Next-generation user authentication schemes for IoT applications

Gupta, Sandeep

27 October 2020

The unprecedented rise of IoT has revolutionized every business vertical enthralling people to embrace IoT applications in their day-to-day lives to accrue multifaceted benefits. It is absolutely fair to say that a day without connected IoT systems, such as smart devices, smart enterprises, smart homes or offices, etc., would hamper our conveniences, drastically. Many IoT applications for these connected systems are safety-critical, and any unauthorized access could have severe consequences to their consumers and society. In the overall IoT security spectrum, human-to-machine authentication for IoT applications is a critical and foremost challenge owing to highly prescriptive characteristics of conventional user authentication schemes, i.e., knowledge-based or token-based authentication schemes, currently used in them. Furthermore, studies have reported numerous users’ concerns, from both the security and usability perspectives, that users are facing in using available authentication schemes for IoT applications. Therefore, an impetus is required to upgrade user authentication schemes for new IoT age applications to address any unforeseen incidents or unintended consequences. This dissertation aims at designing next-generation user authentication schemes for IoT applications to secure connected systems, namely, smart devices, smart enterprises, smart homes, or offices. To accomplish my research objectives, I perform a thorough study of ways and types of user authentication mechanisms emphasizing their security and usability ramifications. Subsequently, based on the substantive findings of my studies, I design, prototype, and validate our proposed user authentication schemes. I exploit both physiological and behavioral biometrics to design novel schemes that provide implicit (frictionless), continuous (active) or risk-based (non-static) authentication for multi-user scenarios. Afterward, I present a comparative analysis of the proposed schemes in terms of accuracy against the available state-of-the-art user authentication solutions. Also, I conduct SUS surveys to evaluate the usability of user authentication schemes.

Towards Template Security for Iris-based Biometric Systems

Fouad, Marwa

18 April 2012

Personal identity refers to a set of attributes (e.g., name, social insurance number, etc.) that are associated with a person. Identity management is the process of creating, maintaining and destroying identities of individuals in a population. Biometric technologies are technologies developed to use statistical analysis of an individual’s biological or behavioral traits to determine his identity. Biometrics based authentication systems offer a reliable solution for identity management, because of their uniqueness, relative stability over time and security (among other reasons). Public acceptance of biometric systems will depend on their ability to ensure robustness, accuracy and security. Although robustness and accuracy of such systems are rapidly improving, there still remain some issues of security and balancing it with privacy. While the uniqueness of biometric traits offers a convenient and reliable means of identification, it also poses the risk of unauthorized cross-referencing among databases using the same biometric trait. There is also a high risk in case of a biometric database being compromised, since it’s not possible to revoke the biometric trait and re-issue a new one as is the case with passwords and smart keys. This unique attribute of biometric based authentication system poses a challenge that might slow down public acceptance and the use of biometrics for authentication purposes in large scale applications. In this research we investigate the vulnerabilities of biometric systems focusing on template security in iris-based biometric recognition systems. The iris has been well studied for authentication purposes and has been proven accurate in large scale applications in several airports and border crossings around the world. The most widely accepted iris recognition systems are based on Daugman’s model that creates a binary iris template. In this research we develop different systems using watermarking, bio-cryptography as well as feature transformation to achieve revocability and security of binary templates in iris based biometric authentication systems, while maintaining the performance that enables widespread application of these systems. All algorithms developed in this research are applicable on already existing biometric authentication systems and do not require redesign of these existing, well established iris-based authentication systems that use binary templates.

