Mobile biometric authentication currently relies mostly on physiological biometrics such as fingerprint or face. These systems, however, are prone to presentation attacks (spoofing) and, just as well as knowledge-based systems (PIN codes, passwords, and lock patterns), they are designed for entry-point authentication and not suited for offering prolonged protection. In fact, if an intruder gains access to the device, they can stay authenticated if the device remains active, being granted a considerable amount of time to steal private information.

In this scenario, in contrast to physiological biometrics, behavioral biometrics allow for transparent authentication, a paradigm based on verifying the biometric features of the user without having them to carry out any specific authentication task. To this end, behavioral biometrics traits are suitable as mobile devices are equipped with several sensors, such as touchscreen, motion sensors, etc., able to continuously acquire low-dimensional temporal signals, that can reveal a significant amount of information about the user.

Among the advantages of such modalities are: (i) a higher immunity to spoofing in comparison to physiological biometrics, as more advanced technical skills are required in this context; (ii) the lightweight computational overload of time-series data with respect, for instance, to the continuous acquisition and processing of images; (iii) the prolonged protection in comparison to traditional mobile entry-point methods based on knowledge (PINs, passwords, unlock patterns) or physiological biometrics (face or fingerprint verification). Consequently, such schemes could provide an additional layer of security for security-wise critical mobile apps (e.g. in healthcare or banking).

Moreover, in the field of mobile behavioral biometrics, a challenge for the research community is given by the scarcity of public databases, and by the fact that the recent, most promising studies in the field are often very heterogeneous. Consequently, it would be difficult to reach a global and significant conclusion from the comparison of such systems, given the different approaches, scopes and the usage of self-collected non-public databases. This competition will provide a complete panorama of the state of the art in the field of mobile behavioral biometrics under realistic scenarios, exploiting a novel database which will be made public and a standard experimental protocol that will be easy to follow by the research community.

The aim of this competition proposal is to benchmark mobile behavioral biometric systems that are transparently acquired by mobile devices during ordinary Human-Computer Interaction, using large-scale public databases and standard experimental protocols. In the last decade, mobile behavioral biometrics have become a popular topic in the research community, reaching promising results in terms of authentication performance thanks to novel deep learning approaches, either as:

1. A form of complementary technology or second factor in a 2-factor authentication (2FA); for instance, in a remote security-wise critical service, authentication based on behavioral traits could be used on top of existing security protocols. In this case, every user would be using their own mobile device.

2. The primary security technology in the real-world scenario of a theft, in which the impostor and the genuine user data originate from the same device.

The difference in between the two scenarios consists in the authentication technology being able to differentiate between the notion of “device” and “user”. Recent work in the literature only considers the first case, as for data collection each user typically uses their own device, and the learned features could be partially pertaining to the device rather than the user.

Therefore, in this competition the goal is to carry out a benchmark evaluation of the latest state-of-the-art mobile behavioral biometrics authentication technology using a large-scale public database which encompasses both traditional “random impostor” scenario (different users with different devices), but also the challenging “skilled impostor” scenario (different users on the same device).