Biometric Authentication Technique Using

Smartphone Sensor

Asadullah Laghari, Waheed-ur-Rehman, Dr. Zulfiqar Ali Memon

Department of Computer Science
Sukkur Institute of Business Administration
Pakistan

Abstract— User identity theft is a growing challenge for security senses the motion of phone in all three dimensions [2]. Hence
of electronic systems. Traditional authentication techniques such this data is sufficient to provide adequate features to uniquely
as password and PIN code are more vulnerable to this problem. identify a person.
On the other hand, biometric authentication techniques are safer
as compared to password identification for authentication II. RELATED WORK
purpose. Biometric techniques use certain characteristics of Several authentication techniques that use the
human to authenticate the legitimate user. This paper presents a accelerometer of wearable devices or smartphones has been
biometric authentication mechanism using motion sensor of
studied. One of them uses biometric gait recognition to
smart phone. The user has to perform signature by moving his
authenticate user on smartphones [3]. This work was
phone, the motion pattern is detected using accelerometer of the
smartphone. We have used the concepts of signal matching for participated by 51 volunteers who carried the smartphone in
identification mechanism. Results depict that legitimate user can their pocket over the hip and gait data was collected. This work
be identified using a certain level of error threshold. resulted into the error rate of 20%.
Similar research was also carried out by [4]. Gait data was
Keywords—biometric; accelerometer; smartphone; collected from 31 participants. The gait data was mixed with
authentication system; password confidentiality the voice data that was collected simultaneously with the gait
data. It was observed that the gait plus voice recognition
I. INTRODUCTION performed better than the voice recognition alone.
The biometric authentication techniques such as fingerprint Accelerometer data was also used by [5] to identify certain
scanning, retina scanning or face detection are considered more characteristics of user such as height and weight. The
secure than the contemporary authentication mechanisms, such experiment was performed by volunteers who carried
as PIN, passwords, smart card technology or even pattern locks smartphone during walk. The data was collected for a short
in the smartphones. Conventional authentication mechanisms distance walk and it was used to identify the characteristics of
including graphical or alphanumeric passwords require that the volunteer. Another research was carried out to uniquely
user remembers the unique combination of password. identify the trajectory of mobile phone picking-up by using
Moreover, the confidentiality of the password is also a major unique features extracted from the accelerometer data of
concern in security systems. Password or PIN based smartphone [6].
authentication mechanisms can also be cracked by using guess
or brute force dictionary. Biometric authentications provide The robustness of signature recognition systems based on
improved reliability and usability because unlike conventional accelerometer was studied by [7]. Multiple temporal distance
methods, it needs not to be remembered. Biometric techniques algorithms were analyzed on a database of 50 users. It was
are either categorized as physiological (i.e. fingerprint scanning observed that DTW performed better than LCS. However, the
or retina scanning etc.) or behavioral such as voice. author did not implement the recognition technique for any
Handwritten Signature also belongs to behavioral biometrics. It user login system.
is one of the oldest and most widely used method for
authentication of a person on a document [1]. III. SYSTEM DESCRIPTION
This paper is aimed to build a user authentication The proposed system architecture is based on three tiers as
mechanism, in which the legitimate user is authenticated by depicted in Fig. 1. First tier is the user end. The user uses
identifying the features from his signature. The signature, smartphone to perform his signature in the air. The mobile
unlike the traditional hand written signature, has to be phone is carried by the user in his hand while he performs the
performed in air by holding the smartphone in hand. We have signature. The data of motion sensed by the accelerometer is
utilized the built in sensor of acceleration (i.e. accelerometer) then sent to the server for authentication. Server, which is the
in the smartphone to identify the pattern of motion of user’s second tier, applies matching algorithm to identify the user.
hand in the air. Accelerometer is quite common sensor and is The data generated by user is matched with the pre-set
available in almost all the smartphones. The accelerometer


ª

*&&&

3URFHHGLQJVRIWK,QWHUQDWLRQDO%KXUEDQ&RQIHUHQFHRQ$SSOLHG6FLHQFHV 7HFKQRORJ\,%&$67 

,VODPDEDG3DNLVWDQWK±WK-DQXDU\
templates of signature stored in the database. The database is volunteer is shown in the Fig. 3. Data generated by the
the third tier of the system. accelerometer also includes Gaussian noise which can disturb
the authentication process. Hence the variation in acceleration
Server End which is less than 0.2 m.s-2 are omitted.

