Jing Tian,Chengzhang Qu,Wenyuan Xu,Song Wang

2013-01-01

Abstract:Password-based authentication is easy to use but its security is bounded by how much a user can remember. Biometrics-based authentication requires no memorization but ‘resetting’ a biometric password may not always be possible. In this paper, we propose a user-friendly authentication system (KinWrite) that allows users to choose arbitrary, short and easy-to-memorize passwords while providing resilience to password cracking and password theft. KinWrite lets users write their passwords in 3D space and captures the handwriting motion using a low cost motion input sensing device—Kinect. The low resolution and noisy data captured by Kinect, combined with low consistency of in-space handwriting, have made it challenging to verify users. To overcome these challenges, we exploit the Dynamic Time Warping (DTW) algorithm to quantify similarities between handwritten passwords. Our experimental results involving 35 signatures from 18 subjects and a brute-force attacker have shown that KinWrite can achieve a 100% precision and a 70% recall (the worst case) for verifying honest users, encouraging us to carry out a much larger scale study towards designing a foolproof system.

Yanjiao Chen,Meng Xue,Jian Zhang,Qianyun Guan,Zhiyuan Wang,Qian Zhang,Wei Wang

DOI: https://doi.org/10.1145/3494962

2021-01-01

Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies

Abstract:Voice-based authentication is prevalent on smart devices to verify the legitimacy of users, but is vulnerable to replay attacks. In this paper, we propose to leverage the distinctive chest motions during speaking to establish a secure multi-factor authentication system, named ChestLive. Compared with other biometric-based authentication systems, ChestLive does not require users to remember any complicated information (e.g., hand gestures, doodles) and the working distance is much longer (30cm). We use acoustic sensing to monitor chest motions with a built-in speaker and microphone on smartphones. To obtain fine-grained chest motion signals during speaking for reliable user authentication, we derive Channel Energy (CE) of acoustic signals to capture the chest movement, and then remove the static and non-static interference from the aggregated CE signals. Representative features are extracted from the correlation between voice signal and corresponding chest motion signal. Unlike learning-based image or speech recognition models with millions of available training samples, our system needs to deal with a limited number of samples from legitimate users during enrollment. To address this problem, we resort to meta-learning, which initializes a general model with good generalization property that can be quickly fine-tuned to identify a new user. We implement ChestLive as an application and evaluate its performance in the wild with 61 volunteers using their smartphones. Experiment results show that ChestLive achieves an authentication accuracy of 98.31% and less than 2% of false accept rate against replay attacks and impersonation attacks. We also validate that ChestLive is robust to various factors, including training set size, distance, angle, posture, phone models, and environment noises.

Li Lü,Jiadi Yu,Yingying Chen,Yan Wang

DOI: https://doi.org/10.1145/3397320

2020-01-01

Proceedings of the ACM on Interactive Mobile Wearable and Ubiquitous Technologies

Abstract:Recent years have witnessed the surge of biometric-based user authentication for mobile devices due to its promising security and convenience. As a natural and widely-existed behavior, human speaking has been exploited for user authentication. Existing voice-based user authentication explores the unique characteristics from either the voiceprint or mouth movements, which is vulnerable to replay attacks and mimic attacks. During speaking, the vocal tract, including the static shape and dynamic movements, also exhibits the individual uniqueness, and they are hardly eavesdropped and imitated by adversaries. Hence, our work aims to employ the individual uniqueness of vocal tract to realize user authentication on mobile devices. Moreover, most voice-based user authentications are passphrase-dependent, which significantly degrade the user experience. Thus, such user authentications are pressed to be implemented in a passphrase-independent manner while being able to resist various attacks. In this paper, we propose a user authentication system, VocalLock, which senses the whole vocal tract during speaking to identify different individuals in a passphrase-independent manner on smartphones leveraging acoustic signals. VocalLock first utilizes FMCW on acoustic signals to characterize both the static shape and dynamic movements of the vocal tract during speaking, and then constructs a passphrase-independent user authentication model based on the unique characteristics of vocal tract through GMM-UBM. The proposed VocalLock can resist various spoofing attacks, while achieving a satisfactory user experience. Extensive experiments in real environments demonstrate VocalLock can accurately authenticate user identity in a passphrase-independent manner and successfully resist various attacks.

