Wearing smartwatches becomes increasingly popular in people’s lives. This paper shows that a smartwatch can help its bearer authenticate to a login system effectively and securely even if the bearer’s password has already been revealed. This idea is motivated by our observation that a sensor-rich smartwatch is capable of tracking the wrist motions of its bearer typing a password or PIN, which can be used as an authentication factor. The major challenge in this research is that a sophisticated attacker may imitate a user’s typing behavior as shown in previous research on keystroke dynamics based user authentication. We address this challenge by applying a set of machine learning and deep learning classifiers on the user’s wrist motion data that are collected from a smartwatch worn by the user when inputting his/her password or PIN. Our solution is user-friendly since it does not require users to perform any additional actions when typing passwords or PINs other than wearing smartwatches. We conduct a user study involving 51 participants so as to evaluate the feasibility and performance of our solution. User study results show that the best classifier is the Bagged Decision Trees, which yields 4.58% FRR and 0.12% FAR on a QWERTY keyboard, and 6.13% FRR and 0.16% FAR on a numeric keypad.

中文翻译：

---

让好事变得更好：使用智能手表增强基于密码/PIN 的用户身份验证

佩戴智能手表在人们的生活中越来越流行。本文表明，即使持有者的密码已经泄露，智能手表也可以帮助其持有者有效且安全地通过登录系统进行身份验证。这个想法的动机是我们观察到一个富含传感器的智能手表能够跟踪其持有者输入密码或 PIN 的手腕运动，这可以用作身份验证因素。这项研究的主要挑战是，老练的攻击者可能会模仿用户的打字行为，如先前基于击键动态的用户身份验证研究所示。我们通过在用户输入密码或 PIN 时从佩戴的智能手表收集的用户手腕运动数据上应用一组机器学习和深度学习分类器来解决这一挑战。我们的解决方案是用户友好的，因为除了佩戴智能手表之外，它不需要用户在输入密码或 PIN 时执行任何其他操作。我们进行了一项涉及 51 名参与者的用户研究，以评估我们解决方案的可行性和性能。用户研究结果表明，最好的分类器是 Bagged Decision Trees，它在 QWERTY 键盘上产生 4.58% FRR 和 0.12% FAR，在数字键盘上产生 6.13% FRR 和 0.16% FAR。