User End
Fig. 3. Accelerometer data of a volunteer plotted against time. The graph
depicts variations in all three components of motion

V. SERVER END

Fig. 1. Architecture of the proposed authentication system A java based server is developed that is connected to the
user via TCP on the transport layer. Since accelerometer data is
a very long string of values, therefore a reliable connection is
IV. USER END preferred. Server receives username and signature data from
A. Accelerometer the user and matches them with data templates in the database.
User is authenticated if signature data matches with the
Motion capturing sensors (accelerometers) are rapidly
template for the provided username. Server allows the user to
becoming a key function in consumer electronic devices
try the signature three times in case if the authentication is
including smartphone. Accelerometer is a device used to
failed. If the user fails three times, the user device is blocked
measure the acceleration of a moving object. Acceleration is
by its MAC address for next one hour. This process further
the rate at which velocity of object is changed. Accelerometer
enhances the reliability of the system.
of the smartphone measure acceleration of the phone in all
three axes of the phone and gives a tri-axial data of mobile VI. USER AUTHENTICATION PROCEDURE
phone motion. The electronic accelerometer uses piezoelectric
properties of element [8]. Smartphone accelerometer acts as a A. User Registration
spring mess system as shown in Fig. 2. When it experiences the As the first step, the user is required to register himself to
acceleration, the mass is displaced. The mass accelerates at the system using the android application. User is asked for a
same rate as smartphone. Now this mechanical motion is unique username and then he has to perform his signature 5
converted into electrical signals that are sensed and measured times repeatedly. All the 5 signatures are stored against the
[9]. username of the user. First, the system cross correlates all 5
signature. Maxima of all cross-correlation signals results are
calculated and the lowest maximum is set to be the decision
threshold.
B. Authentication process
Fig. 2 Ideal Spring Mass System, k is constant factor characteristic of the User can log in to the system using his own unique
spring [10]. username and signature. User inputs his username in the
interface of the android application as shown in Fig. 4. To
B. Software Setup
record the signature, user has to press the GO button and then
An android application was developed that uses the perform his signature in the air. Data collected from the
accelerometer to collect the user signature data. User needs to accelerometer will appear in the text box. The application
run the application for the authentication process. When user sends username and the recorded data from accelerometer to
holds his smartphone in his hand perform his signature, the the server. Upon receiving this data, the server queries the
accelerometer reads the changes in acceleration. Signature of a available templates for the provided username from the

3URFHHGLQJVRIWK,QWHUQDWLRQDO%KXUEDQ&RQIHUHQFHRQ$SSOLHG6FLHQFHV 7HFKQRORJ\,%&$67 

,VODPDEDG3DNLVWDQWK±WK-DQXDU\
database. Server cross-correlates the received signature with all signature submitted during authentication has to be matched
templates. If more than 3 maxima of all cross-correlated signals with all five of them. Cross-correlation of a signature can be
satisfy the decision threshold, the user is allowed to login. This mathematically written as
process is depicted in Fig. 5. ஶ
‫ܥ‬௫௡ ൌ ‫ି׬‬ஶ ݂௡‫ כ‬ሺ‫ݐ‬ሻ ‫ݎ‬௫ ሺ‫ ݐ‬൅ ߬ሻ݀‫ݐ‬
ஶ
‫ܥ‬௬௡ ൌ ‫ି׬‬ஶ ݃௡‫ כ‬ሺ‫ݐ‬ሻ ‫ݎ‬௬ ሺ‫ ݐ‬൅ ߬ሻ݀‫ݐ‬
ஶ
‫ܥ‬௭௡ ൌ ‫ି׬‬ஶ ݄ଵ‫ כ‬ሺ‫ݐ‬ሻ ‫ݎ‬௭ ሺ‫ ݐ‬൅ ߬ሻ݀‫ݐ‬

In above equations,”௫ , ”௬ and ”௭ are x, y and z components

of the received signature for authentication. ݂ǡ ݄݃ܽ݊݀ are the
x, y and z components of the template signatures, n is the
number of template and C is cross-correlated signal. It was
observed that cross-correlation result of a signature of
legitimate user with its signature templates is greater than that
of illegitimate user as shown in the graph in Fig. 6.
VIII.EXPERIMENT AND RESULTS
The android application was installed in HTC mobile.
Authentication process was carried out by 10 volunteers. Same
device was used for all the volunteers. Each volunteer
performed his signature 6 times, hence 60 signatures were
Fig. 4. User interface of the android application developed for the proposed observed. False Accept rate of the overall system is 1.46% and
system.
False Rejection Rate is 6.87%.

