Authentication of Smartphone Users Using Behavioral Biometrics

Authentication of Smartphone Users Using Behavioral Biometrics


Smartphones and tablets have become ubiquitous in our daily lives. Smartphones, in particular, have become more than personal assistants. These devices have provided new avenues for consumers to play, work and socialize whenever and wherever they want. Smartphones are small in size; so they are easy to handle and to stow and carry in users’ pockets or purses. However, mobile devices are also susceptible to various problems. One of the greatest concerns is the possibility of breach in security and privacy if the device is seized by an outside party. It is possible that threats can come from friends as well as strangers. Due to the size of smart devices, they can be easily lost and may expose details of users’ private lives. In addition, this might enable pervasive observation or imitation of one’s movements and activities, such as sending messages to contacts, accessing private communication, shopping with a credit card, and relaying information about where one has been. This paper highlights the potential risks that occur when smartphones are stolen or seized, discusses the concept of continuous authentication, and analyzes current approaches and mechanisms of behavioral biometrics with respect to methodology, associated datasets and evaluation approaches.

PROJECT OUTPUT VIDEO: (Click the below link to see the project output video):


  • We summarize existing studies which propose significant solutions for smartphone authentication by discussing the following points:
  • The amount of the data the authors use,
  • The types of classifiers the authors choose, and
  • The results the authors obtain.
  • Protecting the security and privacy of smartphone users against unauthorized access is very important and has become a crucial area of research.
  • Researchers from both academia and industry have proposed mechanisms to ensure security and privacy of sensitive information.


  • The security of mobile devices continues to be a major concern for manufacturers and users alike.
  • They are easy to evade, weak against shoulder surfing and other attacks and cumbersome to use.
  • Most widely-used authentication techniques for mobile devices are vulnerable, including PINs and patterns.
  • Authentication methods fail to detect and identify an intruder once he or she has passed the point of entry. These methods are also deficient in dealing with various non-conventional attacks such as smudge attack.


  • In this paper, we plan to comprehensively review the state-of-the-art in smartphone authentication focusing on types of behavioral biometrics.
  • We discuss the development of several behavior biometric approaches that aim to provide continuous authentication for smartphone devices.
  • We characterize each behavioral biometric, outline the algorithms used for recognition and present obtaining results obtained using various techniques for comparison.
  • We present a summary of these studies and introduce open problems and future work in continuous authentication.


  • An easy way to access mobile devices with few interruptions once the owner wants to use the device.
  • Balancing between security and usability to provide easy use of the device and offer high level of security at the same time.
  • Making continuous authentication based on application usage can be one way to enhance security and privacy.


Authentication of Smartphone Users


  • Authentication
  • Hand waving Based Authentication
  • Wave-to-Access
  • Keystroke Based Authentication



Authentication is the process used to validate the true user of a system. Authentication, in the context of security, takes into account three primary stages.

1) Knowledge-based, which uses something unique to an individual: This type of entity could be a password, answer to a security question, or an ID number that a user must know.

 2) Possession for object-based, which uses something one possesses in a physical sense: The prevalent examples of this type are a security token, an ID card or another trusted device.

3) Biometric, which denotes a physical or behavioral characteristic: This can be represented by one or more physical or behavioral attributes. Common examples are fingerprints and keystroke dynamic models of the owner of the device.

4) Pin Authentication:

  • Two Type of passwords: PIN and a complicated alphanumeric password. The main goal for this application is to capture key events and inter-keystroke latencies.

Hand waving Based Authentication:

Identifying users based on wave gesture has gained attention recently. Hand-waving behavior is the waving pattern of a person. In other words, it can be used to distinguish users because different individual, while interacting with the phone or not, the movement of hand holding the phone is difficult for different people wave differently. For example, many people use their hands to wave in a gentle way while others wave drastically when an individual waves while holding a smartphone. Several features can be used to distinguish among users. These include speed, frequency, waving range and the wrist twisting.


Wave-to-Access based on waving gestures to prevent malware attack on smartphones. This approach uses a lightweight ambient light sensor that is built in smartphones, to analyze phone dialing behavior. The authorized user has to wave his/her hand in front of the phone order to make a call.

Keystroke Based Authentication:

Validating the nature of typing motion is one of the oldest methods to validate users. This technique analyzes keystrokes to determine authorized and unauthorized users. Typing motion or keystrokes can be used to detect and identify the user based on his/her manner of typing. Typing motion is divided into static and dynamic typing. In static typing, participants are asked to type a short and pre-defined text to compare motion information, while in dynamic typing, the subject is not required to type a specific string.



  • System : Pentium Dual Core.
  • Hard Disk : 120 GB.
  • Monitor : 15’’ LED
  • Input Devices : Keyboard, Mouse
  • Ram : 1 GB


  • Operating system : Windows 7.
  • Coding Language : Android,JAVA
  • Toolkit : Android 2.3 ABOVE
  • IDE :         Android Studio


Abdulaziz Alzubaidi and Jugal Kalita, “Authentication of Smartphone Users Using Behavioral Biometrics”, IEEE COMMUNICATIONS SURVEYS AND TUTORIALS, 2016.  

About the Author

Leave a Reply