in continuous touch based authentication for
play

in Continuous Touch-Based Authentication for Mobile Devices Vincent - PowerPoint PPT Presentation

At Your Fingertips: Considering Finger Distinctness in Continuous Touch-Based Authentication for Mobile Devices Vincent Sritapan Zaire Ali and Jamie Payton Cyber Security Division Department of Computer Science US Department of Homeland


  1. At Your Fingertips: Considering Finger Distinctness in Continuous Touch-Based Authentication for Mobile Devices Vincent Sritapan Zaire Ali and Jamie Payton Cyber Security Division Department of Computer Science US Department of Homeland Security University of North Carolina at Charlotte Science and Technology Directorate 1 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

  2. Our Personal Assistant [12] [13] [13] [13] [13] [3] 6.1B 2.6B 6.1B 2.6B 64% Smartphone subscriptions as of 2014 Smartphone subscriptions by 2020 Smartphone subscriptions as of 2014 Smartphone subscriptions by 2020 Users use no authentication 2 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

  3. Active Authentication Strong Security No Security Medium Security & Rarely Used [14] [14] [14] [14] [3] [4] [4] 64% 140,704 1,624 1,000,000,000 10,000 7,339,040,224 78,074,696 unique swipe patterns unique swipe patterns unique PIN unique PIN unique password unique password using all 9 nodes using 4 nodes permutations using 4 permutations using 9 permutations using 4 permutations using 5 Of users digits digits characters characters Swipe Pattern PIN Password No Authentication 3 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

  4. Active Authentication Single-Factor Authentication [14] (Only Using One Group) • Knowledge – Passwords – PINs – Patterns • Possession – Token – Key Card • Inherence – Retina – Fingerprints Example of Common Weak Swipe Patterns 4 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

  5. Passive Authentication Distinct Data Gesture on Device Time (ms) X-Coordinate Y-Coordinate Pressure Size Time (ms) 500176 172.9635 626 0.282353 0.282353 X-Coordinate 504485 258.4167 559.0695 0.298039 0.298039 Y-Coordinate 507079 319.4074 467.0485 0.286275 0.286275 Pressure 508157 554.0085 611 0.27451 0.27451 Size 509971 175.8468 576.6588 0.258824 0.258824 Collectable Features 5 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

  6. Passive Authentication Authorized User Training Data Black Box Data Collected From Touch Authorized User or Unknown User 6 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

  7. k-Nearest Neighbor Class 1 Class 2 Black Box Pressure k = 3 k = 6 Size 7 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

  8. Support Vector Machines Class 1 Class 2 Black Box Pressure Size 8 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

  9. State of the Art: SVM [14] Study by Xu et al. • Used SVM with Radial Basis Function (rbf) • Accuracy Declined With More Users All can achieve:+80% • Assumed Users Always Used the Same Style 9 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

  10. Operation Styles [10] Cradled – 36% One handed – 49% Two handed – 15% 10 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

  11. Operation Styles [10] Cradled – 36% One handed – 49% Two handed – 15% 11 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

  12. Motivation  Does authentication accuracy improve by training with several of a user’s fingers? 12 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

  13. App Development 13 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

  14. App Development 14 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

  15. Pilot Study Setup • Online advertisement and snowball sampling • 6 participants (3 male, 3 female) • Droid Maxx Devices • 5 Days 15 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

  16. Pilot Study Setup Distinct Data Time (ms) X-Coordinate Y-Coordinate Pressure Size 500176 172.9635 626 0.282353 0.282353 504485 258.4167 559.0695 0.298039 0.298039 507079 319.4074 467.0485 0.286275 0.286275 508157 554.0085 611 0.27451 0.27451 509971 175.8468 576.6588 0.258824 0.258824 16 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

