Behavioral Biometrics for Mobile User Authentication: Benefits and Limitations.

User authentication serves as the primary defense, also referred to as first line of defense, by verifying the identity of a mobile user, often as a requirement for accessing resources on a mobile device. For many years, user authentication relied on "something that the user knows," also known as knowledge-based user authentication. However, recent research indicates that knowledge-based user authentication is no longer considered secure or convenient for mobile users because it imposes several limitations. These limitations highlight the need for more secure and user-friendly user authentication methods. One promising solution is user authentication based on "something that the user is," which includes authentication methods that use physical characteristics of the mobile user (i.e., physiological biometrics) or their involuntary actions (i.e., behavioral biometrics). Although physiological biometrics have been successfully deployed for mobile user authentication over the last years, recent studies suggest that they show several weaknesses (e.g., vulnerable to various attacks such as impersonation). Consequently, experts in the security field are now focusing more on user authentication based on behavioral biometrics. Therefore, the aim of this work is to investigate the benefits, as well as the limitations of behavioral biometrics for mobile user authentication in order to provide a foundation for organizing research efforts toward the design and development of proper user authentication solutions based on behavioral biometrics for mobile devices.