in continuous touch based authentication for
play

in Continuous Touch-Based Authentication for Mobile Devices Vincent - PowerPoint PPT Presentation

Oct 19, 2022 •313 likes •691 views

At Your Fingertips: Considering Finger Distinctness in Continuous Touch-Based Authentication for Mobile Devices Vincent Sritapan Zaire Ali and Jamie Payton Cyber Security Division Department of Computer Science US Department of Homeland

  1. At Your Fingertips: Considering Finger Distinctness in Continuous Touch-Based Authentication for Mobile Devices Vincent Sritapan Zaire Ali and Jamie Payton Cyber Security Division Department of Computer Science US Department of Homeland Security University of North Carolina at Charlotte Science and Technology Directorate 1 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

  2. Our Personal Assistant [12] [13] [13] [13] [13] [3] 6.1B 2.6B 6.1B 2.6B 64% Smartphone subscriptions as of 2014 Smartphone subscriptions by 2020 Smartphone subscriptions as of 2014 Smartphone subscriptions by 2020 Users use no authentication 2 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

  3. Active Authentication Strong Security No Security Medium Security & Rarely Used [14] [14] [14] [14] [3] [4] [4] 64% 140,704 1,624 1,000,000,000 10,000 7,339,040,224 78,074,696 unique swipe patterns unique swipe patterns unique PIN unique PIN unique password unique password using all 9 nodes using 4 nodes permutations using 4 permutations using 9 permutations using 4 permutations using 5 Of users digits digits characters characters Swipe Pattern PIN Password No Authentication 3 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

  4. Active Authentication Single-Factor Authentication [14] (Only Using One Group) • Knowledge – Passwords – PINs – Patterns • Possession – Token – Key Card • Inherence – Retina – Fingerprints Example of Common Weak Swipe Patterns 4 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

  5. Passive Authentication Distinct Data Gesture on Device Time (ms) X-Coordinate Y-Coordinate Pressure Size Time (ms) 500176 172.9635 626 0.282353 0.282353 X-Coordinate 504485 258.4167 559.0695 0.298039 0.298039 Y-Coordinate 507079 319.4074 467.0485 0.286275 0.286275 Pressure 508157 554.0085 611 0.27451 0.27451 Size 509971 175.8468 576.6588 0.258824 0.258824 Collectable Features 5 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

  6. Passive Authentication Authorized User Training Data Black Box Data Collected From Touch Authorized User or Unknown User 6 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

  7. k-Nearest Neighbor Class 1 Class 2 Black Box Pressure k = 3 k = 6 Size 7 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

  8. Support Vector Machines Class 1 Class 2 Black Box Pressure Size 8 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

  9. State of the Art: SVM [14] Study by Xu et al. • Used SVM with Radial Basis Function (rbf) • Accuracy Declined With More Users All can achieve:+80% • Assumed Users Always Used the Same Style 9 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

  10. Operation Styles [10] Cradled – 36% One handed – 49% Two handed – 15% 10 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

  11. Operation Styles [10] Cradled – 36% One handed – 49% Two handed – 15% 11 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

  12. Motivation  Does authentication accuracy improve by training with several of a user’s fingers? 12 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

  13. App Development 13 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

  14. App Development 14 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

  15. Pilot Study Setup • Online advertisement and snowball sampling • 6 participants (3 male, 3 female) • Droid Maxx Devices • 5 Days 15 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

  16. Pilot Study Setup Distinct Data Time (ms) X-Coordinate Y-Coordinate Pressure Size 500176 172.9635 626 0.282353 0.282353 504485 258.4167 559.0695 0.298039 0.298039 507079 319.4074 467.0485 0.286275 0.286275 508157 554.0085 611 0.27451 0.27451 509971 175.8468 576.6588 0.258824 0.258824 16 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

  17. Preprocessing MotionEvent SensorEvent Data Stored in Vector Gesture on Device Time (ms) X-Coordinate Y-Coordinate Pressure Size X-Accelerometer Y-Accelerometer 548476 422 522 0.282353 0.282353 1.474828 5.152322 548514 427.4653 568.3857 0.298039 0.298039 1.474828 5.152322 548525 429 618.5961 0.298039 0.298039 1.474828 5.152322 548541 426.0154 676.2451 0.290196 0.290196 1.474828 5.152322 548557 417.4294 745.6889 0.278431 0.278431 1.474828 5.152322 17 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

