research-article

Pulse-Response: Exploring Human Body Impedance for Biometric Recognition

Authors:
Ivan Martinovic

University of Oxford, Oxford, United Kingdom

University of Oxford, Oxford, United Kingdom
View Profile

,
Kasper B. Rasmussen

University of Oxford, Oxford, United Kingdom

University of Oxford, Oxford, United Kingdom
View Profile

,
Marc Roeschlin

University of Oxford, Oxford, United Kingdom

University of Oxford, Oxford, United Kingdom
View Profile

,
Gene Tsudik

University of California, Irvine, USA

University of California, Irvine, USA
View Profile

Authors Info & Claims

ACM Transactions on Privacy and Security Volume 20 Issue 2Article No.: 6pp 1–31https://doi.org/10.1145/3064645

Published:25 May 2017Publication History

ACM Transactions on Privacy and Security

Abstract

Biometric characteristics are often used as a supplementary component in user authentication and identification schemes. Many biometric traits, both physiological and behavioral, offering a wider range of security and stability, have been explored. We propose a new physiological trait based on the human body’s electrical response to a square pulse signal, called pulse-response, and analyze how this biometric characteristic can be used to enhance security in the context of two example applications: (1) an additional authentication mechanism in PIN entry systems and (2) a means of continuous authentication on a secure terminal. The pulse-response biometric recognition is effective because each human body exhibits a unique response to a signal pulse applied at the palm of one hand and measured at the palm of the other. This identification mechanism integrates well with other established methods and could offer an additional layer of security, either on a continuous basis or at log-in time. We build a proof-of-concept prototype and perform experiments to assess the feasibility of pulse-response for biometric authentication. The results are very encouraging, achieving an equal error rate of 2% over a static dataset and 9% over a dataset with samples taken over several weeks. We also quantize resistance to attack by estimating individual worst-case probabilities for zero-effort impersonation in different experiments.

