Behavioral Authentication on Chinese Handwriting

Abstract

Authentication in cybersecurity is the process of determining whether someone or something is virtually who or what claims to be. There are three factors of authentication: something the user knows, something the user has and something the user is. It is common for a phone to utilize one of the three factors to authenticate the user. User defined passwords and graphical patterns are commonly used by early model of smartphone to authenticate the users' identity and protect the phone from unauthorized use. But are they as secure as we thought? An unauthorized user could easily gain access to our phone by all means. For instance, our passwords could be leaked if we are not cautious enough. Hacker could try to search for our password via brute force if it is not strong enough. An intruder could even trace the oil mark on our phone's screen to recreate our pattern of choice. However, these methods require users who are willing to make efforts in deciding a long and complicated password and pattern. Apart from the reliance on user's discipline, tying the same password or drawing the same pattern every time we unlock the phone can be utterly inconvenient.

To further secure our device and improve user experience, many phone companies started to include some sensors on the phone which makes authenticating user by scanning their biometrics possible. Since our fingerprints and face are a part of our body, it will be difficult for any unauthorized user to obtain data about our biometrics. However, both biometrics and traditional password or graphical pattern have the same security flaw. They are the single point of failure. Conventional smartphones only authenticate users at the initial unlock session. Once the phone is unlocked, the user can access all function freely no matter whether they are the actual phone owner or not. As such, we need to offer a solution to verify if this person is the actual owner of the phone despite of successful initial authentication.

Developing a mobile application that keeps track of the phone owner's behavioral biometrics and constantly tracks for abnormal or inconsistent behavior is a viable way to address the problem. Even though a hacker might trick the system in the initial phone unlock, the constant monitoring of user behavioral biometrics will soon reveal that he is not the actual owner of the phone. The objective of the project is to prove the viability of using Chinese handwriting stroke for authentication by developing a continuous authentication method using user' Chinese handwriting stroke as a behavioral biometrics. Through constant comparison between the Chinese handwriting of the current user and that of the phone owner. the application aims to provide a transparent and continuous authentication method, ensuring that the phone is still being used by the actual phone owner.