Authentication Using Pulse-Response Biometrics Kasper B. Rasmussen 1 - - PowerPoint PPT Presentation

Slide 1.

Authentication Using Pulse-Response Biometrics

Kasper B. Rasmussen1 Marc Roeschlin2 Ivan Martinovic1 Gene Tsudik3

1University of Oxford 2ETH Zurich 3UC Irvine

Clermont Ferrand, 2014

Slide 2.

A Bit About Myself

Lecturer at University of Oxford.

Current Research Topics

Security of Wireless Networks Protocol design Applied Cryptography Security of embedded systems Cyber-physical systems Oh yes—Biometrics.

Slide 3.

Outline

1

Background on Biometrics

2

Pulse-Response

3

Security Applications

4

Experimental Results

Slide 4.

Biometrics: A Definition

Biometrics

A means to identify individual human beings by their characteristics or traits.

Slide 5.

Biometrics

Behavioral

Keystroke timing, speech pattern analysis, gait recognition and hand-writing

Physiological

Fingerprints, hand geometry, facial recognition, speech analysis and iris/retina scans

Slide 6.

Biometrics

Unobtrusive

Keystroke timing, speech pattern analysis, gait recognition, hand-writing, facial recognition and speech analysis

Invasive

Fingerprints, hand geometry and iris/retina scans

Slide 7.

Why a New Biometric?

Some biometrics are“secure”but“hard to use” .

Fingerprints Iris/Retina

Others are“less secure”but“easy to use” .

Face recognition Key-stroke dynamics

Slide 8.

Biometric Design Goals

1

Universal: The biometric must be universally applicable, to the extent required by the application.

2

Unique: The biometric must be unique within the target population.

3

Permanent: The biometric must be consistent over the time period where it’s used.

Slide 9.

Biometric Design Goals ...cont.

4

Unobtrusive: An unobtrusive biometric is much more likely to be accepted.

5

Difficult to circumvent: Essential for a biometric in any security context.

...also, for completeness

Collectability, Acceptability and Cost Effectiveness

Slide 10.

Biometrics in Security

Identification

Obtain the identity of a user. vs.

Authentication

Confirm the identity of a user.

Slide 11.

Biometrics in Security

Identification

Obtain the identity of a user. vs.

Authentication

Confirm the identity of a user.

Continuous Authentication

Continuously confirm the identity of a user.

Slide 12.

Pulse-Response Biometric

Pulse signal applied to the palm of one hand. The biometric is captured by measuring the response in the user’s hand.

Slide 13.

User Safety

Voltage (V) 1 1.5 Max Current (mA) 0.1 500+ Exposure 100ns ∼500ms

Slide 14.

Case 1: Hardening PIN Entry

Slide 15.

Case 1: Hardening PIN Entry

Biometric Properties

Universality, Uniqueness, Permanence, Unobtrusiveness, Circumvention Difficulty

Slide 16.

ATM Decision Flowchart

End Start Is PIN Correct? Accept! Reject! Does pulse-response match?

No No Yes Yes

Slide 17.

ATM Decision Flowchart

End Start Is PIN Correct? Accept! Reject! Does pulse-response match?

No No Yes Yes

Pbreak = Pguess·Pforge

Slide 18.

Case 2: Continuous Authentication

Slide 19.

Case 2: Continuous Authentication

Biometric Properties

Universality, Uniqueness, Permanence, Unobtrusiveness, Circumvention Difficulty

Slide 20.

• Cont. Auth. Decision Flowchart

Reacquire pulse-response Does pulse-response match? Wait T ake action. End Policy database Start Wait for login. Get pulse-response reference.

No Yes

Pulse-response database

Slide 21.

• Cont. Auth. Security

Detected Passed biometric test "Start" Adv sits down 1 2 3

Reacquire pulse-response Does pulse-response match? Wait T ake action. End Policy database Start Wait for login. Get pulse-response reference. No Yes Pulse-response database

Slide 22.

• Cont. Auth. Security

Detected Passed biometric test "Start" Adv sits down 1 2 3

Reacquire pulse-response Does pulse-response match? Wait T ake action. End Policy database Start Wait for login. Get pulse-response reference. No Yes Pulse-response database

P =   0 1 − α α 0 1 − β β 1  

Slide 23.