Li Lu,Jiadi Yu,Yingying Chen,Hongbo Liu,Yanmin Zhu,Linghe Kong,Minglu Li

DOI: https://doi.org/10.1109/tnet.2019.2891733

2019-01-01

IEEE/ACM Transactions on Networking

Abstract:To prevent users’ privacy from leakage, more and more mobile devices employ biometric-based authentication approaches, such as fingerprint, face recognition, voiceprint authentications, and so on, to enhance the privacy protection. However, these approaches are vulnerable to replay attacks. Although the state-of-art solutions utilize liveness verification to combat the attacks, existing approaches are sensitive to ambient environments, such as ambient lights and surrounding audible noises. Toward this end, we explore liveness verification of user authentication leveraging users’ mouth movements, which are robust to noisy environments. In this paper, we propose a lip reading-based user authentication system, LipPass, which extracts unique behavioral characteristics of users’ speaking mouths through acoustic sensing on smartphones for user authentication. We first investigate Doppler profiles of acoustic signals caused by users’ speaking mouths and find that there are unique mouth movement patterns for different individuals. To characterize the mouth movements, we propose a deep learning-based method to extract efficient features from Doppler profiles and employ softmax function, support vector machine, and support vector domain description to construct multi-class identifier, binary classifiers, and spoofer detectors for mouth state identification, user identification, and spoofer detection, respectively. Afterward, we develop a balanced binary tree-based authentication approach to accurately identify each individual leveraging these binary classifiers and spoofer detectors with respect to registered users. Through extensive experiments involving 48 volunteers in four real environments, LipPass can achieve 90.2% accuracy in user identification and 93.1% accuracy in spoofer detection.

Long Huang,Chen Wang

DOI: https://doi.org/10.1109/sp46214.2022.9833564

2022-01-01

Abstract:Biometrics have been widely applied as personally identifiable data for user authentication. However, existing biometric authentications are vulnerable to biometric spoofing. One reason is that they are easily observable and vulnerable to physical forgeries. Examples are the apparent surface patterns of human bodies, such as fingerprints and faces. A more significant issue is that existing authentication methods are entirely built upon biometric features, which almost never change and could be obtained or learned by an adversary such as human voices. To address this inherent security issue of biometric authentications, we propose a novel acoustically extracted hand-grip biometric, which is associated with every user’s hand geometry, body-fat ratio, and gripping strength; It is implicit and available whenever they grip a handheld device. Furthermore, we integrate a coding technique in the biometric acquisition process, which encodes static biometrics into dynamic biometric features to prevent data reuse. Additionally, this low-cost method can be deployed on any handheld device that has a speaker and a microphone. In particular, we develop a challenge-response biometric authentication system, which consists of a pair of biometric encoder and decoder. We encode the ultrasonic signal according to a challenge sequence and extract a distinct biometric code as the response for each session. We then decode the biometric code to verify the user by a convolutional neural network-based algorithm, which not only examines the coding correctness but also verifies the biometric features presented by each biometric digit. Furthermore, we investigate diverse acoustic attacks to our system, by respectively assuming an adversary could present the correct code, generate similar biometric features or successfully forge both. Extensive experiments on mobile devices show that our system achieves 97% accuracy to distinguish users and rejects 100% replay and synthesis attacks with 6-digit codes.

Junshen Kevin Chen,Wanze Xie,Yutong He

DOI: https://doi.org/10.48550/arXiv.2101.06022

2021-01-15

Abstract:We attempt to overcome the restriction of requiring a writing surface for handwriting recognition. In this study, we design a prototype of a stylus equipped with motion sensor, and utilizes gyroscopic and acceleration sensor reading to perform written letter classification using various deep learning techniques such as CNN and RNNs. We also explore various data augmentation techniques and their effects, reaching up to 86% accuracy.

