don't password-protect mobiles.” 2011 Press. available from: http://nakedsecurity.sophos.com/2011/08/09/free-sophos-mobile-security-toolkit/ (2011/11/11).

[29] E. Vildjiounaite, S.M. Makela, M. Lindholm, V. Kyllonen, H. Ailisto, “Increasing Security of Mobile Devices by Decreasing User Effort in Verification,” Systems and Networks Communications, 2007. ICSNC 2007. Second International Conference on, Cap Esterel, 25-31 Aug. 2007, pp.80-80.

[30] VistaLab Technologies, Common Injuries, available from: http://www.vistalab.com/commoninjuries.asp (2011/12/23).

[31] X. Wu, K Wang, and D Zhang, “Palmprint texture analysis using derivative of gaussian filters,” in: Proceedings of 2006 International Conferenceon Computational Intelligence and Security, pp.751–754, 2006.

[32] Y.L. Zhang, J. Yang, and H.T. Wu, “Sweep fingerprint sequence reconstruction for portable devices”, Electronics Letters, vol. 42, no. 4, pp. 204-205, 2006.

252