Behavior-based Authentication

Problems with passwords

Any new web service account usually requires a new complex password. Although password managers help creating and organizing them, many users still choose simple passwords to easily remember them and sometimes even re-use them for different services. Once leaked or guessed, these passwords can become a major threat for private users but also companies due to the recurring identity leaks (see HPI Identity Leak Checker). In this project, we evaluate behavior-based authentication and whether this approach can solve some of these problems.

Behavioral Biometrics

Apart from passwords that are based on knowledge, there also exist possession-based mechanisms (e.g., access cards, keys, usb-tokens) and mechanisms based on something a person is for authentication. These biometric approaches either rely on physiological characteristics such as fingerprint or face geometry or behavioral characteristics like the style of walking or how a person types on a keyboard. One big advantage of biometric approaches is the secret being mostly available all the time as there is nothing that needs to be remembered specifically. In addition, the imitiation of biometrics is typically more different in comparison to passwords that can be guessed or access cards that can be stolen or lost. On the other hand, biometrics usually require some learning phase and data leaks are more dangerous as biometric characteristics can not be renewed that easily (e.g., fingerprints).

Specifically, our research is about the following topics:

  • conception and evaluation of new innovative authentication mechanism based on behavior
  • evaluation and improvement of already well-researched approaches for real-world usage
  • schemes to assess and compare these systems


  • 1.
    Ehrmann, L., Stolle, M., Klieme, E., Tietz, C., Meinel, C.: Detecting Interaction Activities While Walking Using Smartphone Sensors. In: Barolli, L., Woungang, I., en Enokido, T. (reds.) Advanced Information Networking and Applications. bll. 382–393. Springer (2021).
  • 2.
    Koehler, D., Klieme, E., Kreuseler, D., Cheng, F., Meinel, C.: Assessment of Remote Biometric Authentication Systems: Another Take on the Quest to Replace Passwords. Proceedings of 2021 IEEE 5th International Conference on Cryptography, Security and Privacy (CSP 2021). IEEE (2021).
  • 3.
    Rahn, V.X., Zhou, L., Klieme, E., Arnrich, B.: Optimal Sensor Placement for Human Activity Recognition with a Minimal Smartphone–IMU Setup. 10th International Conference on Sensor Networks - SENSORNETS 2021 (2021).
  • 4.
    Klieme, E., Wilke, J., van Dornick, N., Meinel, C.: FIDOnuous: A FIDO2/WebAuthn Extension to Support Continuous Web Authentication. 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). bll. 1857–1867 (2020).
  • 5.
    Tietz, C., Klieme, E., Brabender, R., Lasarow, T., Rambold, L., Meinel, C.: Under Pressure: Pushing Down on Me - Touch Sensitive Door Handle to Identify Users at Room Entry. In: Samarati, P., di Vimercati, S.D.C., Obaidat, M.S., en Ben-Othman, J. (reds.) Proceedings of the 17th International Joint Conference on e-Business and Telecommunications, ICETE 2020 - Volume 2: SECRYPT, Lieusaint, Paris, France, July 8-10, 2020. bll. 565–571. ScitePress (2020).
  • 6.
    Tietz, C., Klieme, E., Behrendt, L., Böning, P., Marschke, L., Meinel, C.: Verification of Keyboard Acoustics Authentication on Laptops and Smartphones Using WebRTC. 2019 3rd Cyber Security in Networking Conference (CSNet). bll. 130–137 (2019).
  • 7.
    Klieme, E., Tietz, C., Meinel, C.: Beware of SMOMBIES: Verification of Users Based on Activities While Walking. 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). bll. 651–660 (2018).
  • 8.
    Klieme, E., Engelbrecht, K.-P., Möller, S.: Poster: Towards Continuous Authentication Based on Mobile Messaging App Usage. Symposium on Usable Privacy and Security. (2014).

Technical reports


  • Prof. Dr. Christoph Meinel
  • Eric Klieme, M.Sc.
  • Christian Tietz, M.Sc. (until 06/2020)