References

L. C. F. Araujo, L. H. R. Sucupira, Jr., M. G. Lizarraga, L. L. Ling, and J. B. T. Yabu-Uti. 2005. User authentication through typing biometrics features. IEEE Transactions on Signal Processing 53, 2, 851--855. Google ScholarDigital Library
Salil P. Banerjee and Damon L. Woodard. 2012. Biometric authentication and identification using keystroke dynamics: A survey. Journal of Pattern Recognition Research 7, 1 116--139.Google ScholarCross Ref
Claude Barral and Assia Tria. 2009. Fake fingers in fingerprint recognition: Glycerin supersedes gelatin. In Formal to Practical Security, Vronique Cortier, Claude Kirchner, Mitsuhiro Okada, and Hideki Sakurada (Eds.). Lecture Notes in Computer Science, Vol. 5458. Springer, Berlin, 57--69. Google ScholarDigital Library
Saleh Bleha, Charles Slivinsky, and Bassam Hussien. 1990. Computer-access security systems using keystroke dynamics. IEEE Transactions on Pattern Analysis and Machine Intelligence 12, 12, 1217--1222. Google ScholarDigital Library
Arman Boehm, Dongqu Chen, Mario Frank, Ling Huang, Cynthia Kuo, Tihomir Lolic, Ivan Martinovic, and Dawn Song. 2013. SAFE: Secure authentication with face and eyes. In International Conference on Privacy and Security in Mobile Systems (PRISMS’13). 1--8.Google ScholarCross Ref
Sungzoon Cho, Chigeun Han, Dae Hee Han, and Hyung il Kim. 2000. Web based keystroke dynamics identity verification using neural network. Journal of Organizational Computing and Electronic Commerce 10, 295--307.Google ScholarCross Ref
Nathan L. Clarke and Steven Furnell. 2007. Advanced user authentication for mobile devices. Computers 8 Security 26, 2, 109--119. Google ScholarDigital Library
Cory Cornelius, Ronald Peterson, Joseph Skinner, Ryan Halter, and David Kotz. 2014. A wearable system that knows who wears it. In Proceedings of the 12th Annual International Conference on Mobile Systems, Applications, and Services (MobiSys’14). 55--67. Google ScholarDigital Library
Cory Cornelius, Jacob Sorber, Ronald A. Peterson, Joe Skinner, Ryan J. Halter, and David Kotz. 2012. Who wears me? Bioimpedance as a passive biometric. In Proceedings of the 3rd USENIX Workshop on Health Security and Privacy (HealthSec’12), Carl A. Gunter and Zachary N. J. Peterson (Eds.). Google ScholarDigital Library
Alexander De Luca, Alina Hang, Frederik Brudy, Christian Lindner, and Heinrich Hussmann. 2012. Touch me once and I know it’s you&excl;: Implicit authentication based on touch screen patterns. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI’12). ACM, New York, NY, 987--996. Google ScholarDigital Library
I. Deutschmann, P. Nordstrom, and L. Nilsson. 2013. Continuous authentication using behavioral biometrics. IT Professional 15, 4, 12--15. Google ScholarDigital Library
Simon Eberz, Kasper Bonne Rasmussen, Vincent Lenders, and Ivan Martinovic. 2015. Preventing lunchtime attacks: Fighting insider threats with eye movement biometrics. In 22nd Annual Network and Distributed System Security Symposium (NDSS’15), San Diego, CA, February 8-11, 2014.Google ScholarCross Ref
Tom Fawcett. 2006. An introduction to ROC analysis. Pattern Recognition Letters 27, 8, 861--874. Google ScholarDigital Library
Tao Feng, Ziyi Liu, Kyeong-An Kwon, Weidong Shi, B. Carbunar, Yifei Jiang, and N. Nguyen. 2012. Continuous mobile authentication using touchscreen gestures. In IEEE Conference on Technologies for Homeland Security (HST’12). 451--456.Google Scholar
Mario Frank, Ralf Biedert, Eugene Ma, Ivan Martinovic, and Dawn Song. 2013. Touchalytics: On the applicability of touchscreen input as a behavioral biometric for continuous authentication. IEEE Transactions on Information Forensics and Security 8, 1, 136--148. Google ScholarDigital Library
Javier Galbally, Arun Ross, Marta Gomez-Barrero, Julian Fierrez, and Javier Ortega-Garcia. 2012. From the Iriscode to the Iris: A new vulnerability of iris recognition systems. White paper. In Briefings of the Black Hat Conference.Google Scholar
Hugo Gamboa and Ana Fred. 2004. A behavioral biometric system based on human-computer interaction, In Biometric Technology for Human Identification. Proceedings of SPIE 5404, 381--392.Google Scholar
R. Giot, M. El-Abed, and C. Rosenberger. 2009. Keystroke dynamics with low constraints SVM based passphrase enrollment. In IEEE 3rd International Conference on Biometrics: Theory, Applications, and Systems (BTAS’09). 1--6. Google ScholarDigital Library
Daniele Gunetti and Claudia Picardi. 2005. Keystroke analysis of free text. ACM Transactions on Information and System Security 8, 3, 312--347. Google ScholarDigital Library
Payas Gupta and Debin Gao. 2010. Fighting coercion attacks in key generation using skin conductance. In Proceedings of the 19th USENIX Conference on Security (USENIX Security’10). USENIX Association, Berkeley, CA, 30--30. Google ScholarDigital Library
Sylvain Hocquet, J.-Y. Ramel, and Hubert Cardot. 2005. Fusion of methods for keystroke dynamic authentication. In 4th IEEE Workshop on Automatic Identification Advanced Technologies (AutoID’05). IEEE, 224--229. Google ScholarDigital Library
Christian Holz and Marius Knaust. 2015. Biometric touch sensing: Seamlessly augmenting each touch with continuous authentication. In Proceedings of the 28th Annual ACM Symposium on User Interface Software 8 Technology. ACM, 303--312. Google ScholarDigital Library
