Human user authentication based on mouse dynamics: a feasibility study

Security problems have been discussed for a long time in the past recent decades in many fields such as communication, networking and user authentication. Security and authentication methods have also been explored for a long time by many researchers, and many ecient ways have been developed and used in modern society. Password and fingerprint based user authentication methods are most common user authentication methods being used in our daily lives. With computers and smart phones population growing vastly, we need to put more attention on the security methods. However, those traditional authentication methods are not safe and ecient enough. Passwords are stolen and revealed to hackers, while fingerprint can be easily got from an authenticated person. We moved our eyes on another way of security and authentication- biometric kinesiology. The muscle in our body can remember the movement if we practiced an action a lot, and that memory is built in the body, not in our brain memory, which means that we cannot forget a practiced action in the way we forget a password. We proposed to use the action with mouse from an authenticated user as the password of a system, in which only the user perform right action can be regarded as an authenticated user. Otherwise the system will reject the user. This movement is hard to mimic unless the hacker do a lot of practice of that certain movement and do exactly the same as an authenticated user. This is very difficult because we modified the normal mouse and the mouse will not move as the hacker expect. What’s more, only the authenticated user knows how was the mouse be modified and how to act to adjust to that modification. In this way our proposed approach is much safer than the above traditional security and authentication methods. However, this is a feasibility study and more experiment will be done to prove our proposal and we will discuss it in the future work chapter

Identity verification using voice and its use in a privacy preserving system

Since security has been a growing concern in recent years, the field of biometrics has gained popularity and became an active research area. Beside new identity authentication and recognition methods, protection against theft of biometric data and potential privacy loss are current directions in biometric systems research. Biometric traits which are used for verification can be grouped into two: physical and behavioral traits. Physical traits such as fingerprints and iris patterns are characteristics that do not undergo major changes over time. On the other hand, behavioral traits such as voice, signature, and gait are more variable; they are therefore more suitable to lower security applications. Behavioral traits such as voice and signature also have the advantage of being able to generate numerous different biometric templates of the same modality (e.g. different pass-phrases or signatures), in order to provide cancelability of the biometric template and to prevent crossmatching of different databases. In this thesis, we present three new biometric verification systems based mainly on voice modality. First, we propose a text-dependent (TD) system where acoustic features are extracted from individual frames of the utterances, after they are aligned via phonetic HMMs. Data from 163 speakers from the TIDIGITS database are employed for this work and the best equal error rate (EER) is reported as 0.49% for 6-digit user passwords. Second, a text-independent (TI) speaker verification method is implemented inspired by the feature extraction method utilized for our text-dependent system. Our proposed TI system depends on creating speaker specific phoneme codebooks. Once phoneme codebooks are created on the enrollment stage using HMM alignment and segmentation to extract discriminative user information, test utterances are verified by calculating the total dissimilarity/distance to the claimed codebook. For benchmarking, a GMM-based TI system is implemented as a baseline. The results of the proposed TD system (0.22% EER for 7-digit passwords) is superior compared to the GMM-based system (0.31% EER for 7-digit sequences) whereas the proposed TI system yields worse results (5.79% EER for 7-digit sequences) using the data of 163 people from the TIDIGITS database . Finally, we introduce a new implementation of the multi-biometric template framework of Yanikoglu and Kholmatov [12], using fingerprint and voice modalities. In this framework, two biometric data are fused at the template level to create a multi-biometric template, in order to increase template security and privacy. The current work aims to also provide cancelability by exploiting the behavioral aspect of the voice modality

Authenticating Users with 3D Passwords Captured by Motion Sensors

Authentication plays a key role in securing various resources including corporate facilities or electronic assets. As the most used authentication scheme, knowledgebased authentication is easy to use but its security is bounded by how much a user can remember. Biometrics-based authentication requires no memorization but ‘resetting’ a biometric password may not always be possible. Thus, we propose study several behavioral biometrics (i.e., mid-air gestures) for authentication which does not have the same privacy or availability concerns as of physiological biometrics. In this dissertation, we first propose a user-friendly authentication system Kin- Write that allows users to choose arbitrary, short and easy-to-memorize passwords while providing resilience to password cracking and password theft. Specifically, we let users write their passwords (i.e., signatures in the 3D space), and verify a user’s identity with similarities between the user’s password and enrolled password templates. Dynamic time warping distance is used for similarity calculation between 3D passwords samples. In the second part of the dissertation, we design an authentication scheme that does not depend on the handwriting contents, i.e., regardless of the written words or symbols, and adapt challenge-response mechanism to avoid possible eavesdropping, man-in-the-middle attacks, and reply attacks. We design a MoCRA system that utilizes Leap Motion to capture users’ writing movements and use writing style to verify users, even if what they write during the verification is completely different from what they write during the enrollment. Specifically, MoCRA leverages co-occurrence matrices to model the handwriting styles, and use a Support Vector Machine (SVM) to accept a legitimate user and reject the rest. In the third part, we study both security and usability performance on multiple types of mid-air gestures that used as passwords, including writing signatures in the air. We objectively quantify the usability performance by metrics related to the enroll time and the complexity of the gestures, and evaluate the security performance by the authentication performance. In addition, we subjectively evaluate the gestures by survey responses from both field subjects who participated in gesture experiments and on-line subjects who watched a short video on gesture introducing. Finally, we study the consistency of gestures over samples collected in a two-month period, and evaluate their security under shoulder surfing attacks

