Skip to main content
main-content

Tipp

Weitere Kapitel dieses Buchs durch Wischen aufrufen

2020 | OriginalPaper | Buchkapitel

Reflexive Memory Authenticator: A Proposal for Effortless Renewable Biometrics

verfasst von : Nikola K. Blanchard, Siargey Kachanovich, Ted Selker, Florentin Waligorski

Erschienen in: Emerging Technologies for Authorization and Authentication

Verlag: Springer International Publishing

share
TEILEN

Abstract

Today’s biometric authentication systems are still struggling with replay attacks and irrevocable stolen credentials. This paper introduces a biometric protocol that addresses such vulnerabilities. The approach prevents identity theft by being based on memory creation biometrics. It takes inspiration from two different authentication methods, eye biometrics and challenge systems, as well as a novel biometric feature: the pupil memory effect. The approach can be adjusted for arbitrary levels of security, and credentials can be revoked at any point with no loss to the user. The paper includes an analysis of its security and performance, and shows how it could be deployed and improved.
Fußnoten
1
Meaning that the person trying to authenticate is blocked after three failed attempts.
 
2
This is enough for the users to have high memory performance as in [37], while still being faster than nearly all password composition policies [46].
 
Literatur
1.
Zurück zum Zitat Asghar, H.J., Li, S., Pieprzyk, J., Wang, H.: Cryptanalysis of the convex hull click human identification protocol. Int. J. Inf. Secur. 12(2), 83–96 (2013) MATHCrossRef Asghar, H.J., Li, S., Pieprzyk, J., Wang, H.: Cryptanalysis of the convex hull click human identification protocol. Int. J. Inf. Secur. 12(2), 83–96 (2013) MATHCrossRef
2.
Zurück zum Zitat Ashby, C., Bhatia, A., Tenore, F., Vogelstein, J.: Low-cost electroencephalogram (EEG) based authentication. In: 5th International IEEE/EMBS Conference on Neural Engineering - NER, pp. 442–445. IEEE (2011) Ashby, C., Bhatia, A., Tenore, F., Vogelstein, J.: Low-cost electroencephalogram (EEG) based authentication. In: 5th International IEEE/EMBS Conference on Neural Engineering - NER, pp. 442–445. IEEE (2011)
5.
Zurück zum Zitat Bowyer, K.W., Hollingsworth, K., Flynn, P.J.: Image understanding for iris biometrics: a survey. Comput. Vis. Image Underst. 110(2), 281–307 (2008) CrossRef Bowyer, K.W., Hollingsworth, K., Flynn, P.J.: Image understanding for iris biometrics: a survey. Comput. Vis. Image Underst. 110(2), 281–307 (2008) CrossRef
6.
Zurück zum Zitat Bradley, M.M., Lang, P.J.: Memory, emotion, and pupil diameter: repetition of natural scenes. Psychophysiology 52(9), 1186–1193 (2015) CrossRef Bradley, M.M., Lang, P.J.: Memory, emotion, and pupil diameter: repetition of natural scenes. Psychophysiology 52(9), 1186–1193 (2015) CrossRef
8.
Zurück zum Zitat Chiasson, S., Biddle, R., van Oorschot, P.C.: A second look at the usability of click-based graphical passwords. In: Proceedings of the 3rd Symposium on Usable Privacy and Security, SOUPS 2007, pp. 1–12. ACM, New York (2007) Chiasson, S., Biddle, R., van Oorschot, P.C.: A second look at the usability of click-based graphical passwords. In: Proceedings of the 3rd Symposium on Usable Privacy and Security, SOUPS 2007, pp. 1–12. ACM, New York (2007)
9.
Zurück zum Zitat Choudhury, B., Then, P., Issac, B., Raman, V., Haldar, M.: A survey on biometrics and cancelable biometrics systems. Int. J. Image Graph. 18, 1850006 (2018) CrossRef Choudhury, B., Then, P., Issac, B., Raman, V., Haldar, M.: A survey on biometrics and cancelable biometrics systems. Int. J. Image Graph. 18, 1850006 (2018) CrossRef
10.
Zurück zum Zitat Cody, S.: Do Only The Eyes Have It? Predicting subsequent memory with simultaneous neural and pupillometry data. Master’s thesis, The Ohio State University (2015) Cody, S.: Do Only The Eyes Have It? Predicting subsequent memory with simultaneous neural and pupillometry data. Master’s thesis, The Ohio State University (2015)
11.
Zurück zum Zitat Curran, M.T., Yang, J., Merrill, N., Chuang, J.: Passthoughts authentication with low cost EarEEG. In: IEEE 38th Annual International Conference of the Engineering in Medicine and Biology Society - EMBC, pp. 1979–1982. IEEE (2016) Curran, M.T., Yang, J., Merrill, N., Chuang, J.: Passthoughts authentication with low cost EarEEG. In: IEEE 38th Annual International Conference of the Engineering in Medicine and Biology Society - EMBC, pp. 1979–1982. IEEE (2016)