Computer Vision and Pattern Recognition,Artificial Intelligence

Divas Subedi,Isabella Yung,Digesh Chitrakar,Kevin Huang

DOI: https://doi.org/10.1109/EMBC48229.2022.9871781

Abstract:With increased reliance of digital storage for personal, financial, medical, and policy information, a greater demand for robust digital authentication and cybersecurity protection measures results. Current security options include alpha-numeric passwords, two factor authentication, and bio-metric options such as fingerprint or facial recognition. However, all of these methods are not without their drawbacks. This projects leverages the fact that the use of physical handwritten signatures is still prevalent in society, and the thoroughly trained process and motions of handwritten signatures is unique for every individual. Thus, a writing stylus that can authenticate its user via inertial signature detection is proposed, which classifies inertial measurement features for user identification. The current prototype consists of two triaxial accelerometers, one mounted at each of the stylus' terminal ends. Features extracted from how the pen is held, stroke styles, and writing speed can affect the stylus tip accelerations which leads to a unique signature detection and to deter forgery attacks. Novel, manual spatiotemporal features relating to such metrics were proposed and a multi-layer perceptron was utilized for binary classification. Results of a preliminary user study are promising with overall accuracy of 95.7%, sensitivity of 100%, and recall rate of 90%.

Zhiheng Chang,Yuchen Su,Hongbo Liu

DOI: https://doi.org/10.1109/ainit61980.2024.10581665

2024-01-01

Abstract:The proliferation of wearable and handheld smart devices has enabled a wide range of applications, such as monitoring personal health and facilitating mobile payment. In the meanwhile, it is crucial to ensure the authenticity of users. Biometric-based method offers convenience to authenticate individuals, but they still face the vulnerabilities to mimic attack. The human body vibration feedback triggered by the built-in vibration motor when user is holding the device, as a novel biometric authentication method, offers improved availability and concealment while ensuring high accuracy. However, the authentication method relying solely on a single biometric is vulnerable to impersonation and biometric leakage. To address this issue, we propose a two-factor method integrating a sequence of vibration feedback triggered by random hand gestures, representing the PIN code, and the unique biometric pattern of each corresponding feedback response to facilitate the verification of user identities. Specifically, the vibration feedback varies due to physiological factors among different people such as muscle tension and bone size across distinct gestures. We design the segmentation algorithm to obtain distinct biometric patterns and further extract relevant features utilizing two modern time-series feature extraction tools. Subsequently, the experiments are conducted involving 15 volunteers on the designed prototype, which demonstrate an average authentication accuracy of 92.50% for our proposed method.

Long Huang,Chen Wang

DOI: https://doi.org/10.1109/tmc.2024.3474673

IF: 6.075

2024-01-01

IEEE Transactions on Mobile Computing

Abstract:Biometrics have been widely applied for user authentication. However, existing biometric authentications are vulnerable to biometric spoofing, because they can be observed and forged. In addition, they rely on verifying biometric features that rarely change. To address this issue, we propose to verify the handgrip biometric that can be unobtrusively extracted by acoustic signals when the user holds the phone. This biometric is uniquely associated with the user's hand geometry, body-fat ratio, and gripping strength, which are hard to reproduce. Furthermore, we propose two biometric encoding techniques (i.e., temporal-frequential and spatial) to convert static biometrics into dynamic biometric features to prevent data reuse. In particular, we develop a biometric authentication system to work with the challenge-response protocol. We encode the ultrasonic signal according to a random challenge sequence and extract a distinct biometric code as the response. We further develop two decoding algorithms to decode the biometric code for user authentication. Additionally, we investigate multiple new attacks and explore using a latent diffusion model to solve the acoustic noise discrepancies between the training and testing data to improve system performance. Extensive experiments show our system achieves 97% accuracy in distinguishing users and rejects 100% replay attacks with 0.6s challenge sequence.