Biometrics

Iris Recognition

Biometric Security

Bio-cryptography

Watermarking

Haptic Biometrics

Template Security

Biométries faciales douces : méthodes, applications et défis

Dantcheva, Antitza

12 December 2011

Cette thèse s'intéresse aux biométries dites douces, et notamment à leurs utilisations en termes de sécurité, dans le cadre de différents scénarii commerciaux, incluant des aspects usage. L'accent sera ainsi porté sur les caractéristiques faciales qui constituent un jeu de traits significatifs de l'apparence physique mais aussi comportementale de l'utilisateur permettant de différencier, classer et identifier les individus. Ces traits, qui sont l'âge, le sexe, les cheveux, la peau et la couleur des yeux, mais aussi la présence de lunettes, de moustache ou de barbe, comportent plusieurs avantages notamment la facilité avec laquelle ils peuvent être acquis, mais également du fait qu'ils correspondent à la façon dont les êtres humains perçoivent leurs environnements. Plus précisément, les traits issus de la biométrie douce sont compatibles avec la manière dont l'humain tend à catégoriser son entourage, une démarche impliquant une structuration hiérarchique des différents traits. Cette thèse explore ces différents traits et leurs applications dans les systèmes de biométries douces (SBS), et met l'accent sur la manière dont de tels systèmes peuvent atteindre des buts différents, y compris la recherche accélérée dans des bases de données, l'identification et la ré-identification d'individus, mais également la prédiction et la quantification de l'esthétique d'un visage. Ce travail est motivé notamment par l'importance croissante de ces applications dans notre société en constante évolution, mais aussi par le côté peu contraignant du système. En effet, les SBS sont généralement non-intrusifs, et nécessitent le plus souvent de faibles temps de calculs, permettant ainsi une analyse biométrique rapide, sans imposer obligatoirement l'accord et la coopération de l'individu. Ces atouts rendent la biométrie douce indispensable dans les applications qui ont besoin de traitement d'images ou de vidéos en temps réel.

soft biometrics

biometrics

facial recognition

human identification

Towards Template Security for Iris-based Biometric Systems

Fouad, Marwa

18 April 2012

Personal identity refers to a set of attributes (e.g., name, social insurance number, etc.) that are associated with a person. Identity management is the process of creating, maintaining and destroying identities of individuals in a population. Biometric technologies are technologies developed to use statistical analysis of an individual’s biological or behavioral traits to determine his identity. Biometrics based authentication systems offer a reliable solution for identity management, because of their uniqueness, relative stability over time and security (among other reasons). Public acceptance of biometric systems will depend on their ability to ensure robustness, accuracy and security. Although robustness and accuracy of such systems are rapidly improving, there still remain some issues of security and balancing it with privacy. While the uniqueness of biometric traits offers a convenient and reliable means of identification, it also poses the risk of unauthorized cross-referencing among databases using the same biometric trait. There is also a high risk in case of a biometric database being compromised, since it’s not possible to revoke the biometric trait and re-issue a new one as is the case with passwords and smart keys. This unique attribute of biometric based authentication system poses a challenge that might slow down public acceptance and the use of biometrics for authentication purposes in large scale applications. In this research we investigate the vulnerabilities of biometric systems focusing on template security in iris-based biometric recognition systems. The iris has been well studied for authentication purposes and has been proven accurate in large scale applications in several airports and border crossings around the world. The most widely accepted iris recognition systems are based on Daugman’s model that creates a binary iris template. In this research we develop different systems using watermarking, bio-cryptography as well as feature transformation to achieve revocability and security of binary templates in iris based biometric authentication systems, while maintaining the performance that enables widespread application of these systems. All algorithms developed in this research are applicable on already existing biometric authentication systems and do not require redesign of these existing, well established iris-based authentication systems that use binary templates.

Biometrics

Iris Recognition

Biometric Security

Bio-cryptography

Watermarking

Haptic Biometrics

Template Security

Protection of 2D face identification systems against spoofing attacks / Protection des systèmes d'identification facial face à la fraude