12.
Zurück zum Zitat Das, R., Maiorana, E., Campisi, P.: EEG biometrics using visual stimuli: a longitudinal study. IEEE Signal Process. Lett. 23(3), 341–345 (2016) CrossRef Das, R., Maiorana, E., Campisi, P.: EEG biometrics using visual stimuli: a longitudinal study. IEEE Signal Process. Lett. 23(3), 341–345 (2016) CrossRef
13.
Zurück zum Zitat Deravi, F., Guness, S.P.: Gaze trajectory as a biometric modality. In: Biosignals, pp. 335–341 (2011) Deravi, F., Guness, S.P.: Gaze trajectory as a biometric modality. In: Biosignals, pp. 335–341 (2011)
15.
Zurück zum Zitat Ferrante, M., Saltalamacchia, M.: The coupon collector’s problem. Materials Matemàtics 0001–35 (2014) Ferrante, M., Saltalamacchia, M.: The coupon collector’s problem. Materials Matemàtics 0001–35 (2014)
17.
Zurück zum Zitat Galdi, C., Nappi, M., Riccio, D., Wechsler, H.: Eye movement analysis for human authentication: a critical survey. Pattern Recogn. Lett. 84, 272–283 (2016) CrossRef Galdi, C., Nappi, M., Riccio, D., Wechsler, H.: Eye movement analysis for human authentication: a critical survey. Pattern Recogn. Lett. 84, 272–283 (2016) CrossRef
18.
Zurück zum Zitat German, R.L., Barber, K.S.: Consumer attitudes about biometric authentication. Technical report, University of Texas at Austin Center for Identity (2018) German, R.L., Barber, K.S.: Consumer attitudes about biometric authentication. Technical report, University of Texas at Austin Center for Identity (2018)
19.
Zurück zum Zitat Golla, M., Schnitzler, T., Dürmuth, M.: Will any password do? Exploring rate-limiting on the web. In: Who Are You ?! Adventures in Authentication (2016) Golla, M., Schnitzler, T., Dürmuth, M.: Will any password do? Exploring rate-limiting on the web. In: Who Are You ?! Adventures in Authentication (2016)
20.
Zurück zum Zitat Gomes, C.A., Montaldi, D., Mayes, A.: The pupil as an indicator of unconscious memory: introducing the pupil priming effect. Psychophysiology 52(6), 754–769 (2015) CrossRef Gomes, C.A., Montaldi, D., Mayes, A.: The pupil as an indicator of unconscious memory: introducing the pupil priming effect. Psychophysiology 52(6), 754–769 (2015) CrossRef
21.
Zurück zum Zitat Jensen, W., Gavrila, S., Korolev, V., et al.: Picture password: a visual login technique for mobile devices. Technical report, National Institute of Standards and Technology (2003) Jensen, W., Gavrila, S., Korolev, V., et al.: Picture password: a visual login technique for mobile devices. Technical report, National Institute of Standards and Technology (2003)
22.
Zurück zum Zitat Just, M., Aspinall, D.: Personal choice and challenge questions: a security and usability assessment. In: Proceedings of the 5th Symposium on Usable Privacy and Security, p. 8. ACM (2009) Just, M., Aspinall, D.: Personal choice and challenge questions: a security and usability assessment. In: Proceedings of the 5th Symposium on Usable Privacy and Security, p. 8. ACM (2009)
23.
Zurück zum Zitat Just, M., Aspinall, D.: Challenging challenge questions: an experimental analysis of authentication technologies and user behaviour. Policy Internet 2(1), 99–115 (2010) CrossRef Just, M., Aspinall, D.: Challenging challenge questions: an experimental analysis of authentication technologies and user behaviour. Policy Internet 2(1), 99–115 (2010) CrossRef
24.
Zurück zum Zitat Kafkas, A., Montaldi, D.: Recognition memory strength is predicted by pupillary responses at encoding while fixation patterns distinguish recollection from familiarity. Q. J. Exp. Psychol. 64(10), 1971–1989 (2011) CrossRef Kafkas, A., Montaldi, D.: Recognition memory strength is predicted by pupillary responses at encoding while fixation patterns distinguish recollection from familiarity. Q. J. Exp. Psychol. 64(10), 1971–1989 (2011) CrossRef
25.
Zurück zum Zitat Karthika, S., Devaki, P.: An efficient user authentication using captcha and graphical passwords - a survey. Int. J. Sci. Res. 3(11), 123 (2014) Karthika, S., Devaki, P.: An efficient user authentication using captcha and graphical passwords - a survey. Int. J. Sci. Res. 3(11), 123 (2014)
26.
