Taprint: Secure Text Input for Commodity Smart Wristbands

Smart wristband has become a dominant device in the wearable ecosystem, providing versatile functions such as fitness tracking, mobile payment, and transport ticketing. However, the small form-factor, low-profile hardware interfaces and computational resources limit their capabilities in security checking. Many wristband devices have recently witnessed alarming vulnerabilities, e.g., personal data leakage and payment fraud, due to the lack of authentication and access control. To fill this gap, we propose a secure text pin input system, namely Taprint, which extends a virtual number pad on the back of a user's hand. Taprint builds on the key observation that the hand "landmarks'', especially finger knuckles, bear unique vibration characteristics when being tapped by the user herself. It thus uses the tapping vibrometry as biometrics to authenticate the user, while distinguishing the tapping locations. Taprint reuses the inertial measurement unit in the wristband, "overclocks'' its sampling rate to extrapolate fine-grained features, and further refines the features to enhance the uniqueness and reliability. Extensive experiments on 128 users demonstrate that Taprint achieves a high accuracy (96%) of keystrokes recognition. It can authenticate users, even through a single-tap, at extremely low error rate (2.4%), and under various practical usage disturbances.

[1]  Gerald Bieber,et al.  AGIS: automated tool detection & hand-arm vibration estimation using an unmodified smartwatch , 2016, iWOAR.

[2]  Shridatt Sugrim,et al.  User-generated free-form gestures for authentication: security and memorability , 2014, MobiSys.

[3]  Ken Thompson,et al.  Password security: a case history , 1979, CACM.

[4]  Steven Furnell,et al.  Keystroke dynamics on a mobile handset: a feasibility study , 2003, Inf. Manag. Comput. Secur..

[5]  Heikki Ailisto,et al.  Identifying users of portable devices from gait pattern with accelerometers , 2005, Proceedings. (ICASSP '05). IEEE International Conference on Acoustics, Speech, and Signal Processing, 2005..

[6]  Kening Zhu,et al.  fingerT9: leveraging thumb-to-finger interaction for one-handed text entry on smartwatches , 2017, SIGGRAPH ASIA Mobile Graphics and Interactive Applications.

[7]  Tovi Grossman,et al.  Implanted user interfaces , 2012, CHI.

[8]  Ryan J. Halter,et al.  A wearable system that knows who wears it , 2014, MobiSys.

[9]  Antti Oulasvirta,et al.  Free-Form Gesture Authentication in the Wild , 2016, CHI.

[10]  Kening Zhu,et al.  FingerT9: Leveraging Thumb-to-finger Interaction for Same-side-hand Text Entry on Smartwatches , 2018, CHI.

[11]  Panlong Yang,et al.  iDial: Enabling a Virtual Dial Plate on the Hand Back for Around-Device Interaction , 2018, Proc. ACM Interact. Mob. Wearable Ubiquitous Technol..

[12]  Wenyao Xu,et al.  Cardiac Scan: A Non-contact and Continuous Heart-based User Authentication System , 2017, MobiCom.

[13]  Gierad Laput,et al.  ViBand: High-Fidelity Bio-Acoustic Sensing Using Commodity Smartwatch Accelerometers , 2016, UIST.

[14]  Fabian Monrose,et al.  Authentication via keystroke dynamics , 1997, CCS '97.

[15]  Xiang 'Anthony' Chen,et al.  Skin buttons: cheap, small, low-powered and clickable fixed-icon laser projectors , 2014, UIST.

[16]  Wei Wang,et al.  Gait recognition using wifi signals , 2016, UbiComp.

[17]  Lu Wang,et al.  ViType: A Cost Efficient On-Body Typing System through Vibration , 2018, 2018 15th Annual IEEE International Conference on Sensing, Communication, and Networking (SECON).

[18]  Lama Nachman,et al.  Unobtrusive gait verification for mobile phones , 2014, SEMWEB.