Zeyu Deng,Long Huang,Chen Wang

DOI: https://doi.org/10.1145/3627106.3627195

2023-01-01

Abstract:Behavioral biometrics has emerged as an important security factor for user authentication. Compared to static biometrics (e.g., faces, irises, and fingerprints), using human motion behaviors for authentication causes lower concern about privacy abuse, and behavior biometrics are shown hard to be replicated by humans. In-air 3D signature is one representative of behavioral biometrics. Specifically, a user’s hand movements can be tracked by visual or wireless sensors for contact-free signature authentication, where both the fingertip trajectory and the dynamic motion features are verified to provide enhanced security. However, with the advancement of 3D printing and robot technology, we find that 1) existing hand-tracking interfaces (e.g., Leap Motion and Google MediaPipe) are easily tricked by a fake hand, and 2) a robotic arm can reproduce a user’s in-air 3D signature with high similarity regarding both trajectory and motion behaviors. Thus, this work investigates the security of in-air signatures under robot-level replays and proposes to extend the signature verification from a single-point fingertip to multiple hand joints for enhanced security. We develop the hand skeleton-based 3D signature verification system, which can be deployed on any single camera devices (2D or 3D). The key insight is that current robots could hardly replicate the minute and unique inter-joint motions of a user. In particular, we track the hand skeleton using a single camera and reconstruct/draw the trajectories of its joints in a virtual 3D space, using the color gradients to represent time-lapse and using varying line widths to describe joint significance. Based on that, we extract the three-view skeleton signatures and inter-joint motion features and develop a convolutional neural network for verification. Extensive experiments show that our system not only achieves high authentication performance but also effectively mitigates robot-level replay attacks.

Chang Liu,Wenxiong Kang,Linpu Fang,Ningxin Liang

DOI: https://doi.org/10.1007/978-3-030-31456-9_11

2019-01-01

Abstract:Due to biometric immutability, an authentication system that depends on irrevocable biometric data (faces and fingerprints) is vulnerable to vicious attacks. Gestures, as short actions that contain static and dynamic behavioral information, are gradually replacing traditional biometrics. Compared to body gestures, hand gestures are more flexible and do not require the user's entire body to appear in front of the camera. However, most existing feature extraction algorithms rely on the key point of a hand in motion or the image analysis of a static hand gesture, thereby making the authentication less real-time and less effective in the real-word. To alleviate these problems, we propose a user authentication system based on dynamic hand gestures jointly models the silhouette and skeletal properties of moving hands for user authentication. Our system obtains an average 0.105% false acceptance rate (FAR) and an average 3.40% false rejection rate (FRR) on the public Dynamic Hand Gesture 14/28 dataset.

c shen,q lv,z wang,y chen,x guan

DOI: https://doi.org/10.1109/ICCSS.2018.8572367

2018-01-01

Abstract:The growing trend of using wearable devices for context-aware computing and pervasive sensing systems has raised its potentials for quick and reliable authentication techniques. We collect users' writing actions with their wrist-worn devices and discover an appealing observation: the writing pattern of a person is kind of unique, stable and distinguishable. This paper presents a novel user authentication system through wrist-worn devices by analyzing the interaction behavior with users, which is both accurate and efficient for future usage. The key feature of our approach lies in using Savitzky-Golay filter and Dynamic-Time-Warping method to obtain fine-grained writing metrics for user authentication. These new metrics are relatively unique from person to person and independent of the computing platform. Analyses are conducted on the wristband-interaction data with diversity in gender, age, and height of the users. Extensive experimental results show that the proposed approach can identify users in a timely and accurate manner, with a false negative rate of 1.78%, false positive rate of 6.7%, and Area Under ROC Curve of 0.983. Additional examinations on robustness to various mimic attacks, tolerance to abnormal training data, and comparisons are provided to further analyze the applicability.

Qi Lyu,Zhifeng Kong,Chao Shen,Tianwei Yue

DOI: https://doi.org/10.48550/arXiv.1710.07941

2017-10-22

Abstract:The growing trend of using wearable devices for context-aware computing and pervasive sensing systems has raised its potentials for quick and reliable authentication techniques. Since personal writing habitats differ from each other, it is possible to realize user authentication through writing. This is of great significance as sensible information is easily collected by these devices. This paper presents a novel user authentication system through wrist-worn devices by analyzing the interaction behavior with users, which is both accurate and efficient for future usage. The key feature of our approach lies in using much more effective Savitzky-Golay filter and Dynamic Time Wrapping method to obtain fine-grained writing metrics for user authentication. These new metrics are relatively unique from person to person and independent of the computing platform. Analyses are conducted on the wristband-interaction data collected from 50 users with diversity in gender, age, and height. Extensive experimental results show that the proposed approach can identify users in a timely and accurate manner, with a false-negative rate of 1.78\%, false-positive rate of 6.7\%, and Area Under ROC Curve of 0.983 . Additional examination on robustness to various mimic attacks, tolerance to training data, and comparisons to further analyze the applicability.