Technology-enhanced support for children with Down Syndrome: A systematic literature review

This paper presents a systematic literature review on technology-enhanced support for children with Down Syndrome and young people who match the mental age of children considered neurotypical (NT). The main aim is threefold: to (1) explore the field of digital technologies designed to support children with Down Syndrome, (2) identify technology types, contexts of use, profiles of individuals with Down Syndrome, methodological approaches, and the effectiveness of such supports, and (3) draw out opportunities for future research in this specific area. A systematic literature review was conducted on five search engines resulting in a set of 703 articles, which were screened and filtered in a systematic way until they were narrowed to a corpus of 65 articles for further analysis. The synthesis identify several key findings: (1) there is diversity of technology supports available for children with Down Syndrome targeting individual capabilities, (2) overlapping definitions of technology makes it difficult to place technology supports in individual categories rather than subsets of a broader term, (3) the average sample size remained small for participants in the studies, making it difficult to draw solid conclusions on the effectiveness of the related interventions, (4) the distribution of papers indicates that this is an emerging area of research and is starting to build body of knowledge, and (5) there are limited studies on newer emerging technologies which requires further investigation to explore their potential

Multi-system Biometric Authentication: Optimal Fusion and User-Specific Information

Verifying a person's identity claim by combining multiple biometric systems (fusion) is a promising solution to identity theft and automatic access control. This thesis contributes to the state-of-the-art of multimodal biometric fusion by improving the understanding of fusion and by enhancing fusion performance using information specific to a user. One problem to deal with at the score level fusion is to combine system outputs of different types. Two statistically sound representations of scores are probability and log-likelihood ratio (LLR). While they are equivalent in theory, LLR is much more useful in practice because its distribution can be approximated by a Gaussian distribution, which makes it useful to analyze the problem of fusion. Furthermore, its score statistics (mean and covariance) conditioned on the claimed user identity can be better exploited. Our first contribution is to estimate the fusion performance given the class-conditional score statistics and given a particular fusion operator/classifier. Thanks to the score statistics, we can predict fusion performance with reasonable accuracy, identify conditions which favor a particular fusion operator, study the joint phenomenon of combining system outputs with different degrees of strength and correlation and possibly correct the adverse effect of bias (due to the score-level mismatch between training and test sets) on fusion. While in practice the class-conditional Gaussian assumption is not always true, the estimated performance is found to be acceptable. Our second contribution is to exploit the user-specific prior knowledge by limiting the class-conditional Gaussian assumption to each user. We exploit this hypothesis in two strategies. In the first strategy, we combine a user-specific fusion classifier with a user-independent fusion classifier by means of two LLR scores, which are then weighted to obtain a single output. We show that combining both user-specific and user-independent LLR outputs always results in improved performance than using the better of the two. In the second strategy, we propose a statistic called the user-specific F-ratio, which measures the discriminative power of a given user based on the Gaussian assumption. Although similar class separability measures exist, e.g., the Fisher-ratio for a two-class problem and the d-prime statistic, F-ratio is more suitable because it is related to Equal Error Rate in a closed form. F-ratio is used in the following applications: a user-specific score normalization procedure, a user-specific criterion to rank users and a user-specific fusion operator that selectively considers a subset of systems for fusion. The resultant fusion operator leads to a statistically significantly increased performance with respect to the state-of-the-art fusion approaches. Even though the applications are different, the proposed methods share the following common advantages. Firstly, they are robust to deviation from the Gaussian assumption. Secondly, they are robust to few training data samples thanks to Bayesian adaptation. Finally, they consider both the client and impostor information simultaneously