Edmunds, Taiamiti

23 January 2017

Les systèmes d’identification faciale sont en plein essor et se retrouvent de plus en plus dans des produits grand public tels que les smartphones et les ordinateurs portables. Cependant, ces systèmes peuvent être facilement bernés par la présentation par exemple d’une photo imprimée de la personne ayant les droits d’accès au système. Cette thèse s’inscrit dans le cadre du projet ANR BIOFENCE qui vise à développer une certification des systèmes biométriques veine, iris et visage permettant aux industriels de faire valoir leurs innovations en termes de protection. L’objectif de cette thèse est double, d’abord il s’agit de développer des mesures de protection des systèmes 2D d’identification faciale vis à vis des attaques connues à ce jour (photos imprimées, photos ou vidéos sur un écran, masques) puis de les confronter à la méthodologie de certification développée au sein du projet ANR. Dans un premier temps, un état de l’art général des attaques et des contremesures est présenté en mettant en avant les méthodes algorithmiques (« software ») par rapport aux méthodes hardware. Ensuite, plusieurs axes sont approfondis au cours de ce travail. Le premier concerne le développement d’une contremesure basée sur une analyse de texture et le second concerne le développement d’une contre-mesure basée sur une analyse de mouvement. Ensuite, une modélisation du processus de recapture pour différencier un faux visage d’un vrai est proposée. Une nouvelle méthode de protection est développée sur ce concept en utilisant les données d'enrolment des utilisateurs et un premier pas est franchi dans la synthèse d'attaque pour un nouvel utilisateur à partir de sa donnée d'enrolment. Enfin, la méthodologie de certification développée pour les systèmes à empreintes digitales est évaluée pour les systèmes d'identification facial. / Face identification systems are growing rapidly and invade the consumer market with security products in smartphones, computers and banking. However, these systems are easily fooled by presenting a picture of the person having legitimate access to the system. This thesis is part of the BIOFENCE project which aim to develop a certification of biometric systems in order for industrials to promote their innovations in terms of protection. Our goal is to develop new anti-spoofing countermeasures for 2D face biometric systems and to evaluate the certification methodology on protected systems. First, a general state of the art in face spoofing attack forgery and in anti-spoofing protection measures is presented. Then texture-based countermeasures and motion-based countermeasures are investigated leading to the development of two novel countermeasures. Then, the recapturing process is modelled and a new fake face detection approach is proposed based on this model. Taking advantage of enrolment samples from valid users, a first step toward the synthesis of spoofing attacks for new users is taken. Finally, the certification methodology originally developed for fingerprint technology is evaluated on face biometric systems.

Leurrage

Contre-Mesures

Faux visages

Biometrics

Spoofing

Counter measures

Fake faces

Biometrics

620

Stress Detection for Keystroke Dynamics

Lau, Shing-hon

01 May 2018

Background. Stress can profoundly affect human behavior. Critical-infrastructure operators (e.g., at nuclear power plants) may make more errors when overstressed; malicious insiders may experience stress while engaging in rogue behavior; and chronic stress has deleterious effects on mental and physical health. If stress could be detected unobtrusively, without requiring special equipment, remedies to these situations could be undertaken. In this study a common computer keyboard and everyday typing are the primary instruments for detecting stress. Aim. The goal of this dissertation is to detect stress via keystroke dynamics – the analysis of a user’s typing rhythms – and to detect the changes to those rhythms concomitant with stress. Additionally, we pinpoint markers for stress (e.g., a 10% increase in typing speed), analogous to the antigens used as markers for blood type. We seek markers that are universal across all typists, as well as markers that apply only to groups or clusters of typists, or even only to individual typists. Data. Five types of data were collected from 116 subjects: (1) demographic data, which can reveal factors (e.g., gender) that influence subjects’ reactions to stress; (2) psychological data, which capture a subject’s general susceptibility to stress and anxiety, as well as his/her current stress state; (3) physiological data (e.g., heart-rate variability and blood pressure) that permit an objective and independent assessment of a subject’s stress level; (4) self-report data, consisting of subjective self-reports regarding the subject’s stress, anxiety, and workload levels; and (5) typing data from subjects, in both neutral and stressed states, measured in terms of keystroke timings – hold and latency times – and typographical errors. Differences in typing rhythms between neutral and stressed states were examined to seek specific markers for stress. Method. An ABA, single-subject design was used, in which subjects act as their own controls. Each subject provided 80 typing samples in each of three conditions: (A) baseline/neutral, (B) induced stress, and (A) post-stress return/recovery-to-baseline. Physiological measures were analyzed to ascertain the subject’s stress level when providing each sample. Typing data were analyzed, using a variety of statistical and machine learning techniques, to elucidate markers of stress. Clustering techniques (e.g., K-means) were also employed to detect groups of users whose responses to stress are similar. Results. Our stressor paradigm was effective for all 116 subjects, as confirmed through analysis of physiological and self-report data. We were able to identify markers for stress within each subject; i.e., we can discriminate between neutral and stressed typing when examining any subject individually. However, despite our best attempts, and the use of state-of-the-art machine learning techniques, we were not able to identify universal markers for stress, across subjects, nor were we able to identify clusters of subjects whose stress responses were similar. Subjects’ stress responses, in typing data, appear to be highly individualized. Consequently, effective deployment in a realworld environment may require an approach similar to that taken in personalized medicine.

