280 likes | 498 Vues
Towards Continuous and Passive Authentication via Touch Biometrics An Experimental Study on Smartphones. Hui Xu, Yangfan Zhou, Michael R. Lyu The Chinese University of Hong Kong huixu@cuhk.hku.hk. 1. Motivation. 1. Motivation. Scenario. Who is the user ?. Malicious Attacker.
E N D
Towards Continuous and Passive Authentication via Touch BiometricsAn Experimental Study on Smartphones Hui Xu, Yangfan Zhou, Michael R. Lyu The Chinese University of Hong Kong huixu@cuhk.hku.hk
1. Motivation Scenario Who is the user ? Malicious Attacker physical access Personal Device Vision: A smartphone should exclusively serve its owner by recognizing its current user.
1. Motivation Current Solution Smartphone offers different screen locker solutions. No Protection It is not very difficult to break locker (e.g., smudge attack, peeping). Strong Security & Rarely Used Medium Security & Widely Used Pattern PIN Password More importantly, there are no more protections if bypassing the screen locker.
1. Motivation Continuous and Passive Continuous: The smartphone can authenticate its current user from time to time (whenever there is interaction), not just when unlocking screen. Passive: The authentication is done in the background without any prompt for credentials, which is non-intrusive.
1. Motivation Why Touch Biometrics Question: How do we recognize a friend passively? Blabla… Answer: Through the information we received from our ears, eyes (i.e., the interfaces). Touchscreen is the dominant human-to-smartphone interface.
2. Touch-based Authentication Approach Touch-based Authentication Statistical Pattern Recognition: Touch Data Training Phase Feature Extraction Model Training Labeled Users Models Touch Data Authentication Phase Unknown User Feature Extraction Classification Result
2. Touch-based Authentication Approach Touch Data 480 X (0,0) General touch data is a sequence of: [Time, Position-X, Position-Y, Size, Pressure] 800 Y
2. Touch-based Authentication Approach How to Extract Features? Touch data are generated by diverse UI operations: Separation of concern Keystroke Slide Handwriting Pinch
2. Touch-based Authentication Approach Feature Extraction Some UI Operations related to traditional research area: Top Margin Distance Size Bottom Margin Distance Dwell Time, Pressure, Size Flight Time Keystroke Handwriting
2. Touch-based Authentication Approach Feature Extraction Cont’d Trajectory Features: position, length, direction Other UI Operations are relatively new: Direction 1st Trajectory Stop Point Start Distance 2ndTrajectory FC Radius Start Point Pinch (49 features) Slide (37 features) Dynamics: pressure, size, velocity Statistical Features: average, standard deviation
3. Experimental Study Experimental Data Data acquisition experiment in lab (Aug, 2013): • 32 participants • 21 days Data Collection Tool with Specified Tasks
3. Experimental Study Biometric Properties* • Universality: every person has the characteristic • Collectability: the characteristic can be collected in numbers • Distinctiveness: each two person should be sufficiently different • Permanence: the characteristic should be stable over a period of time * A.K.Jainet al., An introduction to biometric recognition, 2004
3. Experimental Study Discrimination Model N Classes • To evaluate • Distinctiveness & • Permanence User-1 User-2 User-3 … User-4 User-n Discriminate When N grows, discrimination becomes less accurate. Unknown User (one of the N users)
3. Experimental Study Distinctiveness Performance SVM-rbf Kernel + 10 fold cross validation All can achieve:80%
3. Experimental Study Permanence Performance Not Stable used for training
3. Experimental Study Permanence Performance Using an Adaptive Approach Improved Train models in an accumulative mode
3. Experimental Study Authentication Model Two Classes Real Case: We do not know the real attacker. Training Phase: We use some users to mock an attacker Valid User Attacker Authentication the valid user or other person excluding those for mocking the attacker Unknown User
3. Experimental Study Authentication Performance Average Error Rate = (FAR + FRR)/2 0.75% 5.3% 8.67% 3.33%
3. Experimental Study Using Consecutive Operations 0.88% 0% Slide Keystroke 5.62% 0% Handwriting Pinch
Conclusion • Touch biometrics is: • Distinctive • Not stable -> Adaptive approach • Promising authentication accuracy
Future Work • Improve accuracy (e.g., via more features, trying other classifiers) • Develop touch-based authentication software • Best practice (e.g., adaptive method, combination of consecutive operations) • Approach to handle noise and new input • Performance issues (e.g., speed, overhead) • Conduct experimental study outside of the lab
Thank You! Questions? Project Website: http://www.cudroid.com/urmajesty
Other Possible Ways • System-based statistical approach • E.g., some performance data collected when running an app. • Statistical-based approach have been proved to be more effective approach in natural language processing than grammatical analysis-based approach • Other sensors Face Recognition Infrared