reflexive memory authenticator a proposal for effortless
play

Reflexive Memory Authenticator: A proposal for effortless renewable - PowerPoint PPT Presentation

Reflexive Memory Authenticator: A proposal for effortless renewable biometrics Nikola K. Blanchard 1 Siargey Kachanovich 2 Ted Selker 3 Florentin Waligorski 1 Digitrust, Loria, Universit de Lorraine, www.koliaza.com 2 Universit Cte dAzur,


  1. Reflexive Memory Authenticator: A proposal for effortless renewable biometrics Nikola K. Blanchard 1 Siargey Kachanovich 2 Ted Selker 3 Florentin Waligorski 1 Digitrust, Loria, Université de Lorraine, www.koliaza.com 2 Université Côte d’Azur, INRIA Sophia-Antipolis, France 3 University of Maryland, Baltimore County 2nd International Workshop on Emerging Technologies for Authorization and Authentication @ ESORICS September 27th, 2019

  2. An issue with biometrics The state space is too small for current accuracies: • Static biometrics don’t get better than 0.01% EER • Behavioural biometrics often are above 1% EER For static biometrics, unchangeability is a big issue • Replay attacks • Phishing is viable • Modelisation when replay is not available Despite little guarantees, more problems from high public trust. Leaks become possible. Challenge systems and Biometrics Pupil Memory Reflex RMA protocol Conclusion 2/16

  3. Challenge systems Many challenge systems: • Text challenges (personal questions) • Graphic passwords • CAPTCHAs Common problems: • Either slow or unsecure • Limited usability and requires user effort • Vulnerable to shoulder-surfing and targeted attacks • Hard to create good challenges Challenge systems and Biometrics Pupil Memory Reflex RMA protocol Conclusion 3/16

  4. Biometric challenges Only two real types of challenge biometric systems have been considered: • Electro-encephalography • Eye movement biometrics with arbitrary patterns Problems: • High EER • Based on modelising hidden variables instead of challenges themselves Challenge systems and Biometrics Pupil Memory Reflex RMA protocol Conclusion 4/16

  5. The pupil memory reflex When seeing an image, the pupil contracts then dilates before getting back to normal. Contraction and dilation speed and magnitude depend on the familiarity of the image. Many experiments since 1967, some organised recently by Naber, Frässle, Rutishauser, and Einhäuser (2013), and Bradley and Lang (2015). Challenge systems and Biometrics Pupil Memory Reflex RMA protocol Conclusion 5/16

  6. The pupil memory reflex: speed (Naber et al.) Challenge systems and Biometrics Pupil Memory Reflex RMA protocol Conclusion 6/16

  7. The pupil memory reflex: repeated tests, memorisation (Naber et al.) Challenge systems and Biometrics Pupil Memory Reflex RMA protocol Conclusion 7/16

  8. The pupil memory reflex: repeated tests, retrieval (Naber et al.) Challenge systems and Biometrics Pupil Memory Reflex RMA protocol Conclusion 8/16

  9. The pupil memory reflex: emotional content (Bradley and Lang) Challenge systems and Biometrics Pupil Memory Reflex RMA protocol Conclusion 9/16

  10. High-level protocol At account creation, memorise ≈ 30 randomly selected pictures. Authentication protocol: 1. Show a picture randomly selected from the known or unknown sets; 2. Detect pupil size variation; 3. Categorise the reaction as known or unknown; 4. Update probability of being user/intruder 5. Accept or trigger alarm Challenge systems and Biometrics Pupil Memory Reflex RMA protocol Conclusion 10/16

  11. Protocol parameters Many parameters to determine • Image types and sources • Relative probability of known/unknown images • Time per image and resting period • Threshold for acceptance/rejection/continued testing Challenge systems and Biometrics Pupil Memory Reflex RMA protocol Conclusion 11/16

  12. RMA success rate ( p x 0 = p y 1 = 0 . 95 ) 1 0.1 0.01 0.001 0.0001 probability 1x10 -5 1x10 -6 1x10 -7 user user ✁ 1 error 1x10 -8 user ✁ 2 errors adversary adversary ✁ 1 error 1x10 -9 adversary ✁ 2 errors 0 5 10 15 20 25 30 # tries Challenge systems and Biometrics Pupil Memory Reflex RMA protocol Conclusion 12/16

  13. Adaptive probability of being the user Probability of being the adversary 1 0.1 probability 0.01 0.001 probability of user's success 0.95 probability of user's success 0.8 0.0001 0 5 10 15 20 25 30 # tries Challenge systems and Biometrics Pupil Memory Reflex RMA protocol Conclusion 13/16

  14. Implementation considerations Some algorithmic questions: • How to handle noise cancellation? • How to keep track of the images shown? • How to prevent targeted attacks? • What happens if used for many services? Challenge systems and Biometrics Pupil Memory Reflex RMA protocol Conclusion 14/16

  15. Potential extensions Three potential improvements/extensions: • Use loading times to show a standard image for a baseline • Create continuous authentication, following considerate computing principles • Potential non-noticeable use to detect intoxication/modified mental states Challenge systems and Biometrics Pupil Memory Reflex RMA protocol Conclusion 15/16

  16. Future work and open problems We raise multiple questions: • How fast can we discriminate between known/unknown images? • Can we compensate the interference without a rest period? • Can we get more than 1 bit of data? • How do we react to image closely related to known ones? To composite images? • What happens if we show a high frequency stream? A long stream? • Can ocular fatigue become a problem? Challenge systems and Biometrics Pupil Memory Reflex RMA protocol Conclusion 16/16

  17. Thank you for your attention Challenge systems and Biometrics Pupil Memory Reflex RMA protocol Conclusion 16/16

Recommend


More recommend