Keystroke dynamics

keystroke biometrics

behavioral biometrics

stress

stress detection

affect detection

Towards Template Security for Iris-based Biometric Systems

Fouad, Marwa

January 2012

Personal identity refers to a set of attributes (e.g., name, social insurance number, etc.) that are associated with a person. Identity management is the process of creating, maintaining and destroying identities of individuals in a population. Biometric technologies are technologies developed to use statistical analysis of an individual’s biological or behavioral traits to determine his identity. Biometrics based authentication systems offer a reliable solution for identity management, because of their uniqueness, relative stability over time and security (among other reasons). Public acceptance of biometric systems will depend on their ability to ensure robustness, accuracy and security. Although robustness and accuracy of such systems are rapidly improving, there still remain some issues of security and balancing it with privacy. While the uniqueness of biometric traits offers a convenient and reliable means of identification, it also poses the risk of unauthorized cross-referencing among databases using the same biometric trait. There is also a high risk in case of a biometric database being compromised, since it’s not possible to revoke the biometric trait and re-issue a new one as is the case with passwords and smart keys. This unique attribute of biometric based authentication system poses a challenge that might slow down public acceptance and the use of biometrics for authentication purposes in large scale applications. In this research we investigate the vulnerabilities of biometric systems focusing on template security in iris-based biometric recognition systems. The iris has been well studied for authentication purposes and has been proven accurate in large scale applications in several airports and border crossings around the world. The most widely accepted iris recognition systems are based on Daugman’s model that creates a binary iris template. In this research we develop different systems using watermarking, bio-cryptography as well as feature transformation to achieve revocability and security of binary templates in iris based biometric authentication systems, while maintaining the performance that enables widespread application of these systems. All algorithms developed in this research are applicable on already existing biometric authentication systems and do not require redesign of these existing, well established iris-based authentication systems that use binary templates.

Biometrics

Iris Recognition

Biometric Security

Bio-cryptography

Watermarking

Haptic Biometrics

Template Security

Automatic Person Verification Using Speech and Face Information

Sanderson, Conrad, conradsand@ieee.org

January 2003

Identity verification systems are an important part of our every day life. A typical example is the Automatic Teller Machine (ATM) which employs a simple identity verification scheme: the user is asked to enter their secret password after inserting their ATM card; if the password matches the one prescribed to the card, the user is allowed access to their bank account. This scheme suffers from a major drawback: only the validity of the combination of a certain possession (the ATM card) and certain knowledge (the password) is verified. The ATM card can be lost or stolen, and the password can be compromised. Thus new verification methods have emerged, where the password has either been replaced by, or used in addition to, biometrics such as the person’s speech, face image or fingerprints. Apart from the ATM example described above, biometrics can be applied to other areas, such as telephone & internet based banking, airline reservations & check-in, as well as forensic work and law enforcement applications. Biometric systems based on face images and/or speech signals have been shown to be quite effective. However, their performance easily degrades in the presence of a mismatch between training and testing conditions. For speech based systems this is usually in the form of channel distortion and/or ambient noise; for face based systems it can be in the form of a change in the illumination direction. A system which uses more than one biometric at the same time is known as a multi-modal verification system; it is often comprised of several modality experts and a decision stage. Since a multi-modal system uses complimentary discriminative information, lower error rates can be achieved; moreover, such a system can also be more robust, since the contribution of the modality affected by environmental conditions can be decreased. This thesis makes several contributions aimed at increasing the robustness of single- and multi-modal verification systems. Some of the major contributions are listed below. The robustness of a speech based system to ambient noise is increased by using Maximum Auto-Correlation Value (MACV) features, which utilize information from the source part of the speech signal. A new facial feature extraction technique is proposed (termed DCT-mod2), which utilizes polynomial coefficients derived from 2D Discrete Cosine Transform (DCT) coefficients of spatially neighbouring blocks. The DCT-mod2 features are shown to be robust to an illumination direction change as well as being over 80 times quicker to compute than 2D Gabor wavelet derived features. The fragility of Principal Component Analysis (PCA) derived features to an illumination direction change is solved by introducing a pre-processing step utilizing the DCT-mod2 feature extraction. We show that the enhanced PCA technique retains all the positive aspects of traditional PCA (that is, robustness to compression artefacts and white Gaussian noise) while also being robust to the illumination direction change. Several new methods, for use in fusion of speech and face information under noisy conditions, are proposed; these include a weight adjustment procedure, which explicitly measures the quality of the speech signal, and a decision stage comprised of a structurally noise resistant piece-wise linear classifier, which attempts to minimize the effects of noisy conditions via structural constraints on the decision boundary.