  18. Preprocessing e.g. Swipe Left GestureDetector Which Gesture? Data Stored in Vector Time (ms) X-Coordinate Y-Coordinate Pressure Size X-Accelerometer Y-Accelerometer 548476 422 522 0.282353 0.282353 1.474828 5.152322 Gesture Data 548514 427.4653 568.3857 0.298039 0.298039 1.474828 5.152322 548525 429 618.5961 0.298039 0.298039 1.474828 5.152322 548541 426.0154 676.2451 0.290196 0.290196 1.474828 5.152322 548557 417.4294 745.6889 0.278431 0.278431 1.474828 5.152322 18 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

  19. Our Approach • SVM with Radial Basis Function (rbf) • 10-fold Cross-Validation to Compute Accuracy 19 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

  20. Data Analysis 𝐵𝑑𝑑𝑣𝑠𝑏𝑑𝑧 = 𝐷𝑝𝑠𝑠𝑓𝑑𝑢𝑚𝑧 𝐷𝑚𝑏𝑡𝑡𝑗𝑔𝑗𝑓𝑒 𝑄𝑝𝑗𝑜𝑢𝑡 𝑂𝑣𝑛𝑐𝑓𝑠 𝑝𝑔 𝑈𝑓𝑡𝑢𝑗𝑜𝑕 𝑄𝑝𝑗𝑜𝑢𝑡 20 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

  21. Are the Fingers of an Individual Distinct? Training Data Testing Data Classification Output 21 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

  22. Are the Fingers of an Individual Distinct? Without Accelerometer 100% 86% 90% 80% 67.05% 70% 60% 50% 40% 30% 20% 10% 0% Tap Double Tap Long Tap Swipe Right Swipe Left Swipe Up Swipe Down Average 22 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

  23. Are the Fingers of an Individual Distinct? 23 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

  24. Are the Fingers of an Individual Distinct? Without Accelerometer With Accelerometer 96.35% 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% Tap Double Tap Long Tap Swipe Right Swipe Left Swipe Up Swipe Down Average 24 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

  25. Are Fingers Distinct? Training Data Testing Data Classification Output 25 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

  26. Are Fingers Distinct? Without Accelerometer With Accelerometer 97.67% 100% 90% 83.93% 80% 70% 60% 50% 40% 30% 20% 10% 0% Tap Double Tap Long Tap Swipe Right Swipe Left Swipe Up Swipe Down Average 26 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

  27. Should Training Data Include Only One Finger? Training Data Testing Data Classification Output 27 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

  28. Should Training Data Include Only One Finger? Without Accelerometer With Accelerometer 100% 90% 80% 70% 61.2% 55.9% 60% 50% 40% 30% 20% 10% 0% Tap Double Tap Long Tap Swipe Average Average 28 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

  29. Should Training Data Include Several Fingers? Training Data Testing Data Classification Output 29 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

  30. Should Training Data Include Several Fingers? Without Accelerometer With Accelerometer 98.42% 100% 92% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% Tap Double Tap Long Tap Swipe Right Swipe Left Swipe Up Swipe Down Average 30 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

  31. Lessons Learned • Active Authentication is Annoying • Fingers are Distinct • Training Data Should Include Several Fingers 31 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

  32. Future Work • Address potential limitations related to the number of participants in our pilot study through a more expansive study • more users • wider range of gestures • longer period of time • Analyze effects of training data set sizes • Latency of real-time classification on mobile devices 32 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Multi-touch Authentication Using Hand Geometry and Aokun Chen Behavioral Information Related

Multi-touch Authentication Using Hand Geometry and Aokun Chen Behavioral Information Related

Multi-touch Authentication Using Hand Geometry and Aokun Chen Behavioral Information Related Work Gait Recognition Keystroke/Mouse dynamics Gesture based authentication Threat Model and Assumption The adversary may or may not

416 views • 23 slides
Authentication Frequency (and Continuous Authentication) Mike Just Interactive and Trustworthy

Authentication Frequency (and Continuous Authentication) Mike Just Interactive and Trustworthy

Authentication Frequency (and Continuous Authentication) Mike Just Interactive and Trustworthy Technologies Group Glasgow Caledonian University SOUPS 2014 WAY Workshop 9 July 2014 Outline Authentication frequency Continuous

502 views • 12 slides
HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been

HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been

HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been proposed for applications including: Encryption and authentication For detecting malicious alterations of design components For

645 views • 15 slides
Forgery-Resistant Touch-based Authentication on Mobile Devices Neil Zhenqiang Gong, Iowa State

Forgery-Resistant Touch-based Authentication on Mobile Devices Neil Zhenqiang Gong, Iowa State

