An implicit yet continuous authentication is relatively a new way to silently observe and authenticate a user, while the device is being used. This mechanism is gaining considerable attention in research community for authenticating portable devices such as laptops, tablets and mobile phones. A number of implicit and continuous authentication methods have been proposed for tracking and identifying users of mobile and wearable devices. These methods are mostly based on behavioral biometrics, such as keystrokes, writing, and touch screens.
TouchTrack postulates the other side of the coin i.e. inherent distinguishability of behavioral biometrics (in particular when considering touch-screen devices), which constitute a major privacy threat of tracking a real (physical) identity of a person.
This project is mostly inspired from the work done by Electronic Frontier Foundation (EFF) on Panopticlick project and by Microsoft and RSA Laboratories on Host Fingerprinting project (both on browser fingerprinting), and our previous work on the uniqueness of usernames and online social public profiles. Our gesture-based tracking method is fundamentally different from previous work. Although gesture-based behavioural biometrics have been used for continuous authentication, they have not been studied in the context of privacy and tracking. Implicit behavioral mobile tracking is noteworthy because most of the gestures are well integrated into touch devices and could be easily exploited without the need of specialized hardware or software.
TouchTrack aims to investigate, identify, and combat new privacy threats on mobile devices through the quantification and analysis of user behavioral biometrics. It revolves around the groundbreaking idea that ‘User Behavioral Gestures’ contain sufficient information to uniquely identify the real identity of a person, subsequently leading to threats of physical tracking and privacy leakage. The project quantifies inherent risks of user tracking capabilities by proposing a framework that estimates the uniqueness of touch screen behavioral biometrics, across mobile devices. In essence, the common theme of TouchTrack is to extract salient touch features via characterizations and to use specialized statistical methods/algorithms to prove privacy risk associated with behavioral biometrics.
To learn more about the methodology of TouchTrack, please refer to About TouchTrack.
This work is supported by Commonwealth Scientific and Industrial Research Organisation (CSIRO).