biometric identification systems

biometrics

voice biometrics

speech biometrics

principal component analysis

principal components analysis

PCA

face recognition

facial recognition

multi-modal verification systems

ECG Authentication for Mobile Device

Arteaga Falconi, Juan Sebastian

January 2013

Mobile devices users are storing more and more private and often highly sensitive information on their mobiles. Protective measures to ensure that users of mobile devices are appropriately safeguarded are thus imperative to protect users. Traditional mobile login methods, like numerical or graphical passwords, are vulnerable to passive attacks. It is common for criminal s to gain access to victims' personal information by watching victims enter their passwords into their cellphone screens from a short distance away. With this in mind, a Biometric authentication algorithm based on electrocardiogram or ECG is proposed. In this system the user will only need to touch the ECG electrodes of the mobile device to gain access. With this authentication mode no one will be able to see the biometric pattern that is used to unlock the de vices. This will increase the protection for the users. The algorithm was tested with ten subjects from MCRlab at the University of Ottawa at different days and conditions using a two electrode ECG phone case. Several tests were performed in order to reach the best setting for the algorithm to work properly. The final results show that the system has a 1.41% of chance to accept false users and 81.82% of accepting the right users. The algorithm was also tested with 73 subjects from Physionet database and the results were around the same, which confirms the consistency of the algorithm. This is the first approach on mobile authentication using ECG biometric signals and shows a promising future for this technology to be used in mobiles.

Biometrics

ECG authentication

ECG Biometrics

ECG authentication for mobiles

ECG Identification

Biometrics for Mobiles

Mobile Authentication

Phone Authentication

ECG Phone Authentication

Score-level fusion for multimodal biometrics

Alsaade, Fawaz

January 2008

This thesis describes research into the score-level fusion process in multimodal biometrics. The emphasis of the research is on the fusion of face and voice biometrics in the two recognition modes of verification and open-set identification. The growing interest in the use of multiple modalities in biometrics is due to its potential capabilities for eradicating certain important limitations of unimodal biometrics. One of the factors important to the accuracy of a multimodal biometric system is the choice of the technique deployed for data fusion. To address this issue, investigations are carried out into the relative performance of several statistical data fusion techniques for combining the score information in both unimodal and multimodal biometrics (i.e. speaker and/ or face verification). Another important issue associated with any multimodal technique is that of variations in the biometric data. Such variations are reflected in the corresponding biometric scores, and can thereby adversely influence the overall effectiveness of multimodal biometric recognition. To address this problem, different methods are proposed and investigated. The first approach is based on estimating the relative quality aspects of the test scores and then passing them on into the fusion process either as features or weights. The approach provides the possibility of tackling the data variations based on adjusting the weights for each of the modalities involved according to its relative quality. Another approach considered for tackling the effects of data variations is based on the use of score normalisation mechanisms. Whilst score normalisation has been widely used in voice biometrics, its effectiveness in other biometrics has not been previously investigated. This method is shown to considerably improve the accuracy of multimodal biometrics by appropriately correcting the scores from degraded modalities prior to the fusion process. The investigations in this work are also extended to the combination of score normalisation with relative quality estimation. The experimental results show that, such a combination is more effective than the use of only one of these techniques with the fusion process. The thesis presents a thorough description of the research undertaken, details the experimental results and provides a comprehensive analysis of them.

612