Feb 27, 2017 · post

Mobile Behavioural Authentication

As mobile devices become central to our personal and professional lives, their security is more and more important. Passcodes in particular can be lost (or forcibly surrendered) to law enforcement. Recent research has focussed on behavioural authentication based on patterns of user interaction. This could provide an unintrusive authentication method that operates during normal use.

Mobile authentication

Figure from Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometric for Continuous Authentication

Research in this field addresses two problems. Is it possible to grant access based on the way a user interacts with a phone? This is gating interaction. And once access is granted, can a system continuously monitor use in the background, requesting reauthentication through a gating system when suspicious activity is detected? This is continuous interaction.

Data Acquisition

To use touch dynamics for authentication, you first have to establish a benchmark of normal user behavior. Current research does this by having subjects type a fixed text or perform gestures on a smartphone. This is repeated a few times to capture variation in behavior. Some researchers run controlled experiments while others try to mirror real life usage scenarios. As an example, Tao Feng and collaborators recruited 40 subjects to perform common gestures such as zooming and spread.

The raw data obtained from the touch display can then be used directly or massaged to obtain timing, spatial and motion features. The extracted features are used to generate a unique user representation. Machine learning classifiers are then used to authenticate a user.


When a touch event occurs on a screen, the operating system records sensor information, which can be accessed through the phone’s API. The API also reports timestamps, which can be manipulated to provide information on dwell and flight time (time the finger stays on a virtual key, and time between presses), and spatial features such as touch size, pressure, and position. Touch size and pressure are normalized values and are usually used without manipulation. On the other hand, position can be used raw or manipulated to provide information on speed, angle, and distance.

The phone’s accelerometer and gyroscope provide yet more user-specific information. The accelerometer measures movement in three dimensions, while the gyroscope measures the rotation.

For gating authentication, many researchers use timing as the only feature, but some combine timing with spatial and motion information. Mario Frank and collaborators propose 30 features based on strokes for continuous authentication. A stroke is a trajectory encoded as a sequence of vectors with location, timestamp, pressure, area occluded by the finger, orientation of the finger, and orientation of the phone. Tao Feng and collaborators complement strokes with zooming motions and finger motion sensor data from a digital glove.

Machine Learning

The collected features can then be used to train a machine learning system and classify future users. Gating and continuous authentication research use algorithms like clustering, decision trees, Support Vector Machines (SVMs), and neural networks. For example, Mario Frank and collaborators used SVMs and clustering, specifically k nearest neighbor (kNN), as classifiers. During training, the SVMs constructs a hyperplane to separate out the user and everyone else. The hyperparameters of its radial basis function (a real-valued function which measures distance) are tuned using standard crossvalidation techniques. The kNN classifier looks at each new observation, finds the k nearest training examples, and determines the label of the majority of those k neighbors. The new observation is then assigned that label. SVM takes time to train but only stores the decision hyperplane. kNN is quick, but but must store all training observations and labels. Both storage and CPU are at a premium in a mobile device, but experimental results show that the SVM generally outperforms the kNN for this use case.


False acceptance rate (FAR) and false rejection rate (FRR) are the usual performance metrics for probabilistic authentication systems. FAR is the fraction of intruders that are incorrectly authenticated. FRR is the fraction of authentic users that are incorrectly rejected. A system with high FAR is very insecure while one with high FRR is overly sensitive. In a continuous authentication system, high FRR means that valid users need to reauthenticate too often.

The point where FAR and FRR are equal is known as the Equal Error Rate (ERR). Ideally both FAR and FRR should be low. But when that’s not possible, you can tune the classifier to prioritise one or the other, depending on the application.

What’s next?

It’s currently possible to build a touch-based authentication system with an ERR of less than 5% (see reviews by Teh et al. and Patel et al.). For gating authentication purposes this is too high, but it could be appropriate for continuous authentication.

We think the most useful next step would be the release of large, public datasets. Current datasets are small and mostly proprietary which makes progress slow and difficult to measure. Large public datasets would likely require collaboration between academia and device manufacturers. And it’s time to start thinking about performance not just in terms of accuracy but also computational expense. If you think your phone’s battery drains quickly today, wait until you’ve got a neural network running in the background all the time! Finally — and perhaps most interestingly — the trade off between usability, security and privacy needs to be better understood from a product and user point of view.

