Biometric Authentication Technique Using
Smartphone Sensor
Asadullah Laghari, Waheed-ur-Rehman, Dr. Zulfiqar Ali Memon
Department of Computer Science
Sukkur Institute of Business Administration
Pakistan
Abstract— User identity theft is a growing challenge for security
of electronic systems. Traditional authentication techniques such
as password and PIN code are more vulnerable to this problem.
On the other hand, biometric authentication techniques are safer
as compared to password identification for authentication
purpose. Biometric techniques use certain characteristics of
human to authenticate the legitimate user. This paper presents a
biometric authentication mechanism using motion sensor of
smart phone. The user has to perform signature by moving his
phone, the motion pattern is detected using accelerometer of the
smartphone. We have used the concepts of signal matching for
identification mechanism. Results depict that legitimate user can
be identified using a certain level of error threshold.
Keywords—biometric; accelerometer; smartphone;
authentication system; password confidentiality
I. INTRODUCTION
The biometric authentication techniques such as fingerprint
scanning, retina scanning or face detection are considered more
secure than the contemporary authentication mechanisms, such
as PIN, passwords, smart card technology or even pattern locks
in the smartphones. Conventional authentication mechanisms
including graphical or alphanumeric passwords require that the
user remembers the unique combination of password.
Moreover, the confidentiality of the password is also a major
concern in security systems. Password or PIN based
authentication mechanisms can also be cracked by using guess
or brute force dictionary. Biometric authentications provide
improved reliability and usability because unlike conventional
methods, it needs not to be remembered. Biometric techniques
are either categorized as physiological (i.e. fingerprint scanning
or retina scanning etc.) or behavioral such as voice.
Handwritten Signature also belongs to behavioral biometrics. It
is one of the oldest and most widely used method for
authentication of a person on a document [1].
This paper is aimed to build a user authentication
mechanism, in which the legitimate user is authenticated by
identifying the features from his signature. The signature,
unlike the traditional hand written signature, has to be
performed in air by holding the smartphone in hand. We have
utilized the built in sensor of acceleration (i.e. accelerometer)
in the smartphone to identify the pattern of motion of user’s
hand in the air. Accelerometer is quite common sensor and is
available in almost all the smartphones. The accelerometer

ª

*&&&
senses the motion of phone in all three dimensions [2]. Hence
this data is sufficient to provide adequate features to uniquely
identify a person.
II. RELATED WORK
Several authentication techniques that use the
accelerometer of wearable devices or smartphones has been
studied. One of them uses biometric gait recognition to
authenticate user on smartphones [3]. This work was
participated by 51 volunteers who carried the smartphone in
their pocket over the hip and gait data was collected. This work
resulted into the error rate of 20%.
Similar research was also carried out by [4]. Gait data was
collected from 31 participants. The gait data was mixed with
the voice data that was collected simultaneously with the gait
data. It was observed that the gait plus voice recognition
performed better than the voice recognition alone.
Accelerometer data was also used by [5] to identify certain
characteristics of user such as height and weight. The
experiment was performed by volunteers who carried
smartphone during walk. The data was collected for a short
distance walk and it was used to identify the characteristics of
volunteer. Another research was carried out to uniquely
identify the trajectory of mobile phone picking-up by using
unique features extracted from the accelerometer data of
smartphone [6].
The robustness of signature recognition systems based on
accelerometer was studied by [7]. Multiple temporal distance
algorithms were analyzed on a database of 50 users. It was
observed that DTW performed better than LCS. However, the
author did not implement the recognition technique for any
user login system.
III. SYSTEM DESCRIPTION
The proposed system architecture is based on three tiers as
depicted in Fig. 1. First tier is the user end. The user uses
smartphone to perform his signature in the air. The mobile
phone is carried by the user in his hand while he performs the
signature. The data of motion sensed by the accelerometer is
then sent to the server for authentication. Server, which is the
second tier, applies matching algorithm to identify the user.
The data generated by user is matched with the pre-set