[19]  Hai Huang,et al.  You Are How You Touch: User Verification on Smartphones via Tapping Behaviors , 2014, 2014 IEEE 22nd International Conference on Network Protocols.

[20]  Xinyu Zhang,et al.  Ubiquitous keyboard for small mobile devices: harnessing multipath fading for fine-grained keystroke localization , 2014, MobiSys.

[21]  Gonzalo Bailador,et al.  Analysis of pattern recognition techniques for in-air signature biometrics , 2011, Pattern Recognit..

[22]  Lijun Jiang,et al.  On Multiple Password Interference of Touch Screen Patterns and Text Passwords , 2016, CHI.

[23]  W. Siri,et al.  The gross composition of the body. , 1956, Advances in biological and medical physics.

[24]  Jian Liu,et al.  VibWrite: Towards Finger-input Authentication on Ubiquitous Surfaces via Physical Vibration , 2017, CCS.

[25]  Parth H. Pathak,et al.  WiWho: WiFi-Based Person Identification in Smart Spaces , 2016, 2016 15th ACM/IEEE International Conference on Information Processing in Sensor Networks (IPSN).

[26]  Michael K. Reiter,et al.  Password hardening based on keystroke dynamics , 1999, CCS '99.

[27]  Ying Zhu,et al.  Graphical passwords: a survey , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[28]  Kathy J. Horadam,et al.  Fuzzy Extractors for Minutiae-Based Fingerprint Authentication , 2007, ICB.

[29]  Jie Yang,et al.  Smartphone based user verification leveraging gait recognition for mobile healthcare systems , 2013, 2013 IEEE International Conference on Sensing, Communications and Networking (SECON).

[30]  Zhi-Li Zhang,et al.  Multi-touch Authentication Using Hand Geometry and Behavioral Information , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[31]  Gregory D. Abowd,et al.  TapSkin: Recognizing On-Skin Input for Smartwatches , 2016, ISS.

[32]  Kang G. Shin,et al.  Continuous Authentication for Voice Assistants , 2017, MobiCom.

[33]  Ajay Kumar,et al.  Comparison and combination of iris matchers for reliable personal authentication , 2010, Pattern Recognit..

[34]  Mauro Conti,et al.  I Sensed It Was You: Authenticating Mobile Users with Sensor-Enhanced Keystroke Dynamics , 2014, DIMVA.

[35]  Stefan Fischer,et al.  Face authentication with Gabor information on deformable graphs , 1999, IEEE Trans. Image Process..

[36]  Roberto Brunelli,et al.  Person identification using multiple cues , 1995, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[37]  Desney S. Tan,et al.  Skinput: appropriating the body as an input surface , 2010, CHI.

[38]  Sabah Jassim,et al.  Multimodal person authentication on a smartphone under realistic conditions , 2006, SPIE Defense + Commercial Sensing.

[39]  Anind K. Dey,et al.  Serendipity: Finger Gesture Recognition using an Off-the-Shelf Smartwatch , 2016, CHI.

[40]  Chris Harrison,et al.  OmniTouch: wearable multitouch interaction everywhere , 2011, UIST.

[41]  Patrick Traynor,et al.  (sp)iPhone: decoding vibrations from nearby keyboards using mobile phone accelerometers , 2011, CCS '11.

[42]  G. Carter,et al.  The generalized correlation method for estimation of time delay , 1976 .

[43]  Shu Wang,et al.  Acoustic Eavesdropping through Wireless Vibrometry , 2015, MobiCom.

[44]  Ashwin Ashok,et al.  Whose move is it anyway? Authenticating smart wearable devices using unique head movement patterns , 2016, 2016 IEEE International Conference on Pervasive Computing and Communications (PerCom).

[45]  Qian Zhang,et al.  VibID: User Identification through Bio-Vibrometry , 2016, 2016 15th ACM/IEEE International Conference on Information Processing in Sensor Networks (IPSN).