Secure Authentication for Mobile Users

RÉSUMÉ :L’authentification biométrique telle que les empreintes digitales et la biométrie faciale a changé la principale méthode d’authentification sur les appareils mobiles. Les gens inscrivent facilement leurs modèles d’empreintes digitales ou de visage dans différents systèmes d’authentification pour profiter de leur accès facile au smartphone sans avoir besoin de se souvenir et de saisir les codes PIN/mots de passe conventionnels. Cependant, ils ne sont pas conscients du fait qu’ils stockent leurs caractéristiques physiologiques ou comportementales durables sur des plates-formes non sécurisées (c’est-à-dire sur des téléphones mobiles ou sur un stockage en nuage), menaçant la confidentialité de leurs modèles biométriques et de leurs identités. Par conséquent, un schéma d’authentification est nécessaire pour préserver la confidentialité des modèles biométriques des utilisateurs et les authentifier en toute sécurité sans compter sur des plates-formes non sécurisées et non fiables.La plupart des études ont envisagé des approches logicielles pour concevoir un système d’authentification sécurisé. Cependant, ces approches ont montré des limites dans les systèmes d’authentification sécurisés. Principalement, ils souffrent d’une faible précision de vérification, en raison des transformations du gabarit (cancelable biometrics), de la fuite d’informations (fuzzy commitment schemes) ou de la réponse de vérification non en temps réel, en raison des calculs coûteux (homomorphic encryption).---------- ABSTRACT: Biometric authentication such as fingerprint and face biometrics has changed the main authentication method on mobile devices. People easily enroll their fingerprint or face template on different authentication systems to take advantage of their easy access to the smartphone with no need to remember and enter the conventional PINs/passwords. However, they are not aware that they store their long-lasting physiological or behavioral characteristics on insecure platforms (i.e., on mobile phones or on cloud storage), threatening the privacy of their biometric templates and their identities. Therefore, an authentication scheme is required to preserve the privacy of users’ biometric templates and securely authenticate them without relying on insecure and untrustworthy platforms. Most studies have considered software-based approaches to design a privacy-reserving authentication system. However, these approaches have shown limitations in secure authentication systems. Mainly, they suffer from low verification accuracy, due to the template transformations (in cancelable biometrics), information leakage (in fuzzy commitment schemes), or non real-time verification response, due to the expensive computations (in homomorphic encryption)

Digital watermarking methods for data security and authentication

Philosophiae Doctor - PhDCryptology is the study of systems that typically originate from a consideration of the ideal circumstances under which secure information exchange is to take place. It involves the study of cryptographic and other processes that might be introduced for breaking the output of such systems - cryptanalysis. This includes the introduction of formal mathematical methods for the design of a cryptosystem and for estimating its theoretical level of securit

A mobile toolkit and customised location server for the creation of cross-referencing location-based services

Although there are several Software Development kits and Application Programming Interfaces for client-side location-based services development, they mostly involve the creation of self-referencing location-based services. Self-referencing location-based services include services such as geocoding, reverse geocoding, route management and navigation which focus on satisfying the location-based requirements of a single mobile device. There is a lack of open-source Software Development Kits for the development of client-side location-based services that are cross-referencing. Cross-referencing location-based services are designed for the sharing of location information amongst different entities on a given network. This project was undertaken to assemble, through incremental prototyping, a client-side Java Micro Edition location-based services Software Development Kit and a Mobicents location server to aid mobile network operators and developers alike in the quick creation of the transport and privacy protection of cross-referencing location-based applications on Session Initiation Protocol bearer networks. The privacy of the location information is protected using geolocation policies. Developers do not need to have an understanding of Session Initiation Protocol event signaling specifications or of the XML Configuration Access Protocol to use the tools that we put together. The developed tools are later consolidated using two sample applications, the friend-finder and child-tracker services. Developer guidelines are also provided, to aid in using the provided tools

A mobile toolkit and customised location server for the creation of cross-referencing location-based services

Although there are several Software Development kits and Application Programming Interfaces for client-side location-based services development, they mostly involve the creation of self-referencing location-based services. Self-referencing location-based services include services such as geocoding, reverse geocoding, route management and navigation which focus on satisfying the location-based requirements of a single mobile device. There is a lack of open-source Software Development Kits for the development of client-side location-based services that are cross-referencing. Cross-referencing location-based services are designed for the sharing of location information amongst different entities on a given network. This project was undertaken to assemble, through incremental prototyping, a client-side Java Micro Edition location-based services Software Development Kit and a Mobicents location server to aid mobile network operators and developers alike in the quick creation of the transport and privacy protection of cross-referencing location-based applications on Session Initiation Protocol bearer networks. The privacy of the location information is protected using geolocation policies. Developers do not need to have an understanding of Session Initiation Protocol event signaling specifications or of the XML Configuration Access Protocol to use the tools that we put together. The developed tools are later consolidated using two sample applications, the friend-finder and child-tracker services. Developer guidelines are also provided, to aid in using the provided tools