User performs 5
User enters username and
signatures on
performs signature
smartphone

Server: Cross- Server: Signature is cross-

correlation of all correlated with all 5
5 signatures templates

Server: Setting up Comparing result with

threshold threshold

All 5 signatures If result > threshold: Log in Fig. 6. Cross-correlation of signatures of legitimate user and illegitimate user
stored in with the signature template
Database else repeat the process
IX. CONCLUSION
(a) (b)
Volunteers found it easy to use. This technique is more
Fig. 5. (a) New user registration process, (b) User authentication process secure than traditional username password and similar kind of
methods. This is also more confidential than graphical
VII.CROSS CORRELATION OF SIGNATURE passwords, since graphical techniques are less confidential and
Accelerometer of the smartphone provides data obtained prone to shoulder surfing. The result of this method is
for all three axes separately. Therefore, data of each axis is to favorable. The FRR was observerd to be 6.87% and FAR was
be matched with its corresponding axis in the template data. 1.46%. However, this method can further be improved by
The data for each axis can be plotted as function of time as increasing numbers of features from the collected data.
shown in Fig 3. Since against each username, there are five Frequency analysis of the signature signal can also be
signatures that were stored during the registration process, the performed to make the authentication more accurate.

3URFHHGLQJVRIWK,QWHUQDWLRQDO%KXUEDQ&RQIHUHQFHRQ$SSOLHG6FLHQFHV 7HFKQRORJ\,%&$67 

,VODPDEDG3DNLVWDQWK±WK-DQXDU\
 ACKNOWLEDGMENT devices," in Pervasive Computing, ed: Springer,
We are thankful to the faculty members of FFC (Fauji 2006, pp. 187-201.
Fertilizer Company) School, who participated as volunteers for [5] G. M. Weiss and J. W. Lockhart, "Identifying user
signature trials on our proposed system. Any opinion, finding, traits by mining smart phone accelerometer data," in
conclusion or recommendation expressed in the research article Proceedings of the Fifth International Workshop on
are those of authors only and do not reflect the volunteers. Knowledge Discovery from Sensor Data, 2011, pp.
61-69.
REFERENCES [6] T. Feng, X. Zhao, and W. Shi, "Investigating mobile
device picking-up motion as a novel biometric
[1] R. Doroz and P. Porwik, "Handwritten signature modality," in Biometrics: Theory, Applications and
recognition with adaptive selection of behavioral Systems (BTAS), 2013 IEEE Sixth International
features," in Computer Information Systems–Analysis Conference on, 2013, pp. 1-6.
and Technologies, ed: Springer, 2011, pp. 128-136. [7] J. Guerra-Casanova, C. S. Avila, G. Bailador, and A.
[2] A. J. Aviv, B. Sapp, M. Blaze, and J. M. Smith, de-Santos-Sierra, "Time series distances measures to
"Practicality of accelerometer side channels on analyze in-air signatures to authenticate users on
smartphones," in Proceedings of the 28th Annual mobile phones," in Security Technology (ICCST),
Computer Security Applications Conference, 2012, 2011 IEEE International Carnahan Conference on,
pp. 41-50. 2011, pp. 1-7.
[3] M. O. Derawi, C. Nickel, P. Bours, and C. Busch, [8] P. Scheeper, J. O. Gulløv, and L. M. Kofoed, "A
"Unobtrusive user-authentication on mobile phones piezoelectric triaxial accelerometer," Journal of
using biometric gait recognition," in Intelligent Micromechanics and Microengineering, vol. 6, pp.
Information Hiding and Multimedia Signal 131-133, 1996.
Processing (IIH-MSP), 2010 Sixth International [9] U. A. Bakshi and A. V. Bakshi, "Instrumentation
Conference on, 2010, pp. 306-311. Engineering," ed: Technical Publications Pune, 2009.
[4] E. Vildjiounaite, S.-M. Mäkelä, M. Lindholm, R. [10] G. P. Scavone. (15/10/2015). Vibrating Systems.
Riihimäki, V. Kyllönen, J. Mäntyjärvi, et al., Available:
"Unobtrusive multimodal biometrics for ensuring https://ccrma.stanford.edu/CCRMA/Courses/150/vibr
privacy and information security with personal ating_systems.html

3URFHHGLQJVRIWK,QWHUQDWLRQDO%KXUEDQ&RQIHUHQFHRQ$SSOLHG6FLHQFHV 7HFKQRORJ\,%&$67 

,VODPDEDG3DNLVWDQWK±WK-DQXDU\