Software Requirements Specification for Continuous Authentication in smart Phones using Behavioural Biometrics.

Page |1

1 Introduction
1.1 Purpose
This document describes the requirements specification (SRS) for the product that enables continuous authentication in smart phones using behavioural biometrics and provides an overall description of it. The purpose of the document is to describe the necessity and functionality of the software product. The SRS will include the details of the project's requirements, interface, design issues, and components.

1.2 Scope
The scope of the product is that it provides a means for a secure authentication technique by eliminating entry point based authentication and enabling a continuous authentication technique. This product makes use of behavioural biometrics, thus making it less complex for authentication.

1.3 Definitions, Acronyms and Abbreviations Term

PIN EER FRR FAR SMS API SVM kNN GPS

Definition
Personal Identification Number Equal Error Rate False Rejection Rate False Acceptance Rate Short message Service
Application Programming Interface

Support Vector Machine K Nearest Neighbour Global Positioning System

Software Requirements Specification for Continuous Authentication in smart Phones using Behavioural Biometrics. Page |2

1.4 References
1) Jain, A. Ross, and S. Pankanti, Biometrics: A tool for information security, IEEE Trans. Inf. Forensics Security, vol. 1, no. 2, pp.125143, Jun. 2006. 2) Derawi, C. Nickel, P. Bours, and C. Busch, Unobtrusive userAuthentication on mobile phones using biometric gait recognition, in Proc. 6th Int. Conf. Intelligent Information Hiding and Multimedia Signal Processing, Oct. 2010, pp. 306311. 3) L. Lee, T. Berger, and E. Aviczer, Reliable on-line human signature verification systems, IEEE Trans. Pattern Anal.Mach. Intell., vol. 18,no. 6, pp. 643647, Jun. 1996..

2 Overall Description
2.1 Product Perspective
Text password or patterns has been adopted as the primary form of user authentication for smart phones. In order to log into the device successfully, users must enter their selected passwords correctly. Generally, password-based user authentication can resist brute force and dictionary attacks if users select strong passwords to provide sufficient entropy. However, password-based user authentication has a major problem that humans are not experts in memorizing text strings nor do have the patience to re-enter the passwords repetitively for smaller tasks. Thus, most users would choose easy-to-remember passwords or no passwords at all.

2.2 Product Functionality

A continuous authentication technique is used which makes use of behavioural biometrics to authenticate the user continuously whether the user is an authorized or unauthorized user. The product consists of three major functions Enrolment phase: Initially, the system must be trained in an enrollment phase like sliding horizontally over the screen. Usually, one does this to browse through images or to navigate to the next page of icons in the main screen and sliding

Software Requirements Specification for Continuous Authentication in smart Phones using Behavioural Biometrics. Page |3

vertically over the screen to move screen content up or down. This is typically done for reading e-mail, documents or web-pages, or for browsing menus. Authentication Phase: Once the classifiers are trained, the device begins the authentication phase. During this phase, the system continuously tracks all strokes and the classifier estimates if they were made by the legitimate user. Security Phase: During this phase, since the user is unauthorized the mobile device has been locked and the GPS fetches the location of the smart phone and sends the tracked information to the registered email/SMS.

2.3 Users and Characteristics

Every individual smart phone user with basic knowledge of touch screen usage.

2.4 Operating Environment

2.4.1 SOFTWARE REQUIREMENTS:

Android
2.4.2 HARDWARE REQUIREMENTS:

Android Phone with : Touch screen Accelerometer GPS

2.5 Design and Implementation Constraints

Network coverage should be available for the sending and receiving SMS. Minimum Android version 2.3 required.

Software Requirements Specification for Continuous Authentication in smart Phones using Behavioural Biometrics. Page |4

2.6 Assumptions and Dependencies

The Android operating system has to provide access to the secure behavioural features of the user.

3 Specific Requirements
3.1 External Interface Requirements 3.1.1 User Interfaces 3.1.2 Hardware Interfaces 3.1.3 Software Interfaces 3.1.4 Communications Interfaces 3.2 Functional Requirements
Enrolment Phase: The system must be trained in an enrollment phase. We define two particular user actions and call them trigger actions. These actions should be frequent for any usage and primitive, i.e., they should be part of all more complex navigational gestures. Whenever the user performs a trigger action, the system logs the fingertip data. Authentication Phase: Once the device is trained, the device begins the authentication phase. During this phase, the system continuously tracks all strokes and the classifier estimates if they were made by the legitimate user. Security Phase: If the phone detects an unauthorized user, our proposed mechanism could just support the standard authentication mechanisms and serve as a theft detection mechanism that responds to theft by activating GPS, sending SMS, or locking the device.

Software Requirements Specification for Continuous Authentication in smart Phones using Behavioural Biometrics. Page |5

3.3 Behaviour Requirements 3.3.1 Use Case View

4 Other Non-functional Requirements

4.1 Performance Requirements 4.2 Safety and Security requirements:
Users should safeguard mobile phone from antivirus. Our authentication application should not be closed or disabled by the android system or third party application or manually.

4.2 Software Quality Attributes

Functionality: The required function is that user should be able to use the device securely without the need for password protection mechanism. Reliability: As user makes use of personal mobile, it is highly reliable that the mobile is secure even though the primary password is hacked. Usability: No technical knowledge is required for use of application and product highly supports ease of use.

Appendix A Data Dictionary