Information Technology Laboratory -- National Institute of Standards and Technology. 2013. The Biometrics Resource Center. http://www.nist.gov/itl/csd/biometrics/index.cfm.Google Scholar
Anil K. Jain, Arun Ross, and Karthik Nandakumar. 2011. Introduction to Biometrics. Springer. Google ScholarDigital Library
Anil K. Jain, Arun Ross, and Sharath Pankanti. 2006. Biometrics: A tool for information security. IEEE Transactions on Information Forensics and Security 1, 2, 125--143. Google ScholarDigital Library
Zach Jorgensen and Ting Yu. 2011. On mouse dynamics as a behavioral biometric for authentication. In Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS’11). 476--482. Google ScholarDigital Library
Rick Joyce and Gopal Gupta. 1990. Identity authentication based on keystroke latencies. Communications of the ACM 33, 2, 168--176. Google ScholarDigital Library
Kevin S. Killourhy. 2012. A Scientific Understanding of Keystroke Dynamics. Ph.D. Dissertation. Carnegie Mellon University, Pittsburgh, PA. Google ScholarDigital Library
Lyra Nara. 2013. Hand Electrodes Brass (1 Pair). (2013). Retrieved April 15, 2017 from http://www.lyranara.com/hand-electrodes-brass-1-pair/.Google Scholar
Orjan G. Martinsen and Sverre Grimnes. 2011. Bioimpedance and Bioelectricity Basics. Academic Press, Cambridge, MA.Google Scholar
Fabian Monrose, Michael K. Reiter, and Susanne Wetzel. 1999. Password hardening based on keystroke dynamics. In Proceedings of the 6th ACM Conference on Computer and Communications Security (CCS’99). 73--82. Google ScholarDigital Library
Youssef Nakkabi, Issa Traoré, and Ahmed Awad E. Ahmed. 2010. Improving mouse dynamics biometric performance using variance reduction via extractors with separate features. IEEE Transactions on Systems, Man, and Cybernetics, Part A 40, 6, 1345--1353. Google ScholarDigital Library
National Science 8 Technology Council. 2006. Biometrics Frequently Asked Questions. http://biometrics.gov/Documents/FAQ.pdf.Google Scholar
Minh Duc Nguyen and Quang Minh Bui. 2009. Your face is NOT your password: Face authentication bypassing - Lenovo - Asus - Toshiba. White paper. In Briefings of the Black Hat Conference.Google Scholar
Koichiro Niinuma and Anil K. Jain. 2010. Continuous user authentication using temporal information. In Technology for Human Identification VII. Proceedings of SPIE 7667, 76670L--76670L--11.Google Scholar
Maja Pusara and Carla E. Brodley. 2004. User re-authentication via mouse movements. In Proceedings of the ACM Workshop on Visualization and Data Mining for Computer Security (VizSEC/DMSEC’04). 1--8. Google ScholarDigital Library
Kasper Bonne Rasmussen, Marc Roeschlin, Ivan Martinovic, and Gene Tsudik. 2014. Authentication using pulse-response biometrics. In Proceedings of the 21st Annual Network and Distributed System Security Symposium.Google Scholar
Kenneth Revett and Sérgio Tenreiro de Magalhães. 2010. Cognitive biometrics: Challenges for the future. In Global Security, Safety, and Sustainability, Sérgio Tenreiro de Magalhães, Hamid Jahankhani, and Ali G. Hessami (Eds.). Communications in Computer and Information Science, Vol. 92. Springer, 79--86.Google Scholar
Sensible Vision Inc. 2013. Facial Recognition Provides Continuous System Security. Retrieved April 15, 2017 from http://www.sensiblevision.com/en-us/fastaccessanywhere/overview.aspx.Google Scholar
R. Spillane. 1975. Keyboard apparatus for personal identification. IBM Technical Disclosure Bulletin 17, 3346.Google Scholar
Pin Shen Teh, Andrew Beng Jin Teoh, and Shigang Yue. 2013. A survey of keystroke dynamics biometrics. The Scientific World Journal 2013 (2013).Google Scholar
Chee Meng Tey, Payas Gupta, and Debin Gao. 2013. I can be you: Questioning the use of keystroke dynamics as biometrics. In 20th Annual Network and Distributed System Security Symposium (NDSS’13), San Diego, California, February 24--27, 2013. http://internetsociety.org/doc/i-can-be-you-questioning-use-keystroke-dynamics-biometrics.Google Scholar
Dat Tran, Wanli Ma, Girija Chetty, and Dharmendra Sharma. 2007. Fuzzy and Markov models for keystroke biometrics authentication. In Proceedings of the 7th WSEAS International Conference on Simulation, Modelling and Optimization (SMO’07). World Scientific and Engineering Academy and Society (WSEAS), Stevens Point, WI, 89--94. http://dl.acm.org/citation.cfm?id=1353862.1353878 Google ScholarDigital Library
David Umphress and Glen Williams. 1985. Identity verification through keyboard characteristics. International Journal of Man-- Machine Studies 23, 3, 263--273.Google ScholarCross Ref
VIRDI Biometric. 2009. How to make the fake fingerprints (by VIRDI). Video.Retrieved April 15, 2017 from http://www.youtube.com/watch?v=-H71tyMupqk last accessed 03.08.2013.Google Scholar
John Woodward, Nicholas Orlans, and Peter Higgins. 2003. Biometrics. McGraw-Hill/Osborne, New York, NY. Google ScholarDigital Library
Nan Zheng, Aaron Paloski, and Haining Wang. 2011. An efficient user verification system via mouse movements. In Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS’11). 139--150. Google ScholarDigital Library