Human-Computer Interaction,Cryptography and Security,Machine Learning

Borui Li,Wei Wang,Yang Gao,Vir V. Phoha,Zhanpeng Jin

DOI: https://doi.org/10.1109/btas.2018.8698577

2018-01-01

Abstract:Behavioral biometrics have been long used as a complementary method to the traditional one-time authentication system. Mouse dynamics, representing an individual’s unique patterns of mouse operations, possess a great potential to bridge the security gap between two one-time authentications on the computer. In this paper, we propose a continuous authentication approach by combining the deviceindependent, angle-based mouse movement features and the wrist motion features. Based on a Random Forest Ensemble Classifier (RFEC) and the Sequential Sampling Analysis (SSA), the identity of the user can be continuously verified. Experimental results, based on 26 subjects, show that the proposed approach can reach the False Accept Rate (FAR) of 1.46% and 4.69% for impostors and intruders respectively and a False Reject Rate (FRR) of 0%. Moreover, the proposed approach is proven to be more effective in timely authentication (i.e., making an authentication decision within only 9 to 12 mouse clicks), compared with conventional methods solely based on the mouse geometry and locomotion features.

Sugang Li,Ashwin Ashok,Yanyong Zhang,Chenren Xu,Janne Lindqvist,Macro Gruteser

DOI: https://doi.org/10.1109/PERCOM.2016.7456514

2016-01-01

Abstract:In this paper, we present the design, implementation and evaluation of a user authentication system, Headbanger, for smart head-worn devices, through monitoring the user's unique head-movement patterns in response to an external audio stimulus. Compared to today's solutions, which primarily rely on indirect authentication mechanisms via the user's smartphone, thus cumbersome and susceptible to adversary intrusions, the proposed head-movement based authentication provides an accurate, robust, light-weight and convenient solution.Through extensive experimental evaluation with 95 participants, we show that our mechanism can accurately authenticate users with an average true acceptance rate of 95.57% while keeping the average false acceptance rate of 4.43%. We also show that even simple head-movement patterns are robust against imitation attacks. Finally, we demonstrate our authentication algorithm is rather light-weight: the overall processing latency on Google Glass is around 1.9 seconds.

K Yu,YH Wang,TN Tan

DOI: https://doi.org/10.1117/12.541917

2004-01-01

Abstract:This paper presents an on-line handwriting authentication system for text-independent Chinese handwriting. The proposed strategy is implemented on the stroke level, and the writing strokes and interstrokes are separated stepwise. The writing features are extracted from the dynamics of substrokes and interstrokes, including the writing velocity, the pressure, and the angle between the pen and the writing surface. To alleviate the effect of writing character number on the performance of the algorithm, we adopt the feature vectors of selected dimensions. In live experiments the authentication result is promising.

Cong Wu,Hangcheng Cao,Guowen Xu,Chengjie Zhou,Jianfei Sun,Ran Yan,Yang Liu,Hongbo Jiang

DOI: https://doi.org/10.1109/tmc.2024.3371014

IF: 6.075

2024-01-01

IEEE Transactions on Mobile Computing

Abstract:As smartphones proliferate, secure and user-friendly authentication methods are increasingly critical. Existing behavioral biometrics, however, are often compromised by behavior variability, leading to poor authentication accuracy and an unsatisfactory user experience. To fill this gap, we propose BioHold , a new robust and reliable user authentication method, fusing finger behavior and hand geometry, captured via a smartphone's multitouch screen during natural holding gestures. It synergistically fuses behavioral and physiological biometrics. In contrast to traditional methods that require restrictive, unnatural user patterns, our approach utilizes a stable, natural gesture for authentication, effectively mitigating behavior variability. It enables one-handed authentication through familiar smartphone-holding and unlocking gestures. During this interaction, hand geometry and behavioral characteristics are recorded for subsequent authentication. We evaluate our method using a dataset collected from 20 subjects, demonstrating its resilience against behavioral variability over time while maintaining a high level of distinctiveness. With only 10 training samples, our method achieves an equal error rate of 3.59%, which improves to 1.25% with 40 training samples. Importantly, our method is resistant to common security threats such as zero-effort attacks, smudge attacks, and shoulder surfing attacks. A usability study confirms the method's high user acceptance, as measured by the system usability score.

