Theft-Resilient Mobile Payments: Transparently Authenticating NFC Users with Tapping Gesture Biometrics

Babins Shrestha, Manar Mohamed, Sandeep Tamrakar, Nitesh Saxena

Research output: Chapter in Book/Report/Conference proceedingConference contributionScientificpeer-review

3 Citations (Scopus)


The deployment of NFC technology on mobile phones is gaining momentum, enabling many important applications such as NFC payments, access control for building or public transit ticketing. However, (NFC) phones are prone to loss or theft, which allows the attacker with physical access to the phone to fully compromise the functionality provided by the NFC applications. Authenticating a user of an NFC phone using PINs or passwords provides only a weak level of security, and undermines the efficiency and convenience that NFC applications are supposed to provide.

In this paper, we devise a novel gesture-centric NFC biometric authentication mechanism that is fully transparent to the user. Simply "tapping" the phone with the NFC reader - a natural gesture already performed by the user prior to making the NFC transaction - would unlock the NFC functionality. An unauthorized user cannot unlock the NFC functionality because tapping serves as a "hard-to-mimic" biometric gesture unique to each user. We show how the NFC tapping biometrics can be extracted in a highly robust manner using multiple - motion, position and ambient - phone's sensors and machine learning classifiers. The use of multiple sensors not only improves the authentication accuracy but also makes active attacks harder since multiple sensor events need to be mimicked simultaneously. Our work significantly enhances the security of NFC transactions without adding any extra burden on the users.
Original languageEnglish
Title of host publicationProceedings of the 32nd Annual Conference on Computer Security Applications
Subtitle of host publicationACSAC '16
Number of pages12
ISBN (Electronic)978-1-4503-4771-6
Publication statusPublished - 5 Dec 2016
MoE publication typeA4 Article in a conference publication
EventAnnual Computer Security Applications Conference - Los Angeles, United States
Duration: 5 Dec 20168 Dec 2016
Conference number: 32


ConferenceAnnual Computer Security Applications Conference
Abbreviated titleACSAC
CountryUnited States
CityLos Angeles


Dive into the research topics of 'Theft-Resilient Mobile Payments: Transparently Authenticating NFC Users with Tapping Gesture Biometrics'. Together they form a unique fingerprint.

Cite this