User Identification and Authentication on Emerging Interface

The rapid growth of computing devices equipped with novel user interfaces has changed the landscape of security and usability for authentication. Traditional user identification and authentication based on secrets entered via a keyboard are laborious, error-prone and also vulnerable to new threats including shoulder surfing and smudge attacks when used on modern connected devices. On the other hand, these devices are increasingly used in public settings or shared between users. Strong and convenient user identification and authentication mechanisms are needed to protect user information and privacy.;This dissertation explores approaches for new user identification and authentication methods that can provide security while retaining the inherent usability of emerging interfaces. First, we present multiple approaches to identify user types on mobile devices. Specifically, we propose and investigate techniques to identify whether a user is a child or an adult. These techniques can be deployed on shared devices between parents and children, and appropriate actions, such as parental control or child friendly interfaces can be automatically turned on whenever the device detects that a child is using it. Our techniques distinguish children from adults based on behavioral differences while operating a touch-enabled computing device. Behavioral differences are extracted from data recorded by the device's touch screen and built-in sensors. Comprehensive evaluation results are presented to measure the effectiveness of the proposed techniques. Next, we propose and evaluate two new authentication methods, applicable over multiple form factors, for mobile and wearable devices. The first method allows a user to draw a PIN on a touch screen and the second method enables users to tap a memorable rhythm on the screen for authentication. Both methods leverage physical and behavioral traits that are unique to users as the second authentication factor, such as the size of the fingertip or how hard the user typically presses on the screen. As a result, the methods provide security via both secret based and behavioral biometrics-based authentication. Moreover, usability benefits of natural touch interactions are retained. Extensive experiments are presented to evaluate performance, in terms of security and usability of each method.