A Survey on Smartphone Authentication



The growing use of smartphones is actuating the need for better protection. Practically, smartphone users are often not adequately alert when it comes to protection of their credentials stored in the phones, even if they are very much concerned about security, reliability and privacy. To efficiently reduce smartphone vulnerability, an appropriate authentication which does not create more of a burden to users is required. In consequence, the three novel authentication premises that are typically used to authenticate users: something you know, something you have, and something you are, are examined. The basics of smartphone architecture are introduced. The strengths and limitations of each technique are highlighted, while several comprehensive solutions have been presented to encourage smartphone users to understand the capabilities of their current systems. A discussion on real-world experience of those techniques is also proffered as an open challenge to magnify the aftermath.



Authentication, security, smartphone, vulnerability

Full Text:



V Kaushik. What’s New in the World of Tapps, Techaheadblog, Available at: http://www.techaheadcorp.com/blog/technology/ten-countries-with-the-maximum-number-of-smart-phone-users, accessed September 2013.

JM Watts. Thailand is Buying Record Numbers of Smartphones, but it’s Facebook that People Really Want, Quartz, Available at: http://qz.com/98395/thailand-is-buying-record-numbers-of-smartphones-but-its-facebook-that-people-really-want/#, accessed September 2013.

MF Islam and MN Islam. A biometrics-based secure architecture for mobile computing. In: Proceedings of the 2012 IEEE Long Island Systems, Applications and Technology Conference. Farmingdale, NY, 2012, p. 1-5.

L Roalter, S Diewald, A Moller, T Stockinger, M Kranz and A Smith. Smartphone adoption and usage. Available at: http://pewinternet.org/Reports/2011/Smartphones.aspx, accessed September 2013.

A Hang, F Hennecke, S Löhmann, M Maurer, H Palleis, S Rümelin, EV Zezschwitz, AButz and H Hussmann. User Behavior, Technical Report. University of Munich, 2012.

T Dirflinger, A Voth, J Krimer and R Fromm. “My smartphone is a safe!”, The user’s point of view regarding novel authentication methods and gradual security levels on smartphones. In: Proceedings of the 2010 International Conference on Security and Cryptography, Athens, 2010, p. 1-10.

H Bojinov and D Boneh. Mobile Token-Based Authentication on a Budget. Phoenix, Arizona, 2011, p. 14-9.

A Gluhak and R Tafazolli. A survey on smartphone-based systems for opportunistic user context recognition. ACM Comput. Surv. 2013; 45, Article ID 27.

DH Titterton and JL Weston. Strapdown Inertial Navigation Technology. 2nd ed. Institution of Electrical Engineers, New York, 2002.

JS Yi, YS Choi, JA Jacko and A Sears. Context awareness via a single device-attached accelerometer during mobile computing. In: Proceedings of the 7th International Conference on Human Computer Interaction with Mobile Devices & Services. NY, USA, 2005, p. 303-6.

Wikipedia, the free encyclopedia, Available at: http://en.wikipedia.org/wiki, accessed October 2013.

PJ Phillips, A Martin, CL Wilson and M Przybocki. An introduction to evaluating biometric systems. Computer 2000; 33, 56-63.

T Kuseler and IA Lami. Using geographical location as an authentication factor to enhance mCommerce applications on smartphones. Int. J. Comput. Sci. Secur. 2012; 6, 277-87.

E Ferro and F Potorti. Bluetooth and wi-fi wireless protocols: A survey and a comparison. IEEE Wirel. Comm. 2005; 12, 12-26.

GPS Overview, Available at: http://www.csr.utexas.edu/texas_pwv/midterm/gabor/gps.html, accessed October 2013.

E Kanjo, J Bacon, D Roberts and P Landshoff. MobSens: Making smart phones smarter. IEEE Perv. Comput. 2009; 8, 50-7.

M Singhal and S Tapaswi. Software tokens based two factor authentication scheme. Int. J. Inform. Electron. Eng. 2012; 2, 383-6.

N Ben-Asher, H Sieger, A Ben-Oved, N Kirschnick and J Meyer, S Moller. On the need for different security methods on mobile phones. In: Proceedings of the 13th International Conference on Human Computer Interaction with Mobile Devices and Services. Stockholm, Sweden, 2011, p, 465-73.

I Fischer, C Kuo, L Huang and M Frank. Short paper: Smartphones: Not smart enough? In: Proceedings of the 2nd ACM Workshop on Security and Privacy in Smartphones and Mobile Devices. North Carolina, USA, 2012, p. 27-32.

S Wiedenbeck, J Waters, J Birget, A Brodskiy and N Memon. Passpoints: Design and longitudinal evaluation of a graphical password system. Int. J. Human Comput. Stud. 2005; 1, 102-27.

H Hong-Kim, K Hun-Lee and Y Hoon-Jung. A design of authentication strengthening scheme using matrix values of image in smart phone environment. In: Proceedings of the 1st International Conference on Convergence and It’s Application. Korea, 2013, p. 179-82.

WZ Khan, MY Aalsalem and Y Xiang. A graphical password based system for small mobile devices. Int. J. Comput. Sci. Iss. 2011; 8, 145-54.

C Nickel. 2012, Accelerometer-based Biometric Gait Recognition for Authentication on Smartphones. Dissertation, vom Fachbereich Informatik der Technischen Universitiat Darmstadt, Germany.

