TouchPass: towards behavior-irrelevant on-touch user authentication on smartphones leveraging vibrations

With increasing private and sensitive data stored in mobile devices, secure and effective mobile-based user authentication schemes are desired. As the most natural way to contact with mobile devices, finger touches have shown potentials for user authentication. Most existing approaches utilize finger touches as behavioral biometrics for identifying individuals, which are vulnerable to spoofer attacks. To resist attacks for on-touch user authentication on mobile devices, this paper exploits physical characters of touching fingers by investigating active vibration signal transmission through fingers, and we find that physical characters of touching fingers present unique patterns on active vibration signals for different individuals. Based on the observation, we propose a behavior-irrelevant on-touch user authentication system, TouchPass, which leverages active vibration signals on smartphones to extract only physical characters of touching fingers for user identification. TouchPass first extracts features that mix physical characters of touching fingers and behavior biometrics of touching behaviors from vibration signals generated and received by smartphones. Then, we design a Siamese network-based architecture with a specific training sample selection strategy to reconstruct the extracted signal features to behavior-irrelevant features and further build a behavior-irrelevant on-touch user authentication scheme leveraging knowledge distillation. Our extensive experiments validate that TouchPass can accurately authenticate users and defend various attacks.

[1]  Xiang-Yang Li,et al.  SilentSense: silent user identification via touch and movement behavioral biometrics , 2013, MobiCom.

[2]  Lijun Jiang,et al.  On Multiple Password Interference of Touch Screen Patterns and Text Passwords , 2016, CHI.

[3]  W. Siri,et al.  The gross composition of the body. , 1956, Advances in biological and medical physics.

[4]  Geoffrey E. Hinton,et al.  Visualizing Data using t-SNE , 2008 .

[5]  Lu Wang,et al.  ViType: A Cost Efficient On-Body Typing System through Vibration , 2018, 2018 15th Annual IEEE International Conference on Sensing, Communication, and Networking (SECON).

[6]  Jie Yang,et al.  VoiceLive: A Phoneme Localization based Liveness Detection for Voice Authentication on Smartphones , 2016, CCS.

[7]  Qian Zhang,et al.  VibID: User Identification through Bio-Vibrometry , 2016, 2016 15th ACM/IEEE International Conference on Information Processing in Sensor Networks (IPSN).

[8]  Romit Roy Choudhury,et al.  Ripple: Communicating through Physical Vibration , 2015, NSDI.

[9]  Geoffrey E. Hinton,et al.  Distilling the Knowledge in a Neural Network , 2015, ArXiv.

[10]  Geoffrey E. Hinton,et al.  ImageNet classification with deep convolutional neural networks , 2012, Commun. ACM.

[11]  Vir V. Phoha,et al.  When kids' toys breach mobile phone security , 2013, CCS.

[12]  Ahmet Kahraman,et al.  A theoretical and experimental investigation of modulation sidebands of planetary gear sets , 2009 .

[13]  Patrick Kenny,et al.  Front-End Factor Analysis for Speaker Verification , 2011, IEEE Transactions on Audio, Speech, and Language Processing.

[14]  Guoliang Xue,et al.  Unobservable Re-authentication for Smartphones , 2013, NDSS.

[15]  Daniel Vogel,et al.  Targeted Mimicry Attacks on Touch Input Based Implicit Authentication Schemes , 2016, MobiSys.

[16]  A. Ant Ozok,et al.  A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords , 2006, SOUPS '06.

[17]  Geoffrey E. Hinton,et al.  Phoneme recognition using time-delay neural networks , 1989, IEEE Trans. Acoust. Speech Signal Process..

[18]  Marco Gruteser,et al.  VibSense: Sensing Touches on Ubiquitous Surfaces through Vibration , 2017, 2017 14th Annual IEEE International Conference on Sensing, Communication, and Networking (SECON).

[19]  Ken Thompson,et al.  Password security: a case history , 1979, CACM.

[20]  Gierad Laput,et al.  ViBand: High-Fidelity Bio-Acoustic Sensing Using Commodity Smartwatch Accelerometers , 2016, UIST.

[21]  Rainer Martin,et al.  Noise power spectral density estimation based on optimal smoothing and minimum statistics , 2001, IEEE Trans. Speech Audio Process..

[22]  Gregory R. Koch,et al.  Siamese Neural Networks for One-Shot Image Recognition , 2015 .

[23]  Zhi-Li Zhang,et al.  Multi-touch Authentication Using Hand Geometry and Behavioral Information , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[24]  D.P. Skinner,et al.  The cepstrum: A guide to processing , 1977, Proceedings of the IEEE.

[25]  Inchul Song,et al.  Deep learning for real-time robust facial expression recognition on a smartphone , 2014, 2014 IEEE International Conference on Consumer Electronics (ICCE).

[26]  Lin Chen,et al.  Taprint: Secure Text Input for Commodity Smart Wristbands , 2019, MobiCom.

[27]  Vadim V. Romanuke,et al.  Appropriate Number and Allocation of ReLUs in Convolutional Neural Networks , 2017 .

[28]  Ingrid Daubechies,et al.  The wavelet transform, time-frequency localization and signal analysis , 1990, IEEE Trans. Inf. Theory.

[29]  Anind K. Dey,et al.  Serendipity: Finger Gesture Recognition using an Off-the-Shelf Smartwatch , 2016, CHI.

[30]  P. Welch The use of fast Fourier transform for the estimation of power spectra: A method based on time averaging over short, modified periodograms , 1967 .

[31]  Ajay Kumar,et al.  Comparison and combination of iris matchers for reliable personal authentication , 2010, Pattern Recognit..

[32]  Dawn Xiaodong Song,et al.  Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometric for Continuous Authentication , 2012, IEEE Transactions on Information Forensics and Security.

[33]  Heinrich Hußmann,et al.  Touch me once and i know it's you!: implicit authentication based on touch screen patterns , 2012, CHI.

[34]  Tao Feng,et al.  TIPS: context-aware implicit user identification using touch screen in uncontrolled environments , 2014, HotMobile.

[35]  Sergey Ioffe,et al.  Batch Normalization: Accelerating Deep Network Training by Reducing Internal Covariate Shift , 2015, ICML.

[36]  Sharath Pankanti,et al.  Filterbank-based fingerprint matching , 2000, IEEE Trans. Image Process..

[37]  Romit Roy Choudhury,et al.  Ripple II: Faster Communication through Physical Vibration , 2016, NSDI.

[38]  G. R. Noakes,et al.  Vibrations and Waves , 1962, Nature.

[39]  Yann LeCun,et al.  Learning a similarity metric discriminatively, with application to face verification , 2005, 2005 IEEE Computer Society Conference on Computer Vision and Pattern Recognition (CVPR'05).

[40]  Tao Feng,et al.  Continuous mobile authentication using touchscreen gestures , 2012, 2012 IEEE Conference on Technologies for Homeland Security (HST).

[41]  Ying Zhu,et al.  Graphical passwords: a survey , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[42]  Jian Liu,et al.  VibWrite: Towards Finger-input Authentication on Ubiquitous Surfaces via Physical Vibration , 2017, CCS.