Authentication Using Pulse-Response Biometrics Kasper B. Rasmussen 1 Marc Roeschlin 2 Ivan Martinovic 1 Gene Tsudik 3 1 University of Oxford 2 ETH Zurich 3 UC Irvine Clermont Ferrand, 2014 Slide 1.
A Bit About Myself Lecturer at University of Oxford. Current Research Topics Security of Wireless Networks Protocol design Applied Cryptography Security of embedded systems Cyber-physical systems Oh yes Biometrics. Slide 2.
Outline 1 Background on Biometrics 2 Pulse-Response 3 Security Applications 4 Experimental Results Slide 3.
Biometrics: A Definition Biometrics A means to identify individual human beings by their characteristics or traits. Slide 4.
Biometrics Behavioral Keystroke timing, speech pattern analysis, gait recognition and hand-writing Physiological Fingerprints, hand geometry, facial recognition, speech analysis and iris/retina scans Slide 5.
Biometrics Unobtrusive Keystroke timing, speech pattern analysis, gait recognition, hand-writing, facial recognition and speech analysis Invasive Fingerprints, hand geometry and iris/retina scans Slide 6.
Why a New Biometric? Some biometrics are secure but hard to use. Fingerprints Iris/Retina Others are less secure but easy to use. Face recognition Key-stroke dynamics Slide 7.
Biometric Design Goals 1 Universal: The biometric must be universally applicable, to the extent required by the application. 2 Unique: The biometric must be unique within the target population. 3 Permanent: The biometric must be consistent over the time period where it s used. Slide 8.
Biometric Design Goals...cont. 4 Unobtrusive: An unobtrusive biometric is much more likely to be accepted. 5 Difficult to circumvent: Essential for a biometric in any security context....also, for completeness Collectability, Acceptability and Cost Effectiveness Slide 9.
Biometrics in Security Identification Obtain the identity of a user. vs. Authentication Confirm the identity of a user. Slide 10.
Biometrics in Security Identification Obtain the identity of a user. vs. Authentication Confirm the identity of a user. Continuous Authentication Continuously confirm the identity of a user. Slide 11.
Pulse-Response Biometric Pulse signal applied to the palm of one hand. The biometric is captured by measuring the response in the user s hand. Slide 12.
User Safety Voltage (V) Max Current (ma) Exposure 1 1.5 0.1 500+ 100ns 500ms Slide 13.
Case 1: Hardening PIN Entry Slide 14.
Case 1: Hardening PIN Entry Biometric Properties Universality, Uniqueness, Permanence, Unobtrusiveness, Circumvention Difficulty Slide 15.
ATM Decision Flowchart Start Is PIN Correct? No Yes Accept! Yes Does pulse-response match? No Reject! End Slide 16.
ATM Decision Flowchart Start Is PIN Correct? No Yes Accept! Yes Does pulse-response match? No Reject! P break = P guess P forge End Slide 17.
Case 2: Continuous Authentication Slide 18.
Case 2: Continuous Authentication Biometric Properties Universality, Uniqueness, Permanence, Unobtrusiveness, Circumvention Difficulty Slide 19.
Cont. Auth. Decision Flowchart Start Yes Wait for login. Get pulse-response reference. Wait Reacquire pulse-response Does pulse-response match? No Take action. Pulse-response database Policy database End Slide 20.
Cont. Auth. Security "Start" Adv sits Passed biometric 1 down test 2 Start Wait for login. Get pulse-response reference. Wait Reacquire pulse-response Yes Does pulse-response match? No Take action. Detected 3 Pulse-response database Policy database End Slide 21.
Cont. Auth. Security "Start" Adv sits Passed biometric 1 down test 2 Start Wait for login. Get pulse-response reference. Wait Reacquire pulse-response Yes Does pulse-response match? No Take action. Detected 3 Pulse-response database Policy database End P = 0 1 α α 0 1 β β 0 0 1 Slide 22.
Cont. Auth. Security P = 0 1 α α 0 1 β β 0 0 1 Probabilities after i rounds, starting in state 1 [1, 0, 0] P i = [0, (1 α)(1 β) i 1, 1 (1 α)(1 β) i 1 ] Probability of detection (state 3) for i = 10 1 (1 α)(1 β) i 1 = 1 (1 0.99)(1 0.3) 10 1 = 1 0.01 0.7 9 99.96% Slide 23.
Cont. Auth. Security P = 0 1 α α 0 1 β β 0 0 1 Probabilities after i rounds, starting in state 1 [1, 0, 0] P i = [0, (1 α)(1 β) i 1, 1 (1 α)(1 β) i 1 ] Probability of detection (state 3) for i = 10 1 (1 α)(1 β) i 1 = 1 (1 0.99)(1 0.3) 10 1 After 50 rounds this grows to 99.99999997% = 1 0.01 0.7 9 99.96% Slide 24.
Experimental Setup Slide 25.
Signals Signal magnitude [Volt] 1.0 0.5 0.0 Input pulse Measured pulse 0 200 400 600 800 Time [ns] 500 400 Spectral density 300 200 100 0 0 25 50 75 100 Frequency bins Slide 26.
Classification Slide 27.