Read more

Mar 9, 2017 · whitepaper
Feb 9, 2017 · announcement

Latest posts

Nov 15, 2022 · newsletter

CFFL November Newsletter

November 2022 Perhaps November conjures thoughts of holiday feasts and festivities, but for us, it’s the perfect time to chew the fat about machine learning! Make room on your plate for a peek behind the scenes into our current research on harnessing synthetic image generation to improve classification tasks. And, as usual, we reflect on our favorite reads of the month. New Research! In the first half of this year, we focused on natural language processing with our Text Style Transfer blog series. more
Nov 14, 2022 · post

Implementing CycleGAN

by Michael Gallaspy · Introduction This post documents the first part of a research effort to quantify the impact of synthetic data augmentation in training a deep learning model for detecting manufacturing defects on steel surfaces. We chose to generate synthetic data using CycleGAN,1 an architecture involving several networks that jointly learn a mapping between two image domains from unpaired examples (I’ll elaborate below). Research from recent years has demonstrated improvement on tasks like defect detection2 and image segmentation3 by augmenting real image data sets with synthetic data, since deep learning algorithms require massive amounts of data, and data collection can easily become a bottleneck. more
Oct 20, 2022 · newsletter

CFFL October Newsletter

October 2022 We’ve got another action-packed newsletter for October! Highlights this month include the re-release of a classic CFFL research report, an example-heavy tutorial on Dask for distributed ML, and our picks for the best reads of the month. Open Data Science Conference Cloudera Fast Forward Labs will be at ODSC West near San Fransisco on November 1st-3rd, 2022! If you’ll be in the Bay Area, don’t miss Andrew and Melanie who will be presenting our recent research on Neutralizing Subjectivity Bias with HuggingFace Transformers. more
Sep 21, 2022 · newsletter

CFFL September Newsletter

September 2022 Welcome to the September edition of the Cloudera Fast Forward Labs newsletter. This month we’re talking about ethics and we have all kinds of goodies to share including the final installment of our Text Style Transfer series and a couple of offerings from our newest research engineer. Throw in some choice must-reads and an ASR demo, and you’ve got yourself an action-packed newsletter! New Research! Ethical Considerations When Designing an NLG System In the final post of our blog series on Text Style Transfer, we discuss some ethical considerations when working with natural language generation systems, and describe the design of our prototype application: Exploring Intelligent Writing Assistance. more
Sep 8, 2022 · post

Thought experiment: Human-centric machine learning for comic book creation

by Michael Gallaspy · This post has a companion piece: Ethics Sheet for AI-assisted Comic Book Art Generation I want to make a comic book. Actually, I want to make tools for making comic books. See, the problem is, I can’t draw too good. I mean, I’m working on it. Check out these self portraits drawn 6 months apart: Left: “Sad Face”. February 2022. Right: “Eyyyy”. August 2022. But I have a long way to go until my illustrations would be considered professional quality, notwithstanding the time it would take me to develop the many other skills needed for making comic books. more
Aug 18, 2022 · newsletter

CFFL August Newsletter

August 2022 Welcome to the August edition of the Cloudera Fast Forward Labs newsletter. This month we’re thrilled to introduce a new member of the FFL team, share TWO new applied machine learning prototypes we’ve built, and, as always, offer up some intriguing reads. New Research Engineer! If you’re a regular reader of our newsletter, you likely noticed that we’ve been searching for new research engineers to join the Cloudera Fast Forward Labs team. more

Popular posts

Oct 30, 2019 · newsletter
Exciting Applications of Graph Neural Networks
Nov 14, 2018 · post
Federated learning: distributed machine learning with data locality and privacy
Apr 10, 2018 · post
PyTorch for Recommenders 101
Oct 4, 2017 · post
First Look: Using Three.js for 2D Data Visualization
Aug 22, 2016 · whitepaper
Under the Hood of the Variational Autoencoder (in Prose and Code)
Feb 24, 2016 · post
"Hello world" in Keras (or, Scikit-learn versus Keras)


In-depth guides to specific machine learning capabilities


Machine learning prototypes and interactive notebooks

ASR with Whisper

Explore the capabilities of OpenAI's Whisper for automatic speech recognition by creating your own voice recordings!


A usable library for question answering on large datasets.

Explain BERT for Question Answering Models

Tensorflow 2.0 notebook to explain and visualize a HuggingFace BERT for Question Answering model.

NLP for Question Answering

Ongoing posts and code documenting the process of building a question answering model.

Cloudera Fast Forward Labs

Making the recently possible useful.

Cloudera Fast Forward Labs is an applied machine learning research group. Our mission is to empower enterprise data science practitioners to apply emergent academic research to production machine learning use cases in practical and socially responsible ways, while also driving innovation through the Cloudera ecosystem. Our team brings thoughtful, creative, and diverse perspectives to deeply researched work. In this way, we strive to help organizations make the most of their ML investment as well as educate and inspire the broader machine learning and data science community.

Cloudera   Blog   Twitter

©2022 Cloudera, Inc. All rights reserved.