A First Approach to Authentication Based on Artiﬁcial Intelligence for Touch-Screen Devices †

: Most authentication schemes follow a classical approach, where the users are authenticated only once at the beginning of their sessions. Therefore, it is not possible to verify the legitimate use of such a session or to detect any usurpation. In order to address this issue, we propose a second-phase authentication scheme that provides not only continuous user authentication during their sessions, but also in a transparent manner, since no additional or intrusive hardware is required. To this purpose, a novel approach was applied to create speciﬁc user proﬁles by means of different Artiﬁcial Intelligence techniques. In this work, we aim to study the feasibility of such an authentication scheme, so that it could be applied to a real time environment in order to verify the identity of the actual user against the legitimate user proﬁle.


Introduction
Since the beginning of Information Technologies, authentication models have been an essential component for information security [1] and they have been adapted to the new devices and technologies that have appeared over the years, such as mobile phones, which are nowadays an indispensable tool to perform any daily operation. However, the authentication mechanisms commonly used present certain issues that can lead to security incidents related to weak or lost passwords. For these reasons, new and more secure authentication systems [2,3], such as the biometric ones, have been implemented, making use of unique human traits as passwords. Even so, these authentication systems continue to present a common problem, since they only verify the legitimacy of the user at the beginning of the session and not during it.
In this work, we propose a continuous authentication model which is based on the monitorization of the users' behavior [4] during the usage of a mobile device. Such a model is presented as a second authentication factor, which verifies the legitimacy of the user in a transparent manner, being able to detect if the user who is making use of the session is the one that was originally authenticated. For this purpose, it was necessary to create a multiplatform application that gathers data from the available motion sensors (mainly, accelerometer and gyroscope) and the touch-screen to generate a specific profile for each user by means of Artificial Intelligence (AI) techniques.

Methods
In order to conduct this experiment, we developed an application that collects information from the events associated with the use of the device. Those events related to motion sensors were grouped in time windows, whereas the touch-screen ones were grouped into gestures (swipe, rotate, tap, press, pinch, and pan) in order to seek for patterns to authenticate users. The data collected over three months were processed to extract a set of features, but first we needed to carefully analyze and treat such data in order to fit them to the classification techniques that were used. Some processes performed were the treatment of null and empty values, data standardization, definition of numerical/categorical variables, as well as feature extraction and selection.
Following this procedure, we obtained around 50 genuine features and many polynomial derived ones. Hence, feature selection was a key task in this phase and different techniques, such Random Forest or Recursive Feature Elimination processes, were used to assign different weights to the features, so that the most relevant ones could be identified in order to build the models.
Then we can feed some different well-known classification techniques (such as Random Forest [5], Support Vector Machines [6] and Multi-layer Perceptrons [7]) with the selected features in order to create a profile for each legitimate user in the system. These techniques require a training process so that they can appropriately fit the data, and the best configuration for each one was determined via hyper-parameterization and cross-validation procedures. Table 1 shows different common metrics used for classification tasks (accuracy, precision, recall and F1 Score). Among those metrics, we considered the precision as the most relevant one for our task, since it measures the number of intrusions into the system. These results show that the average response for our system is over 80% in terms of precision, and the F1 score is near 75%. The lowest score is obtained for the recall metric, which measures the identification of legitimate users as impostors.

Conclusions and Future Work
As can be observed in Table 1, it has been demonstrated that a user's behavior can be used for authentication purposes. Although the recall metric shows that there is a considerable ratio of legitimate user misidentification, which may prevent this method as a primary authentication scheme, the obtained precision score encourages us as to its usage as a second authentication scheme that monitors user activity in a continuous and transparent manner over the entire session, since true impostors are usually detected. Such a system may have conservative behavior, and sometimes an alert would be raised for a legitimate user, but it only aims at detecting intrusions into the system once the user is already authenticated by a primary authentication scheme, such as a user/password one. Then, in case any usurpation is detected, the system could require the user to re-authenticate using the primary scheme, or even raise some notifications to the system administrators so that they can take further action.
In order to implement such an authentication scheme, we plan to use a streaming platform capable of handling events in near real time (sending, processing and storing the events for retraining against AI models (Figure 1)), so that the identity of the actual user can be verified in a short-time period. Funding: This work has been mainly funded by the contracts CITIC-ACATIA, and CITIC-ACATIA2 established with the private entity ODEENE Ingeniería.