Tianming Zhao,Yan Wang,Jian Liu,Jerry Cheng,Yingying Chen,Jiadi Yu

DOI: https://doi.org/10.1109/jiot.2021.3128290

IF: 10.6

2022-01-01

IEEE Internet of Things Journal

Abstract:Traditional one-time user authentication is vulnerable to attacks when an adversary can obtain unauthorized privileges after a user's initial login. Continuous user authentication (CA) has recently shown its great potential by enabling seamless user authentication with few users' participation. We devise a low-cost system that can exploit users' pulsatile signals from photoplethysmography (PPG) sensors in commodity wearable devices to perform CA. Our system requires zero user effort and applies to practical scenarios that have nonclinical PPG measurements with human motion artifacts (MAs). We explore the uniqueness of the human cardiac system and develop adaptive MA filtering methods to mitigate the impacts of transient and continuous activities from daily life. Furthermore, we identify general fiducial features and develop an adaptive classifier that can authenticate users continuously based on their cardiac characteristics with little additional training effort. Experiments with our wrist-worn PPG sensing platform on 20 participants under practical scenarios demonstrate that our system can achieve a high CA accuracy of over 90% and a low false detection rate of 4% in detecting random attacks. We show that our MA mitigation approaches can improve the CA accuracy by around 39% under both transient and continuous daily activity scenarios.

Wanqing Li,Tongtong He,Nan Jing,Lin Wang

DOI: https://doi.org/10.1145/3614443

2023-08-12

ACM Transactions on Internet of Things

Abstract:Electronic signatures are widely used in financial business, telecommuting and identity authentication. Offline electronic signatures are vulnerable to copy or replay attacks. Contact-based online electronic signatures are limited by indirect contact such as handwriting pads and may threaten the health of users. Consider combining hand shape features and writing process features to form electronic signatures, the paper proposes an in-air handwritten signature verification system with millimeter-wave(mmWave) radar, namely mmHSV. First, the biometrics of the handwritten signature process are modeled, and phase-dependent biometrics and behavioral features are extracted from the mmWave radar mixture signal. Secondly, a handwritten feature recognition network based on few-sample learning is presented to fuse multi-dimensional features and determine user legitimacy. Finally, mmHSV is implemented and evaluated with commercial mmWave devices in different scenarios and attack mode conditions. Experimental results show that the mmHSV can achieve accurate, efficient, robust and scalable handwritten signature verification. Area Under Curve (AUC) is 98.96 \(\% \) , False Acceptance Rate (FAR) is 5.1 \(\% \) at the fixed threshold, AUC is 97.79 \(\% \) for untrained users.

Yunpeng Song,Zhongmin Cai,Zhi-Li Zhang

DOI: https://doi.org/10.1109/sp.2017.54

2017-01-01

Abstract:In this paper we present a simple and reliable authentication method for mobile devices equipped with multitouch screens such as smart phones, tablets and laptops. Users are authenticated by performing specially designed multi-touch gestures with one swipe on the touchscreen. During this process, both hand geometry and behavioral characteristics are recorded in the multi-touch traces and used for authentication. By combining both geometry information and behavioral characteristics, we overcome the problem of behavioral variability plaguing many behavior based authentication techniques - which often leads to less accurate authentication or poor user experience - while also ensuring the discernibility of different users with possibly similar handshapes. We evaluate the design of the proposed authentication method thoroughly using a large multi-touch dataset collected from 161 subjects with an elaborately designed procedure to capture behavior variability. The results demonstrate that the fusion of behavioral information with hand geometry features produces effective resistance to behavioral variability over time while at the same time retains discernibility. Our approach achieves EER of 5.84% with only 5 training samples and the performance is further improved to EER of 1.88% with enough training. Security analyses are also conducted to demonstrate that the proposed method is resilient against common smartphone authentication threats such as smudge attack, shoulder surfing attack and statistical attack. Finally, user acceptance of the method is illustrated via a usability study.