• Cont. Auth. Security

P =   0 1 − α α 0 1 − β β 1   Probabilities after i rounds, starting in state 1 [1, 0, 0] · Pi = [0, (1 − α)(1 − β)i−1, 1 − (1 − α)(1 − β)i−1] Probability of detection (state 3) for i = 10 1 − (1 − α)(1 − β)i−1 = 1 − (1 − 0.99)(1 − 0.3)10−1 = 1 − 0.01 · 0.79 ≈ 99.96%

Slide 24.

• Cont. Auth. Security

P =   0 1 − α α 0 1 − β β 1   Probabilities after i rounds, starting in state 1 [1, 0, 0] · Pi = [0, (1 − α)(1 − β)i−1, 1 − (1 − α)(1 − β)i−1] Probability of detection (state 3) for i = 10 1 − (1 − α)(1 − β)i−1 = 1 − (1 − 0.99)(1 − 0.3)10−1 = 1 − 0.01 · 0.79 ≈ 99.96% After 50 rounds this grows to 99.99999997%

Slide 25.

Experimental Setup

Slide 26.

Signals

0.0 0.5 1.0 200 400 600 800

Time [ns] Signal magnitude [Volt]

Input pulse Measured pulse 100 200 300 400 500 25 50 75 100

Frequency bins Spectral density

Slide 27.

Classification

Slide 28.

Selecting the Classifier

Support Vector Machine, Euclidean Distance, Latent Dirichlet Allocation, K-Nearest Neighbor

SVM Euclidean LDA Knn

• 0%

25% 50% 75% 100% P u l s e − 1 − 1 P u l s e − 1 − 1 P u l s e − 1 − 1 S i n e L i n − 1 − 2 5 S i n e L i n − 1 − 5 S i n e L i n − 1 − 9 8 S i n e L i n − 1 − 2 5 S i n e L i n − 1 − 5 S i n e L i n − 1 − 9 8 S i n e L i n − 5 − 2 5 S i n e L i n − 5 − 5 S i n e L i n − 5 − 9 8 S q u a r e L i n − 1 − 2 5 S q u a r e L i n − 1 − 2 5 P u l s e − 1 − 1 P u l s e − 1 − 1 P u l s e − 1 − 1 S i n e L i n − 1 − 2 5 S i n e L i n − 1 − 5 S i n e L i n − 1 − 9 8 S i n e L i n − 1 − 2 5 S i n e L i n − 1 − 5 S i n e L i n − 1 − 9 8 S i n e L i n − 5 − 2 5 S i n e L i n − 5 − 5 S i n e L i n − 5 − 9 8 S q u a r e L i n − 1 − 2 5 S q u a r e L i n − 1 − 2 5 P u l s e − 1 − 1 P u l s e − 1 − 1 P u l s e − 1 − 1 S i n e L i n − 1 − 2 5 S i n e L i n − 1 − 5 S i n e L i n − 1 − 9 8 S i n e L i n − 1 − 2 5 S i n e L i n − 1 − 5 S i n e L i n − 1 − 9 8 S i n e L i n − 5 − 2 5 S i n e L i n − 5 − 5 S i n e L i n − 5 − 9 8 S q u a r e L i n − 1 − 2 5 S q u a r e L i n − 1 − 2 5 P u l s e − 1 − 1 P u l s e − 1 − 1 P u l s e − 1 − 1 S i n e L i n − 1 − 2 5 S i n e L i n − 1 − 5 S i n e L i n − 1 − 9 8 S i n e L i n − 1 − 2 5 S i n e L i n − 1 − 5 S i n e L i n − 1 − 9 8 S i n e L i n − 5 − 2 5 S i n e L i n − 5 − 5 S i n e L i n − 5 − 9 8 S q u a r e L i n − 1 − 2 5 S q u a r e L i n − 1 − 2 5

Binary detection error rate

Slide 29.

Selecting the Classifier

Support Vector Machine, Euclidean Distance, Latent Dirichlet Allocation, K-Nearest Neighbor