3URFHHGLQJVRIWK,QWHUQDWLRQDO%KXUEDQ&RQIHUHQFHRQ$SSOLHG6FLHQFHV 7HFKQRORJ\,%&$67 

,VODPDEDG3DNLVWDQWK±WK-DQXDU\
templates of signature stored in the database. The database is
the third tier of the system.
Server End
User End
Fig. 1. Architecture of the proposed authentication system
IV. USER END
A. Accelerometer
Motion capturing sensors (accelerometers) are rapidly
becoming a key function in consumer electronic devices
including smartphone. Accelerometer is a device used to
measure the acceleration of a moving object. Acceleration is
the rate at which velocity of object is changed. Accelerometer
of the smartphone measure acceleration of the phone in all
three axes of the phone and gives a tri-axial data of mobile
phone motion. The electronic accelerometer uses piezoelectric
properties of element [8]. Smartphone accelerometer acts as a
spring mess system as shown in Fig. 2. When it experiences the
acceleration, the mass is displaced. The mass accelerates at
same rate as smartphone. Now this mechanical motion is
converted into electrical signals that are sensed and measured
[9].
Fig. 2 Ideal Spring Mass System, k is constant factor characteristic of the
spring [10].
B. Software Setup
An android application was developed that uses the
accelerometer to collect the user signature data. User needs to
run the application for the authentication process. When user
holds his smartphone in his hand perform his signature, the
accelerometer reads the changes in acceleration. Signature of a
volunteer is shown in the Fig. 3. Data generated by the
accelerometer also includes Gaussian noise which can disturb
the authentication process. Hence the variation in acceleration
which is less than 0.2 m.s-2 are omitted.
Fig. 3. Accelerometer data of a volunteer plotted against time. The graph
depicts variations in all three components of motion
V. SERVER END
A java based server is developed that is connected to the
user via TCP on the transport layer. Since accelerometer data is
a very long string of values, therefore a reliable connection is
preferred. Server receives username and signature data from
the user and matches them with data templates in the database.
User is authenticated if signature data matches with the
template for the provided username. Server allows the user to
try the signature three times in case if the authentication is
failed. If the user fails three times, the user device is blocked
by its MAC address for next one hour. This process further
enhances the reliability of the system.
VI. USER AUTHENTICATION PROCEDURE
A. User Registration
As the first step, the user is required to register himself to
the system using the android application. User is asked for a
unique username and then he has to perform his signature 5
times repeatedly. All the 5 signatures are stored against the
username of the user. First, the system cross correlates all 5
signature. Maxima of all cross-correlation signals results are
calculated and the lowest maximum is set to be the decision
threshold.
B. Authentication process
User can log in to the system using his own unique
username and signature. User inputs his username in the
interface of the android application as shown in Fig. 4. To
record the signature, user has to press the GO button and then
perform his signature in the air. Data collected from the
accelerometer will appear in the text box. The application
sends username and the recorded data from accelerometer to
the server. Upon receiving this data, the server queries the
available templates for the provided username from the

3URFHHGLQJVRIWK,QWHUQDWLRQDO%KXUEDQ&RQIHUHQFHRQ$SSOLHG6FLHQFHV 7HFKQRORJ\,%&$67 

,VODPDEDG3DNLVWDQWK±WK-DQXDU\
database. Server cross-correlates the received signature with all signature submitted during authentication has to be matched
templates. If more than 3 maxima of all cross-correlated signals with all five of them. Cross-correlation of a signature can be
satisfy the decision threshold, the user is allowed to login. This mathematically written as
process is depicted in Fig. 5. ஶ
‫ܥ‬௫௡ ൌ ‫ି׬‬ஶ ݂௡‫ כ‬ሺ‫ݐ‬ሻ ‫ݎ‬௫ ሺ‫ ݐ‬൅ ߬ሻ݀‫ݐ‬
ஶ
‫ܥ‬௬௡ ൌ ‫ି׬‬ஶ ݃௡‫ כ‬ሺ‫ݐ‬ሻ ‫ݎ‬௬ ሺ‫ ݐ‬൅ ߬ሻ݀‫ݐ‬
ஶ
‫ܥ‬௭௡ ൌ ‫ି׬‬ஶ ݄ଵ‫ כ‬ሺ‫ݐ‬ሻ ‫ݎ‬௭ ሺ‫ ݐ‬൅ ߬ሻ݀‫ݐ‬

In above equations,”௫ , ”௬ and ”௭ are x, y and z components

Fig. 4. User interface of the android application developed for the proposed
system.
of the received signature for authentication. ݂ǡ ݄݃ܽ݊݀ are the
x, y and z components of the template signatures, n is the
number of template and C is cross-correlated signal. It was
observed that cross-correlation result of a signature of
legitimate user with its signature templates is greater than that
of illegitimate user as shown in the graph in Fig. 6.
VIII.EXPERIMENT AND RESULTS
The android application was installed in HTC mobile.
Authentication process was carried out by 10 volunteers. Same
device was used for all the volunteers. Each volunteer
performed his signature 6 times, hence 60 signatures were
observed. False Accept rate of the overall system is 1.46% and
False Rejection Rate is 6.87%.