  17. Preprocessing MotionEvent SensorEvent Data Stored in Vector Gesture on Device Time (ms) X-Coordinate Y-Coordinate Pressure Size X-Accelerometer Y-Accelerometer 548476 422 522 0.282353 0.282353 1.474828 5.152322 548514 427.4653 568.3857 0.298039 0.298039 1.474828 5.152322 548525 429 618.5961 0.298039 0.298039 1.474828 5.152322 548541 426.0154 676.2451 0.290196 0.290196 1.474828 5.152322 548557 417.4294 745.6889 0.278431 0.278431 1.474828 5.152322 17 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

  18. Preprocessing e.g. Swipe Left GestureDetector Which Gesture? Data Stored in Vector Time (ms) X-Coordinate Y-Coordinate Pressure Size X-Accelerometer Y-Accelerometer 548476 422 522 0.282353 0.282353 1.474828 5.152322 Gesture Data 548514 427.4653 568.3857 0.298039 0.298039 1.474828 5.152322 548525 429 618.5961 0.298039 0.298039 1.474828 5.152322 548541 426.0154 676.2451 0.290196 0.290196 1.474828 5.152322 548557 417.4294 745.6889 0.278431 0.278431 1.474828 5.152322 18 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

  19. Our Approach • SVM with Radial Basis Function (rbf) • 10-fold Cross-Validation to Compute Accuracy 19 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

  20. Data Analysis 𝐵𝑑𝑑𝑣𝑠𝑏𝑑𝑧 = 𝐷𝑝𝑠𝑠𝑓𝑑𝑢𝑚𝑧 𝐷𝑚𝑏𝑡𝑡𝑗𝑔𝑗𝑓𝑒 𝑄𝑝𝑗𝑜𝑢𝑡 𝑂𝑣𝑛𝑐𝑓𝑠 𝑝𝑔 𝑈𝑓𝑡𝑢𝑗𝑜𝑕 𝑄𝑝𝑗𝑜𝑢𝑡 20 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

  21. Are the Fingers of an Individual Distinct? Training Data Testing Data Classification Output 21 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

  22. Are the Fingers of an Individual Distinct? Without Accelerometer 100% 86% 90% 80% 67.05% 70% 60% 50% 40% 30% 20% 10% 0% Tap Double Tap Long Tap Swipe Right Swipe Left Swipe Up Swipe Down Average 22 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

  23. Are the Fingers of an Individual Distinct? 23 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

  24. Are the Fingers of an Individual Distinct? Without Accelerometer With Accelerometer 96.35% 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% Tap Double Tap Long Tap Swipe Right Swipe Left Swipe Up Swipe Down Average 24 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

  25. Are Fingers Distinct? Training Data Testing Data Classification Output 25 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

  26. Are Fingers Distinct? Without Accelerometer With Accelerometer 97.67% 100% 90% 83.93% 80% 70% 60% 50% 40% 30% 20% 10% 0% Tap Double Tap Long Tap Swipe Right Swipe Left Swipe Up Swipe Down Average 26 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

  27. Should Training Data Include Only One Finger? Training Data Testing Data Classification Output 27 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

  28. Should Training Data Include Only One Finger? Without Accelerometer With Accelerometer 100% 90% 80% 70% 61.2% 55.9% 60% 50% 40% 30% 20% 10% 0% Tap Double Tap Long Tap Swipe Average Average 28 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

  29. Should Training Data Include Several Fingers? Training Data Testing Data Classification Output 29 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

  30. Should Training Data Include Several Fingers? Without Accelerometer With Accelerometer 98.42% 100% 92% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% Tap Double Tap Long Tap Swipe Right Swipe Left Swipe Up Swipe Down Average 30 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

  31. Lessons Learned • Active Authentication is Annoying • Fingers are Distinct • Training Data Should Include Several Fingers 31 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

  32. Future Work • Address potential limitations related to the number of participants in our pilot study through a more expansive study • more users • wider range of gestures • longer period of time • Analyze effects of training data set sizes • Latency of real-time classification on mobile devices 32 5/26/2016 This work is sponsored by DHS S&T Directorate Contract #D15PC00160

Recommend


More recommend