SMAUG: Secure Mobile Authentication Using Gestures

We present SMAUG (Secure Mobile Authentication Using Gestures), a novel biometric assisted authentication algorithm for mobile devices that is solely based on data collected from multiple sensors that are usually installed on modern devices -- touch screen, gyroscope and accelerometer. As opposed to existing approaches, our system supports a fully flexible user input such as free-form gestures, multi-touch, and arbitrary amount of strokes. Our experiments confirm that this approach provides a high level of robustness and security. More precisely, in 77% of all our test cases over all gestures considered, a user has been correctly identified during the first authentication attempt and in 99% after the third attempt, while an attacker has been detected in 97% of all test cases. As an example, gestures that have a good balance between complexity and usability, e.g., drawing a two parallel lines using two fingers at the same time, 100% success rate after three login attempts and 97% impostor detection rate were given. We stress that we consider the strongest possible attacker model: an attacker is not only allowed to monitor the legitimate user during the authentication process, but also receives additional information on the biometric properties, for example pressure, speed, rotation, and acceleration. We see this method as a significant step beyond existing authentication methods that can be deployed directly to devices in use without the need of additional hardware.