PushPIN: A Pressure-Based Behavioral Biometric Authentication System for Smartwatches

Abstract

Smartwatches support diverse applications but suffer from security issues due to their limited resources; their small size poorly supports the rich, accurate input required for screen lock authentication. Additionally, traditional approaches to unlocking smart devices, such as Personal identification number, are highly susceptible to attacks such as guessing and video observation. Therefore, we propose PushPIN, a novel scheme that combines knowledge-based and behavioral biometric approaches to increase security. Input symbols are composed of the selection of one of four different targets with one of five different pressure levels, for a total of 20 possibilities. We complement this passcode by capturing behavioral biometric features from screen touches and wrist motion during input. We present two studies to assess the performance of PushPIN. The first assesses both usability and security against a random guessing attack. It shows acceptable usability-recall times of approximately 8 s and no errors-and strong security: equal error rates of 0.51%. The second study examines the resistance of PushPIN against a video observation attack, ultimately revealing that 36.67% of PushPINs could be cracked, performance that represents a substantial improvement over prior work on pressure-based authentication input. We conclude that pressure-based input can increase the security, while maintaining reasonable usability, of smartwatch lock systems.