It's All in the Touch: Authenticating Users with HOST Gestures on Multi-Touch Screen Devices

As smartphones proliferate, secure and user-friendly authentication methods are increasingly critical. Existing behavioral biometrics, however, are often compromised by behavior variability, leading to poor authentication accuracy and an unsatisfactory user experience. To fill this gap, we propose BIOHOLD, a new robust and reliable user authentication method, fusing finger behavior and hand geometry, captured via a smartphone's multitouch screen during natural holding gestures. It synergistically fuses behavioral and physiological biometrics. In contrast to traditional methods that require restrictive, unnatural user patterns, our approach utilizes a stable, natural gesture for authentication, effectively mitigating behavior variability. It enables one-handed authentication through familiar smartphone-holding and unlocking gestures. During this interaction, hand geometry and behavioral characteristics are recorded for subsequent authentication. We evaluate our method using a dataset collected from 20 subjects, demonstrating its resilience against behavioral variability over time while maintaining a high level of distinctiveness. With only 10 training samples, our method achieves an equal error rate of 3.59%, which improves to 1.25% with 40 training samples. Importantly, our method is resistant to common security threats such as zero-effort attacks, smudge attacks, and shoulder surfing attacks. A usability study confirms the method's high user acceptance, as measured by the system usability score. © 2024 IEEE.