----------------------- REVIEW 3 --------------------- PAPER: 97 TITLE: Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometric for Continuous Authentication AUTHORS: (anonymous) [Short summary of paper's technical contributions] The authors presented a scheme where smart phone users can be authenticated based on their interactions with the smartphone touch screens. [Strengths of the submission] The authors collected touch data from 40 users and built a classifier that achieves less than 4% median equal error rate for these users. The paper is easy to read. [Weaknesses of the submission] I think the work is interesting but suffers from several major flaws - 1. A secure authentication scheme must prevent an attacker from faking any user's credentials. Unfortunately in this authentication scheme an attacker can easily fake any user's credentials. For example, if an attacker can create/access a video of an user interacting with the touch screen, she will be able to extract a lot of information about that user's touch behavior and might even be able to authenticate as that user. Also, any unprivileged malicious application can monitor/record the touch patterns of a user and will allow an attacker to authenticate as that user. This is much worse than the traditional password based authentication schemes. 2. Some of the touch features (e.g. stroke duration, inter-stroke time ) seem to be not only dependent on the user but also on the application they are using. For example, I'll expect these features to be different when a user is playing a game and when the same user is checking her emails. Also, the design of application UIs may affect the touch features. Unfortunately, all measurements presented in the paper were collected from a single android application designed by the authors. 3. In my opinion, a sample set of 40 users is way too small to measure false acceptance rates and false rejection rates accurately. I would expect these error rates to go up as the no of users increases significantly. [Overall evaluation and importance] Even though the idea presented in the paper is interesting, the evaluation methodology suffers from several flaws. [Concrete questions for authors]