Reflexive Memory Authenticator: A proposal for effortless renewable - - PowerPoint PPT Presentation

▶

Sep 06, 2023 345 likes •535 views

Reflexive Memory Authenticator: A proposal for effortless renewable biometrics Nikola K. Blanchard 1 Siargey Kachanovich 2 Ted Selker 3 Florentin Waligorski 1 Digitrust, Loria, Universit de Lorraine, www.koliaza.com 2 Universit Cte dAzur,

SLIDE 1

Reflexive Memory Authenticator: A proposal for effortless renewable biometrics

Nikola K. Blanchard1 Siargey Kachanovich2 Ted Selker3 Florentin Waligorski

1Digitrust, Loria, Université de Lorraine, www.koliaza.com 2Université Côte d’Azur, INRIA Sophia-Antipolis, France 3University of Maryland, Baltimore County

2nd International Workshop on Emerging Technologies for Authorization and Authentication @ ESORICS September 27th, 2019

SLIDE 2

An issue with biometrics

The state space is too small for current accuracies:

Static biometrics don’t get better than 0.01% EER
Behavioural biometrics often are above 1% EER

For static biometrics, unchangeability is a big issue

Replay attacks
Phishing is viable
Modelisation when replay is not available

Despite little guarantees, more problems from high public trust. Leaks become possible.

Challenge systems and Biometrics Pupil Memory Reflex RMA protocol Conclusion 2/16

SLIDE 3

Challenge systems

Many challenge systems:

Text challenges (personal questions)
Graphic passwords
CAPTCHAs

Common problems:

Either slow or unsecure
Limited usability and requires user effort
Vulnerable to shoulder-surfing and targeted attacks
Hard to create good challenges

Challenge systems and Biometrics Pupil Memory Reflex RMA protocol Conclusion 3/16

SLIDE 4

Biometric challenges

Only two real types of challenge biometric systems have been considered:

Electro-encephalography
Eye movement biometrics with arbitrary patterns

Problems:

High EER
Based on modelising hidden variables instead of challenges themselves

Challenge systems and Biometrics Pupil Memory Reflex RMA protocol Conclusion 4/16

SLIDE 5

The pupil memory reflex

When seeing an image, the pupil contracts then dilates before getting back to normal. Contraction and dilation speed and magnitude depend on the familiarity of the image. Many experiments since 1967, some organised recently by Naber, Frässle, Rutishauser, and Einhäuser (2013), and Bradley and Lang (2015).

Challenge systems and Biometrics Pupil Memory Reflex RMA protocol Conclusion 5/16

SLIDE 6

The pupil memory reflex: speed (Naber et al.)

Challenge systems and Biometrics Pupil Memory Reflex RMA protocol Conclusion 6/16

SLIDE 7

The pupil memory reflex: repeated tests, memorisation (Naber et al.)

Challenge systems and Biometrics Pupil Memory Reflex RMA protocol Conclusion 7/16

SLIDE 8

The pupil memory reflex: repeated tests, retrieval (Naber et al.)

Challenge systems and Biometrics Pupil Memory Reflex RMA protocol Conclusion 8/16

SLIDE 9

The pupil memory reflex: emotional content (Bradley and Lang)

Challenge systems and Biometrics Pupil Memory Reflex RMA protocol Conclusion 9/16

SLIDE 10

High-level protocol

At account creation, memorise ≈ 30 randomly selected pictures. Authentication protocol:

1. Show a picture randomly selected from the known or unknown sets;
2. Detect pupil size variation;
3. Categorise the reaction as known or unknown;
4. Update probability of being user/intruder
5. Accept or trigger alarm

Challenge systems and Biometrics Pupil Memory Reflex RMA protocol Conclusion 10/16

SLIDE 11

Protocol parameters

Many parameters to determine

Image types and sources
Relative probability of known/unknown images
Time per image and resting period
Threshold for acceptance/rejection/continued testing

Challenge systems and Biometrics Pupil Memory Reflex RMA protocol Conclusion 11/16

SLIDE 12

RMA success rate (px0 = py1 = 0.95)

1x10-9 1x10-8 1x10-7 1x10-6 1x10-5 0.0001 0.001 0.01 0.1 1 5 10 15 20 25 30 probability # tries user user

✁1 error

user

✁2 errors

adversary adversary

✁1 error

adversary

✁ 2 errors

Challenge systems and Biometrics Pupil Memory Reflex RMA protocol Conclusion 12/16

SLIDE 13

Adaptive probability of being the user

0.0001 0.001 0.01 0.1 1 5 10 15 20 25 30 probability # tries

Probability of being the adversary

probability of user's success 0.95 probability of user's success 0.8

Challenge systems and Biometrics Pupil Memory Reflex RMA protocol Conclusion 13/16

SLIDE 14

Implementation considerations

Some algorithmic questions:

How to handle noise cancellation?
How to keep track of the images shown?
How to prevent targeted attacks?
What happens if used for many services?

Challenge systems and Biometrics Pupil Memory Reflex RMA protocol Conclusion 14/16

SLIDE 15

Potential extensions

Three potential improvements/extensions:

Use loading times to show a standard image for a baseline
Create continuous authentication, following considerate computing principles
Potential non-noticeable use to detect intoxication/modified mental states

Challenge systems and Biometrics Pupil Memory Reflex RMA protocol Conclusion 15/16

SLIDE 16

Future work and open problems

We raise multiple questions:

How fast can we discriminate between known/unknown images?
Can we compensate the interference without a rest period?
Can we get more than 1 bit of data?
How do we react to image closely related to known ones? To composite images?
What happens if we show a high frequency stream? A long stream?
Can ocular fatigue become a problem?

Challenge systems and Biometrics Pupil Memory Reflex RMA protocol Conclusion 16/16

SLIDE 17

Thank you for your attention

Challenge systems and Biometrics Pupil Memory Reflex RMA protocol Conclusion 16/16