Forgery-Resistant Touch-based Authentication on Mobile Devices Neil Zhenqiang Gong, Iowa State University Mathias Payer*, Purdue University Reza Moazzezi, UC Berkeley Mario Frank, UC Berkeley * @gannimo, http://hexhive.github.io Mobile

671 views • 26 slides
HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest

HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest

HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest mechanisms called challenge-response entity authentication exchange cleartext bitstrings directly, i.e., no cryptographic primitives are used A PUF

1.08k views • 38 slides
DECOY APPLICATIONS FOR CONTINUOUS AUTHENTICATION ON MOBILE DEVICES WAY Workshop July 9 th , 2014

DECOY APPLICATIONS FOR CONTINUOUS AUTHENTICATION ON MOBILE DEVICES WAY Workshop July 9 th , 2014

DECOY APPLICATIONS FOR CONTINUOUS AUTHENTICATION ON MOBILE DEVICES WAY Workshop July 9 th , 2014 Malek Ben Salem Accenture Technology Labs Jonathan Voris and Salvatore J. Stolfo Allure Security Technology This material is based on work

495 views • 10 slides
Web Authentication Thierry Sans Several Methods Local authentication with login and password

Web Authentication Thierry Sans Several Methods Local authentication with login and password

Web Authentication Thierry Sans Several Methods Local authentication with login and password Token-based authentication Third party authentication Local Authentication How to store and verify password? Clear Data can be hacked

615 views • 14 slides
1 Password-Based Authentication Node A has a secret ( password ): e.g., lisa To

1 Password-Based Authentication Node A has a secret ( password ): e.g., lisa To

Authentication Protocols Guevara Noubir College of Computer and Information Science Northeastern University noubir@ccs.neu.edu Outline Overview of Authentication Systems [Chapter 9] Authentication of People [Chapter 10]

396 views • 17 slides
Soft Biometrics and Continuous Authentication DR. TERENCE SIM SCHOOL OF COMPUTING NATIONAL

Soft Biometrics and Continuous Authentication DR. TERENCE SIM SCHOOL OF COMPUTING NATIONAL

Soft Biometrics and Continuous Authentication DR. TERENCE SIM SCHOOL OF COMPUTING NATIONAL UNIVERSITY OF SINGAPORE Brief Bio Associate Professor & Vice Dean Research: face recognition, biometrics, computational photography PhD

1.01k views • 73 slides
Hi Tech Hi Touch Hebrews 10:24-25 Consecrate: Hi Tech Hi Touch Hi Tech Hi Touch

Hi Tech Hi Touch Hebrews 10:24-25 Consecrate: Hi Tech Hi Touch Hi Tech Hi Touch

3/20/2018 Hi Tech Hi Touch Hebrews 10:24-25 Consecrate: Hi Tech Hi Touch Hi Tech Hi Touch Smart Phones to Make or declare Toys Tools A Terror? Tablets something sacred, Laptop Computers that is to purposefully

414 views • 7 slides
AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

SECURITY TOPICS PART 2 AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is who they say they are and therefore permitted to access the requested resources: getting entrance to a computer lab

833 views • 44 slides
A Key to Your Heart: Biometric Authentication Based on ECG Signals Who Are You?! Adventures in

A Key to Your Heart: Biometric Authentication Based on ECG Signals Who Are You?! Adventures in

A Key to Your Heart: Biometric Authentication Based on ECG Signals Who Are You?! Adventures in Authentication Workshop (WAY) 2019 Nikita Samarin, Donald Sannella Traditional Passwords Most common mechanism of authenticating users online

251 views • 14 slides
Continuous Authentication for Voice Assistants Huan Feng * , Kassem Fawaz * , and Kang G. Shin

Continuous Authentication for Voice Assistants Huan Feng * , Kassem Fawaz * , and Kang G. Shin

Continuous Authentication for Voice Assistants Huan Feng * , Kassem Fawaz * , and Kang G. Shin Presented by Anousheh and Omer Overview Introduction/Existing Solutions and Novelty Human Speech Model System and Threat Models

703 views • 41 slides
Authentication, vulnerabilities, exploits, and the secure design principles of Saltzer and

Authentication, vulnerabilities, exploits, and the secure design principles of Saltzer and

Authentication, vulnerabilities, exploits, and the secure design principles of Saltzer and Schroeder Authentication in general Bishop: Authentication is the binding of an identity to a principal. Network-based authentication mechanisms