User performs 5
User enters username and
signatures on
performs signature
smartphone

Server: Cross- Server: Signature is cross-

correlation of all correlated with all 5
5 signatures templates

Server: Setting up Comparing result with

threshold threshold

All 5 signatures If result > threshold: Log in Fig. 6. Cross-correlation of signatures of legitimate user and illegitimate user
stored in with the signature template
Database else repeat the process
IX. CONCLUSION
(a) (b)
Volunteers found it easy to use. This technique is more
Fig. 5. (a) New user registration process, (b) User authentication process secure than traditional username password and similar kind of
methods. This is also more confidential than graphical
VII.CROSS CORRELATION OF SIGNATURE passwords, since graphical techniques are less confidential and
Accelerometer of the smartphone provides data obtained prone to shoulder surfing. The result of this method is
for all three axes separately. Therefore, data of each axis is to favorable. The FRR was observerd to be 6.87% and FAR was
be matched with its corresponding axis in the template data. 1.46%. However, this method can further be improved by
The data for each axis can be plotted as function of time as increasing numbers of features from the collected data.
shown in Fig 3. Since against each username, there are five Frequency analysis of the signature signal can also be
signatures that were stored during the registration process, the performed to make the authentication more accurate.

3URFHHGLQJVRIWK,QWHUQDWLRQDO%KXUEDQ&RQIHUHQFHRQ$SSOLHG6FLHQFHV 7HFKQRORJ\,%&$67 

,VODPDEDG3DNLVWDQWK±WK-DQXDU\
 ACKNOWLEDGMENT
We are thankful to the faculty members of FFC (Fauji
Fertilizer Company) School, who participated as volunteers for
signature trials on our proposed system. Any opinion, finding,
conclusion or recommendation expressed in the research article
are those of authors only and do not reflect the volunteers.
REFERENCES
[1] R. Doroz and P. Porwik, "Handwritten signature
recognition with adaptive selection of behavioral
features," in Computer Information Systems–Analysis
and Technologies, ed: Springer, 2011, pp. 128-136.
[2] A. J. Aviv, B. Sapp, M. Blaze, and J. M. Smith,
"Practicality of accelerometer side channels on
smartphones," in Proceedings of the 28th Annual
Computer Security Applications Conference, 2012,
pp. 41-50.
[3] M. O. Derawi, C. Nickel, P. Bours, and C. Busch,
"Unobtrusive user-authentication on mobile phones
using biometric gait recognition," in Intelligent
Information Hiding and Multimedia Signal
Processing (IIH-MSP), 2010 Sixth International
Conference on, 2010, pp. 306-311.
[4] E. Vildjiounaite, S.-M. Mäkelä, M. Lindholm, R.
Riihimäki, V. Kyllönen, J. Mäntyjärvi, et al.,
"Unobtrusive multimodal biometrics for ensuring
privacy and information security with personal
devices," in Pervasive Computing, ed: Springer,
2006, pp. 187-201.
[5] G. M. Weiss and J. W. Lockhart, "Identifying user
traits by mining smart phone accelerometer data," in
Proceedings of the Fifth International Workshop on
Knowledge Discovery from Sensor Data, 2011, pp.
61-69.
[6] T. Feng, X. Zhao, and W. Shi, "Investigating mobile
device picking-up motion as a novel biometric
modality," in Biometrics: Theory, Applications and
Systems (BTAS), 2013 IEEE Sixth International
Conference on, 2013, pp. 1-6.
[7] J. Guerra-Casanova, C. S. Avila, G. Bailador, and A.
de-Santos-Sierra, "Time series distances measures to
analyze in-air signatures to authenticate users on
mobile phones," in Security Technology (ICCST),
2011 IEEE International Carnahan Conference on,
2011, pp. 1-7.
[8] P. Scheeper, J. O. Gulløv, and L. M. Kofoed, "A
piezoelectric triaxial accelerometer," Journal of
Micromechanics and Microengineering, vol. 6, pp.
131-133, 1996.
[9] U. A. Bakshi and A. V. Bakshi, "Instrumentation
Engineering," ed: Technical Publications Pune, 2009.
[10] G. P. Scavone. (15/10/2015). Vibrating Systems.
Available:
https://ccrma.stanford.edu/CCRMA/Courses/150/vibr
ating_systems.html

3URFHHGLQJVRIWK,QWHUQDWLRQDO%KXUEDQ&RQIHUHQFHRQ$SSOLHG6FLHQFHV 7HFKQRORJ\,%&$67 

,VODPDEDG3DNLVWDQWK±WK-DQXDU\