Selecting the Classifier Support Vector Machine, Euclidean Distance, Latent Dirichlet Allocation, K-Nearest Neighbor Binary detection error rate 100% 75% 50% 25% Pulse 1 1 Pulse 1 100 Pulse 1 10000 SineLin 10 250 SineLin 10 500 SineLin 10 980 SineLin 1 250 SineLin 1 500 SineLin 1 980 SineLin 5 250 0% SVM Euclidean LDA Knn SineLin 5 500 SineLin 5 980 SquareLin 10 250 SquareLin 1 250 Pulse 1 1 Pulse 1 100 Pulse 1 10000 SineLin 10 250 SineLin 10 500 SineLin 10 980 SineLin 1 250 SineLin 1 500 SineLin 1 980 SineLin 5 250 SineLin 5 500 SineLin 5 980 SquareLin 10 250 SquareLin 1 250 Pulse 1 1 Pulse 1 100 Pulse 1 10000 SineLin 10 250 SineLin 10 500 SineLin 10 980 SineLin 1 250 SineLin 1 500 SineLin 1 980 SineLin 5 250 SineLin 5 500 SineLin 5 980 SquareLin 10 250 SquareLin 1 250 Pulse 1 1 Pulse 1 100 Pulse 1 10000 SineLin 10 250 SineLin 10 500 SineLin 10 980 SineLin 1 250 SineLin 1 500 SineLin 1 980 SineLin 5 250 SineLin 5 500 SineLin 5 980 SquareLin 10 250 SquareLin 1 250 Slide 28.
Selecting the Classifier 100% Binary detection error rate 100% 75% 50% 25% 0% Support Vector Machine, Euclidean Distance, Latent Dirichlet Allocation, K-Nearest Neighbor SVM Euclidean LDA Knn SVM Pulse 1 1 Pulse 1 100 Pulse 1 10000 SineLin 10 250 SineLin 10 500 SineLin 10 980 SineLin 1 250 SineLin 1 500 SineLin 1 980 SineLin 5 250 SineLin 5 500 SineLin 5 980 quarelin 10 250 SquareLin 1 250 Pulse 1 1 Pulse 1 100 Pulse 1 10000 SineLin 10 250 SineLin 10 500 SineLin 10 980 SineLin 1 250 SineLin 1 500 SineLin 1 980 SineLin 5 250 SineLin 5 500 SineLin 5 980 quarelin 10 250 SquareLin 1 250 Pulse 1 1 75% 50% Pulse 1 1 Pulse 1 100 Pulse 1 10000 SineLin 10 250 SineLin 10 500 SineLin 10 980 SineLin 1 250 SineLin 1 500 SineLin 1 980 SineLin 5 250 SineLin 5 500 SineLin 5 980 SquareLin 10 250 SquareLin 1 250 Pulse 1 1 Pulse 1 100 Pulse 1 10000 SineLin 10 250 SineLin 10 500 SineLin 10 980 SineLin 1 250 SineLin 1 500 SineLin 1 980 25% 0% SineLin 5 980 SquareLin 10 250 SquareLin 1 250 Pulse 1 1 Pulse 1 100 Pulse 1 10000 SineLin 5 250 SineLin 5 500 SineLin 10 250 SineLin 10 500 SineLin 10 980 SineLin 1 250 SineLin 1 500 Euclidean SineLin 1 980 SineLin 5 250 SineLin 5 500 SineLin 5 980 SquareLin 10 250 SquareLin 1 250 Pulse 1 1 Pulse 1 100 Pulse 1 10000 SineLin 10 250 SineLin 10 500 SineLin 10 980 SineLin 1 250 SineLin 1 500 SineLin 1 980 SineLin 5 250 SineLin 5 500 SineLin 5 980 SquareLin 10 250 SquareLin 1 250 SineL S Pulse 1 100 Pulse 1 1 Slide 29.
ROC Curves 1.00 0.75 True positive rate (TPR) 0.50 0.25 Equal Error Rate Classifier Euclidean Mahalanobis SVM 0.00 Data set Over time Single data set 0.00 0.25 0.50 0.75 1.00 False positive rate (FPR) Slide 30.
Authentication Classifier Over Time Sensitivity (TPR) 100% 75% 50% 25% 0% 100% 75% 50% 25% 0% 100% 75% 50% 25% 0% Aiden Jacob Mason 90 92 94 96 98 100 Threshold [%] Ethan Liam Slide 31.
Auth: Single Session Sensitivity (TPR) 100% 75% 50% 25% 0% 100% 75% 50% 25% 0% 100% 75% 50% 25% 0% 100% 75% 50% 25% 0% 100% 75% 50% 25% 0% Charles Ethan Liam Mason Richard David Jackson Lucas Noah Sophia 90 92 94 96 98 100 90 92 94 96 98 100 Threshold [%] Slide 32.
Identification Classifier 100% Over time Single data set Sensitivity (TPR) 75% 50% 25% 0% Aiden Ethan Jacob Liam Mason Charles David Ethan Jackson Liam Lucas Mason Noah Richard Sophia Slide 33.
Future Work Prototype Build PIN entry prototype. Gather experience on acquisition time, etc. Gather more data. Acquisition Signal Higher bandwidth No signal Effects of stress, blood sugar levels, etc. Assess impersonation strategies. Slide 34.
WiSec 2014, in Oxford Slide 35.
Conclusion A new biometric based on Pulse-Response. Two simple application scenarios for Pulse-Response integration. Very promising results. Very high degree of uniqueness and good stability over time. Slide 36.
Conclusion Questions? A new biometric based on Pulse-Response. Two simple application scenarios for Pulse-Response integration. Very promising results. Very high degree of uniqueness and good stability over time. Thank you for your attention. Questions? kasper.rasmussen@cs.ox.ac.uk Slide 37.