H Takamizawa and N Tanaka. Authentication system using location information on iPad or smartphone. Int. J. Comput. Theor. Eng. 2012; 4, 153-7.

EV Zezschwitz, A Koslow, AD Luca and H Hussmann. Making graphic-based authentication secure against smudge attacks. In: Proceedings of the 2013 International Conference on Intelligent User Interfaces. Santa Monica, CA, USA, 2013, p. 277-86.

AJ Aviv, K Gibson, E Mossop, M Blaze and JM Smith. Smudge attacks on smartphone touch screens. In: Proceedings of the 4th USENIX Conference on Offensive Technologies. CA, USA, 2010, p. 1-10.

M Nauman and T Ali. TOKEN: Trustable Keystroke-Based Authentication for Web-Based Applications on Smartphones. Springer-Verlag, Berlin-Heidelberg, 2010, p. 286-97.

G Carullo, F Ferrucci and F Sarro. Towards Improving Usability of Authentication Systems Using Smartphones for Logical and Physical Resource Access in a Single Sign-On Environment. Springer-Verlag Berlin Heidelberg, 2012, p. 145-53.

SD Ghogare, SP Jadhav, AR Chadha and HC Patil. Location based authentication: A new approach towards providing security. Int. J. Sci. Res. Publ. 2012; 2, 1-5.

A Bianchi, I Oakley and DS Kwon. Using mobile device screens for authentication. In: Proceedings of the 23rd Australian Computer-Human Interaction Conference. Canberra, Australia, 2011, p. 50-3.

K Dhondge, H Park, BY Choi and S Song. FUEL: Fast, ubiquitous, easy-to-use, and low-cost authentication for smartphones. In: IEEE INFOCOM Student Session. Turin, Italy, 2013.

YG Kim and MS Jun. A design of user authentication system using QR code identifying method. In: Proceedings of the 2011 6th International Conference on Computer Sciences and Convergence Information Technology. Seogwipo, 2011, p. 31-5.

S Dey and D Samanta. Improved feature processing for Iris biometric authentication system. Int. J. Electr. Electron. Eng. 2008; 4, 127-34.

CP Hern and C Torres-Huitzil. A fragile watermarking scheme for image authentication in mobile devices. In: Proceedings of the 2011 8th International Conference on Electrical Engineering Computing Science and Automatic Control. Merida City, 2011, p. 1-6.

W Shi, J Yang, Y Jiang, F Yang and Y Xiong. SenGuard: Passive user identification on smartphones using multiple sensors. In: Proceedings of the IEEE 7th International Conference on Wireless and Mobile Computing, Networking and Communications. Wuhan, 2011, p. 141-8.

AFP Negara, E Kodirov, MFA Abdullah, DJ Choi, GS Lee and S Sayeed. Arm’s flex when responding call for implicit user authentication in smartphone. Int. J. Secur. Its Appl. 2012; 6, 879-83.

AD Luca, A Hang, F Brudy, C Lindner and H Hussmann. Touch me once and I know it’s you! Implicit authentication based on touch screen patterns. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. Texas, USA, 2012, p. 987-96.

JY Hu, CC Sueng, WH Liao and CC Ho. Android-based mobile payment service protected by 3-factor authentication and virtual private ad hoc networking. In: Proceedings of the Communications and Applications Conference Computing. Hong Kong, 2012, p. 111-6.

CC Lin, D Liang, CC Chang and CH Yang. A new non-intrusive authentication method based on the orientation sensor for smartphone users, software security and reliability. In: Proceedings of the IEEE 6th International Conference on Digital Object Identifier. Gaithersburg, MD, 2012, p. 245-52.

C Nickel, T Wirtl and C Busch. Authentication of smartphone users based on the way they walk using k-NN algorithm. In: Proceedings of the 8th International Conference on Intelligent Information Hiding and Multimedia Signal Processing. Piraeus, 2012, p. 16-20.

C Stein, C Nickel and C Busch. Fingerphoto recognition with smartphone cameras. In: Proceedings of the International Conference of the Biometrics Special Interest Group. Darmstadt, 2012, p. 1-12.

TK Wee, N Ramasubbu, D Lo, D Gao and RK Balan. HuMan: Creating memorable fingerprints of mobile users. In: Proceeding of the 2012 IEEE International Conference on Pervasive Computing and Communications Workshops. Lugano, 2012, p. 479-82.

KY Cheng and A Kumar. Contactless finger knuckle identification using smartphones. In: Proceedings of the International Conference of the Biometrics Special Interest Group. Darmstadt, 2012, p. 1-6.

A Fahmi PN, E Kodirov, DJ Choi, GS Lee, MF Azli and AS Sayeed, Implicit authentication based on ear shape biometrics using smartphone camera during a call. In: Proceedings of the IEEE International Conference on Systems, Man, and Cybernetics, Seoul, Korea, 2012.

P J Phillips, A Martin, C Wilson and M Przybocki. An introduction to evaluating biometric systems. Computer 2000, 33, 56-63.

A Zinnen, U Blanke and B Schiele. An analysis of sensor-oriented vs. model-based activity recognition. In: Proceeding of the International Symposium on Wearable Computers. Linz, 2009, 93-100.


  • There are currently no refbacks.


Online ISSN: 2228-835X


Last updated: 13 February 2019