User Tools

Site Tools


Among the research topics of the Security Group, we are investigating the use of behavioral biometrics for user authentication on new generation devices. Existing authentication schemes, e.g., PIN/passwords, face and iris recognition, etc., have shown to be less secure and less usable and users are reluctant to enable them on their devices. Consequently, the research has been diverted to find their usable alternatives.

Human biological data, due to its permanence and uniqueness, can be used as a means of identification, authentication and access control. The use of biological data for the purpose of identity management is termed as biometric recognition or simply biometrics. Physical (based on the physical characteristics) and behavioral (based on behaviors) biometrics are the most popular types. Physical characteristics include fingerprints, hand geometry, iris or retina scans, etc., and behavioral characteristics include keystrokes, gait, signature, voice, etc. Other biometrics use chemical features (based on events that happen in a person's body, measured by e.g., odor or temperature) and cognitive features (based on brain responses to specific stimuli, e.g. odor or sound).

Biometrics has got all the potential to completely replace PINs and passwords because they can be stolen, forgotten, and shared. Biometric authentication has been studied for a long time. Large-scale commercial deployments already exist, such as the fingerprint sensors on laptops and smartphones. However, these deployments are based on physical biometrics, which essentially require explicit user action, hence result in annoying the users. As a results, most of the research about transparent, implicit and unobservable authentication for smartphone's security and access control is based on behavioral biometrics.

Behavioral biometrics offer many advantages over physiological traits. One of the main advantages is that the behavioral patterns can be collected transparently or sometimes even without user's knowledge. More importantly, data collection does not require any special dedicated hardware. However, most of the behaviors are not unique enough to provide accurate user identification but have shown promising results in user verification. Various behavior-based authentication solutions have been tested and evaluated but are yet to be deployed at large scale. One reason is that the performance of many of these schemes is not yet at the same level as physical biometrics. Another reason is that not much attention has been paid to the performance of biometrics under differing or difficult circumstances. For example, gait authentication is typically evaluated by having subjects walk along flat surfaces of corridors in buildings.

We have been developing behavioral-biometric-based solutions that authenticate the users with either minimal or no cooperation from the users. We are designing, prototyping and testing the proposed authentication based on our identified behaviors, i.e., how a person holds her phone, moves her phone, or interact with its touchscreen. We are also performing the comparative evaluation, based on accuracy, performance, and usability, with the state-of-the-art behavioral-biometric-based solutions. All of our solutions exploit the existing hardware (avoiding additional hardware requirement) and hence can be implemented on most of the smartphones available in the market today.


Within the main stream project we covered a number of themes.

  • Authentication for Smartphones, tablets and smartwatches.
  • Securing the behavioral-biometric-template (ongoing)
  • Risk-based adaptive/continuous user authentication schemes(ongoing).


The following is a list of involved people.

we are reachable via email @



Talks and Tutorials

  • Attaullah Buriro. Mobile Biometrics: Towards A Comprehensive Evaluation Methodology. Madrid, Spain. October 2017.Slides
  • Attaullah Buriro. Hold & Sign: A Novel Behavioral Biometrics for Smartphone User Authentication. DistriNET KULeuven, LEuven, Belgium. December 2016.Slides
  • Attaullah Buriro, Bruno Crispo. Behavioral Biometrics for Smartphone User Authentication. Milan Expo, Milan, Italy. September 2015.Slides



  • Attaullah Buriro, Sandeep Gupta, Bruno Crispo, and Filippo Del Frari: DIALERAUTH: A Motion-assisted Touch-based Smartphone User Authentication Scheme, 8th ACM Conference on Data and Application Security and Privacy, Tempe, AZ, USA, March 2018.
  • Sandeep Gupta, Attaullah Buriro, and Bruno Crispo: DriverAuth: Behavioral Biometric-based Driver Authentication Mechanism for On-demand Ride and Ridesharing Infrastructure, Information & Communications Technology Express, ICT Express Journals, 2018
  • Sandeep Gupta, Attaullah Buriro, and Bruno Crispo: Demystifying Authentication Concepts in Smartphones: Ways and Types to Secure Access, Mobile Information Systems (Special Issue), Hindawi Journals, 2018


  • Attaullah Buriro, Zahid Akhtar, Bruno Crispo, and Sandeep Gupta: Mobile Biometrics: Towards A Comprehensive Evaluation Methodology. In Proceedings of The 51st International Carnahan Conference on Security Technology (ICCST-2017), Madrid, Spain. PDF
  • Zahid Akhtar, Attaullah Buriro, Bruno Crispo and Tiago Falk: Multimodal Smartphone User Authentication using Touchstroke, Phone-Movement and Face Patterns. In IEEE Global Conference on Signal and Information Processing (GlobalSIP-2017), Montreal, Canada. PDF
  • Attaullah Buriro, Sandeep Gupta and Bruno Crispo: Evaluation of Motion-based Touch-typing Biometrics for online Banking. In Proceedings of The International Conference of the Biometrics Special Interest Group (BIOSIG-2017), Darmstadt, Germany. PDF
  • Attaullah Buriro, Bruno Crispo and Yury Zhauniarovich: Please hold on: Unobtrusive user authentication using smartphone's built-in sensors. In Proceedings of The IEEE International Conference on Identity, Security and Behavior Analysis (ISBA-2017), Delhi, India. PDF


  • Attaullah Buriro, Bruno Crispo, Filippo Del Frari, Konrad Wrona: Hold and Sign: A Novel Behavioral Biometrics for Smartphone User Authentication. In Proceedings of The Security and Privacy Workshops (SPW-2016), San Jose, CA, USA. PDF
  • Attaullah Buriro, Zahid Akhtar, Bruno Crispo, Filippo Del Frari: Age, Gender and Operating-hand Estimation on Smart Mobile Devices. In International Conference of the Biometrics Special Interest Group (BIOSIG), Darmstadt, Germany. PDF


  • Attaullah Buriro, Bruno Crispo, Filippo Del Frari, Jeffrey Klardie, Konrad Wrona: Itsme: Multi-modal and unobtrusive behavioural user authentication for smartphones. In International Conference on Passwords (PASSWORDS-2015), Cambridge, UK. PDF
  • Attaullah Buriro, Bruno Crispo, Filippo Del Frari, Konrad Wrona: Touchstroke: smartphone user authentication based on touch-typing biometrics. In International Conference on Image Analysis and Processing (ICIAP-2015), Genova, Italy. PDF
behavioral_biometrics.txt · Last modified: 2018/07/12 20:10 by