1.6k views • 43 slides
HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the

HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the

HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the process of verifying the identity of the communicating principals to one another Usually sub-divided into Entity authentication Authentication

288 views • 10 slides
Touch Interaction and Touch Gestures Types of Touch All have very different interaction

Touch Interaction and Touch Gestures Types of Touch All have very different interaction

Touch Interaction and Touch Gestures Types of Touch All have very different interaction properties: l Single touch l Multitouch: multiple fingers on the same hand l Multihand: multiple fingers on different hands l

593 views • 58 slides
of the Norwegian Southern North Sea: Post Mortem studies of Selected Wells and Areas Ivar

of the Norwegian Southern North Sea: Post Mortem studies of Selected Wells and Areas Ivar

Basin Modelling in Marginal Basins of the Norwegian Southern North Sea: Post Mortem studies of Selected Wells and Areas Ivar Meisingset (First Geo) and Birger Dahl (Pegis AS) Objectives Investigate how predictive a basin modelling study of

618 views • 37 slides
Optimal and Adaptive Algorithms for Online Boosting Alina Beygelzimer 1 Satyen Kale 1 Haipeng Luo 2

Optimal and Adaptive Algorithms for Online Boosting Alina Beygelzimer 1 Satyen Kale 1 Haipeng Luo 2

Optimal and Adaptive Algorithms for Online Boosting Alina Beygelzimer 1 Satyen Kale 1 Haipeng Luo 2 1 Yahoo! Labs, NYC 2 Computer Science Department, Princeton University December 11, 2015 Boosting: An Example Idea: combine weak rules of

614 views • 58 slides
Java Java Basics Java Program Statements Java Review Conditional statements

Java Java Basics Java Program Statements Java Review Conditional statements

Java Java Basics Java Program Statements Java Review Conditional statements Repetition statements (loops) Writing Classes in Java Selim Aksoy Class definitions Bilkent University Encapsulation and Java modifiers

346 views • 11 slides
NONPROFIT RESERVES & ENDOWMENTS: MANAGING THEM WISELY Please join the conversation! Use the

NONPROFIT RESERVES & ENDOWMENTS: MANAGING THEM WISELY Please join the conversation! Use the

NONPROFIT RESERVES & ENDOWMENTS: MANAGING THEM WISELY Please join the conversation! Use the hashtag #NPQEndowments. MEMBERSHIP & LOGISTICS Welcome to all Leading Edge Members! Learn more about membership at

688 views • 22 slides
String-Object Transduction with Dogmatic P systems Jos M. Sempere Department of Information

String-Object Transduction with Dogmatic P systems Jos M. Sempere Department of Information

11 th International Conference on Membrane Computing (CMC11) Jena, 24-27 August 2010 String-Object Transduction with Dogmatic P systems Jos M. Sempere Department of Information Systems and Computation, Technical University of Valencia

480 views • 12 slides
Co nte nt-base d Onto lo g y Ranking Mathew Jones & Harith Alani 9th Intl. Protg

Co nte nt-base d Onto lo g y Ranking Mathew Jones & Harith Alani 9th Intl. Protg

Co nte nt-base d Onto lo g y Ranking Mathew Jones & Harith Alani 9th Intl. Protg Conference - July 23-26, 2006 - Stanford, California Onto lo g y Ranking Is crucial for ontology search and reuse! Especially when there is a

622 views • 36 slides
People, ideas, machines. @enricocoiera AUSTRALIAN INSTITUTE OF HEALTH INNOVATION 2014 (1) 2016

People, ideas, machines. @enricocoiera AUSTRALIAN INSTITUTE OF HEALTH INNOVATION 2014 (1) 2016

People, ideas, machines. @enricocoiera AUSTRALIAN INSTITUTE OF HEALTH INNOVATION 2014 (1) 2016 (4) 2017 (6) 2018 (23) AUSTRALIAN INSTITUTE OF HEALTH INNOVATION Healthcare AI has quickly become a high stakes game. The promise of great

471 views • 24 slides
Point of Care Testing: Taking Us Into the Future Barbara M. Goldsmith, Ph.D., FACB July 11, 2012

Point of Care Testing: Taking Us Into the Future Barbara M. Goldsmith, Ph.D., FACB July 11, 2012

Point of Care Testing: Taking Us Into the Future Barbara M. Goldsmith, Ph.D., FACB July 11, 2012 Alabama POCC Webinar Point-of-Care Testing (POCT): Definition Laboratory testing performed outside of the clinical laboratory OR

1.02k views • 66 slides

More recommend