SVM Euclidean LDA Knn

• 0%

25% 50% 75% 100% P u l s e − 1 − 1 P u l s e − 1 − 1 P u l s e − 1 − 1 S i n e L i n − 1 − 2 5 S i n e L i n − 1 − 5 S i n e L i n − 1 − 9 8 S i n e L i n − 1 − 2 5 S i n e L i n − 1 − 5 S i n e L i n − 1 − 9 8 S i n e L i n − 5 − 2 5 S i n e L i n − 5 − 5 S i n e L i n − 5 − 9 8 S q u a r e L i n − 1 − 2 5 S q u a r e L i n − 1 − 2 5 P u l s e − 1 − 1 P u l s e − 1 − 1 P u l s e − 1 − 1 S i n e L i n − 1 − 2 5 S i n e L i n − 1 − 5 S i n e L i n − 1 − 9 8 S i n e L i n − 1 − 2 5 S i n e L i n − 1 − 5 S i n e L i n − 1 − 9 8 S i n e L i n − 5 − 2 5 S i n e L i n − 5 − 5 S i n e L i n − 5 − 9 8 S q u a r e L i n − 1 − 2 5 S q u a r e L i n − 1 − 2 5 P u l s e − 1 − 1 P u l s e − 1 − 1 P u l s e − 1 − 1 S i n e L i n − 1 − 2 5 S i n e L i n − 1 − 5 S i n e L i n − 1 − 9 8 S i n e L i n − 1 − 2 5 S i n e L i n − 1 − 5 S i n e L i n − 1 − 9 8 S i n e L i n − 5 − 2 5 S i n e L i n − 5 − 5 S i n e L i n − 5 − 9 8 S q u a r e L i n − 1 − 2 5 S q u a r e L i n − 1 − 2 5 P u l s e − 1 − 1 P u l s e − 1 − 1 P u l s e − 1 − 1 S i n e L i n − 1 − 2 5 S i n e L i n − 1 − 5 S i n e L i n − 1 − 9 8 S i n e L i n − 1 − 2 5 S i n e L i n − 1 − 5 S i n e L i n − 1 − 9 8 S i n e L i n − 5 − 2 5 S i n e L i n − 5 − 5 S i n e L i n − 5 − 9 8 S q u a r e L i n − 1 − 2 5 S q u a r e L i n − 1 − 2 5

Binary detection error rate

SVM

• 0%

25% 50% 75% 100% Pulse−1−1 Pulse−1−100 Pulse−1−10000 SineLin−10−250 SineLin−10−500 SineLin−10−980 SineLin−1−250 SineLin−1−500 SineLin−1−980 SineLin−5−250 SineLin−5−500 SineLin−5−980 SquareLin−10−250 SquareLin−1−250 Pulse−1−1 Pulse−1−100 Pulse−1−10000

Binary detection error rate

Slide 30.

ROC Curves

Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate Equal Error Rate

0.00 0.25 0.50 0.75 1.00 0.00 0.25 0.50 0.75 1.00

False positive rate (FPR) True positive rate (TPR)

Classifier Euclidean Mahalanobis SVM Data set Over time Single data set

Slide 31.

Authentication Classifier

Over Time

Aiden Ethan Jacob Liam Mason 0% 25% 50% 75% 100% 0% 25% 50% 75% 100% 0% 25% 50% 75% 100% 90 92 94 96 98 100

Threshold [%] Sensitivity (TPR)

Slide 32.

Auth: Single Session

Charles David Ethan Jackson Liam Lucas Mason Noah Richard Sophia 0% 25% 50% 75% 100% 0% 25% 50% 75% 100% 0% 25% 50% 75% 100% 0% 25% 50% 75% 100% 0% 25% 50% 75% 100% 90 92 94 96 98 100 90 92 94 96 98 100

Threshold [%] Sensitivity (TPR)

Slide 33.

Identification Classifier

Over time Single data set 0% 25% 50% 75% 100% A i d e n E t h a n J a c

• b

L i a m M a s

• n

C h a r l e s D a v i d E t h a n J a c k s

• n

L i a m L u c a s M a s

• n

N

• a

h R i c h a r d S

• p

h i a

Sensitivity (TPR)

Slide 34.

Future Work

Prototype

Build PIN entry prototype. Gather experience on acquisition time, etc. Gather more data.

Acquisition Signal

Higher bandwidth No signal Effects of stress, blood sugar levels, etc. Assess impersonation strategies.

Slide 35.

WiSec 2014, in Oxford

Slide 36.

Conclusion

A new biometric based on Pulse-Response. Two simple application scenarios for Pulse-Response integration. Very promising results. Very high degree of uniqueness and good stability over time.

Slide 37.

Conclusion – Questions?

A new biometric based on Pulse-Response. Two simple application scenarios for Pulse-Response integration. Very promising results. Very high degree of uniqueness and good stability over time. Thank you for your attention. Questions? kasper.rasmussen@cs.ox.ac.uk