TouchWB: Touch behavioral user authentication based on web browsing on smartphones

Modern mobile devices especially smartphones have rapidly evolved and are widely adopted by people of different ages. Smartphones can assist users in a variety of activities, i.e., from social networking to online shopping, but also have become an attractive target for cyber-criminals due to the stored personal data and sensitive information. The traditional authentication mechanisms like PIN suffer from well-known limitations and drawbacks in the security community; thus, touch behavioral authentication has recently received much attention. Intuitively, authentication based on free touches would be hard to build a stand-alone system. In this work, we advocate that such authentication can consider users' actions under certain phone applications like web browser, and then propose a touch gesture-based authentication scheme, called TouchWB, with 21 features that can be extracted from web browsing gestures. For evaluation, we implemented the scheme on Android phones and conducted a user study involving 48 participants. Experimental results demonstrated that our approach could reduce the touch behavioral deviation by nearly half and achieve an average error rate of about 2.4% by using a combined classifier of PSO-RBFN.