"While most people are confident that password protecting a phone is sufficient, they tend to choose familiar passwords that are easy to guess," says BGU researcher Liron Ben Kimon. "With our approach, even if someone has the password, they can't replicate a smartphone user’s unique behaviour."
Liron Ben Kimon recently completed her M.Sc. in data mining and business intelligence in the BGU Department of Software and Information Systems Engineering supervised by Prof. Bracha Shapira, Prof. Lior Rokach and. Yisroel Mirsky. She is now a data scientist at Paypal in Beer-Sheva’s Advanced Technologies Park adjacent to the University.
"What is new about this verification method is that the model evaluates the touch pattern sequence," Ben Kimon says. "For example, smartphone users interact with their device while using Google differently than they might type a message, and we can detect that."
Her verification model extracts information from a phone's sensors to identify frequency, pressure and speed of touch combined with the application being used. The programme also computes 30 seconds of recent history, such as which screens a user touched, which buttons were pressed and how much electricity was used.
The researchers culled information from 20 users over a two-week period to develop their model, which shows that unauthorised users can be identified in under 14 seconds with less than 35 screen actions. On average, a user touches the screen 35 times in 13.8 seconds.
"A thief will almost certainly touch the screen more than 35 times to steal information because he is not familiar with an owner's phone settings and apps," Ben Kimon says. "The phone can learn the typical touch and sequence pattern, and lock out an unauthorised user to prevent data theft, or someone you don’t want peeking at your messages.”
The researchers also noted that three million phones were stolen in the United States, and another three million were lost in 2013, according to consumer reports.