Index Terms

Pulse-Response: Exploring Human Body Impedance for Biometric Recognition
1. Security and privacy
  1. Security services
    1. Access control
    2. Authentication
      1. Biometrics
      2. Multi-factor authentication

Recommendations

Activity related authentication using prehension biometrics

This paper presents an extensive study on prehension-based dynamic features and their use for biometric purposes. The term prehension describes the combined movement of reaching, grasping and manipulating objects. The motivation behind the proposed ...
Read More
An efficient approach to iris detection for iris biometric processing

Detection of iris in an eye image poses a number of challenges, such as inferior image quality, occlusion of eyelids, eyelashes etc. Owing to these problems, it is not possible to achieve 100% accuracy in any iris-based biometric authentication system. ...
Read More
Palmprint and Finger-Knuckle-Print for efficient person recognition based on Log-Gabor filter response

Person recognition systems based on biometrics are being increasingly utilized in any applications to enhance the security of physical and logical access systems. A number of biometric traits exist and are in use in various applications. Each biometric ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM Transactions on Privacy and Security Volume 20, Issue 2
May 2017
87 pages
ISSN:2471-2566
EISSN:2471-2574
DOI:10.1145/3064808
Editor:
David Basin
ETH Zurich, Switzerland
Issue’s Table of Contents
Copyright © 2017 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 25 May 2017
- Accepted: 1 March 2017
- Revised: 1 July 2016
- Received: 1 January 2016
Published in tops Volume 20, Issue 2

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Biometric authentication
biometric recognition
biometrics
continuous authentication
physiological trait
secure PIN entry
secure computer terminal
secure man--machine interaction
user identification
Qualifiers
- research-article
- Research
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 7
  Total Citations
  View Citations
- 511
  Total Downloads
- Downloads (Last 12 months)25
- Downloads (Last 6 weeks)1
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Pulse-Response: Exploring Human Body Impedance for Biometric Recognition

ACM Transactions on Privacy and Security

Abstract

References

Cited By

Index Terms

Recommendations

Activity related authentication using prehension biometrics

An efficient approach to iris detection for iris biometric processing

Palmprint and Finger-Knuckle-Print for efficient person recognition based on Log-Gabor filter response