TY - GEN
T1 - TouchTrack
T2 - 24th ACM SIGSAC Conference on Computer and Communications Security, CCS 2017
AU - Masood, Rahat
AU - Zhao, Benjamin Zi Hao
AU - Asghar, Hassan Jameel
AU - Kaafar, Mohamed Ali
PY - 2017/10/30
Y1 - 2017/10/30
N2 - This paper studies a privacy threat induced by the collection and monitoring of a user's touch gestures on touchscreen devices. The threat is a new form of persistent tracking which we refer to as touch-based trackingž. It goes beyond tracking of virtual identities and has the potential for cross-device tracking as well as identifying multiple users using the same device. To demonstrate the likelihood of touch-based tracking, we propose an information theoretic method that quantiies the amount of information revealed by individual features of gestures, samples of gestures as well as samples of gesture combinations, when modelled as feature vectors. We have also developed a purpose-built app, named TouchTrackž that collects data from users and informs them on how unique they are when interacting with their touch devices. Our results from 89 diferent users indicate that writing samples and left swipes can reveal 73.7% and 68.6% of user information, respectively. Combining diferent combinations of gestures results in higher uniqueness, with the combination of keystrokes, swipes and writing revealing up to 98.5% of information about users. We correctly re-identify returning users with a success rate of more than 90%.
AB - This paper studies a privacy threat induced by the collection and monitoring of a user's touch gestures on touchscreen devices. The threat is a new form of persistent tracking which we refer to as touch-based trackingž. It goes beyond tracking of virtual identities and has the potential for cross-device tracking as well as identifying multiple users using the same device. To demonstrate the likelihood of touch-based tracking, we propose an information theoretic method that quantiies the amount of information revealed by individual features of gestures, samples of gestures as well as samples of gesture combinations, when modelled as feature vectors. We have also developed a purpose-built app, named TouchTrackž that collects data from users and informs them on how unique they are when interacting with their touch devices. Our results from 89 diferent users indicate that writing samples and left swipes can reveal 73.7% and 68.6% of user information, respectively. Combining diferent combinations of gestures results in higher uniqueness, with the combination of keystrokes, swipes and writing revealing up to 98.5% of information about users. We correctly re-identify returning users with a success rate of more than 90%.
KW - Behavioural Biometrics
KW - Mobile Privacy
KW - Touch Gestures
KW - Touch-based Tracking
UR - http://www.scopus.com/inward/record.url?scp=85041432235&partnerID=8YFLogxK
U2 - 10.1145/3133956.3138850
DO - 10.1145/3133956.3138850
M3 - Conference proceeding contribution
AN - SCOPUS:85041432235
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 2555
EP - 2557
BT - CCS 2017
PB - Association for Computing Machinery
Y2 - 30 October 2017 through 3 November 2017
ER -