Zurück zum Zitat Kasprowski, P., Komogortsev, O.V., Karpov, A.: First eye movement verification and identification competition at BTAS 2012. In: IEEE 5th International Conference on Biometrics: Theory, Applications and Systems - BTAS, pp. 195–202. IEEE (2012) Kasprowski, P., Komogortsev, O.V., Karpov, A.: First eye movement verification and identification competition at BTAS 2012. In: IEEE 5th International Conference on Biometrics: Theory, Applications and Systems - BTAS, pp. 195–202. IEEE (2012)
27.
28.
Zurück zum Zitat Kollreider, K., Fronthaler, H., Bigun, J.: Evaluating liveness by face images and the structure tensor. In: IEEE 4th Workshop on Automatic Identification Advanced Technologies - AutoID, pp. 75–80, October 2005 Kollreider, K., Fronthaler, H., Bigun, J.: Evaluating liveness by face images and the structure tensor. In: IEEE 4th Workshop on Automatic Identification Advanced Technologies - AutoID, pp. 75–80, October 2005
30.
Zurück zum Zitat Lee, C., Kim, J.: Cancelable fingerprint templates using minutiae-based bit-strings. J. Netw. Comput. Appl. 33(3), 236–246 (2010) CrossRef Lee, C., Kim, J.: Cancelable fingerprint templates using minutiae-based bit-strings. J. Netw. Comput. Appl. 33(3), 236–246 (2010) CrossRef
31.
Zurück zum Zitat de Leeuw, K.M.M., Bergstra, J.: The History of Information Security: A Comprehensive Handbook. Elsevier, Amsterdam (2007) de Leeuw, K.M.M., Bergstra, J.: The History of Information Security: A Comprehensive Handbook. Elsevier, Amsterdam (2007)
32.
Zurück zum Zitat Loftus, G.R.: Eye fixations and recognition memory for pictures. Cogn. Psychol. 3(4), 525–551 (1972) CrossRef Loftus, G.R.: Eye fixations and recognition memory for pictures. Cogn. Psychol. 3(4), 525–551 (1972) CrossRef
33.
Zurück zum Zitat Marcel, S., Millán, J.R.: Person authentication using brainwaves (EEG) and maximum a posteriori model adaptation. IEEE Trans. Pattern Anal. Mach. Intell. 29(4), 743–752 (2007) CrossRef Marcel, S., Millán, J.R.: Person authentication using brainwaves (EEG) and maximum a posteriori model adaptation. IEEE Trans. Pattern Anal. Mach. Intell. 29(4), 743–752 (2007) CrossRef
37.
Zurück zum Zitat Naber, M., Frässle, S., Rutishauser, U., Einhäuser, W.: Pupil size signals novelty and predicts later retrieval success for declarative memories of natural scenes. J. Vis. 13(2), 11–11 (2013) CrossRef Naber, M., Frässle, S., Rutishauser, U., Einhäuser, W.: Pupil size signals novelty and predicts later retrieval success for declarative memories of natural scenes. J. Vis. 13(2), 11–11 (2013) CrossRef
38.
Zurück zum Zitat Noton, D., Stark, L.: Scanpaths in saccadic eye movements while viewing and recognizing patterns. Vis. Res. 11(9), 929–942 (1971) CrossRef Noton, D., Stark, L.: Scanpaths in saccadic eye movements while viewing and recognizing patterns. Vis. Res. 11(9), 929–942 (1971) CrossRef
40.
Zurück zum Zitat Rajan, R., Selker, T., Lane, I.: Task load estimation and mediation using psycho-physiological measures. In: Proceedings of the 21st International Conference on Intelligent User Interfaces, pp. 48–59. ACM (2016) Rajan, R., Selker, T., Lane, I.: Task load estimation and mediation using psycho-physiological measures. In: Proceedings of the 21st International Conference on Intelligent User Interfaces, pp. 48–59. ACM (2016)
41.
Zurück zum Zitat Rayner, K.: Eye movement latencies for parafoveally presented words. Bull. Psychon. Soc. 11(1), 13–16 (1978) CrossRef Rayner, K.: Eye movement latencies for parafoveally presented words. Bull. Psychon. Soc. 11(1), 13–16 (1978) CrossRef
42.
Zurück zum Zitat Reddy, P.V., Kumar, A., Rahman, S., Mundra, T.S.: A new antispoofing approach for biometric devices. IEEE Trans. Biomed. Circ. Syst. 2(4), 328–37 (2008) CrossRef Reddy, P.V., Kumar, A., Rahman, S., Mundra, T.S.: A new antispoofing approach for biometric devices. IEEE Trans. Biomed. Circ. Syst. 2(4), 328–37 (2008) CrossRef
43.
Zurück zum Zitat Rigas, I., Abdulin, E., Komogortsev, O.: Towards a multi-source fusion approach for eye movement-driven recognition. Inf. Fusion 32, 13–25 (2016) CrossRef Rigas, I., Abdulin, E., Komogortsev, O.: Towards a multi-source fusion approach for eye movement-driven recognition. Inf. Fusion 32, 13–25 (2016) CrossRef
45.
Zurück zum Zitat Schechter, S., Brush, A.J.B., Egelman, S.: It’s no secret. Measuring the security and reliability of authentication via “secret” questions. In: 30th IEEE Symposium on Security and Privacy, pp. 375–390. IEEE (2009) Schechter, S., Brush, A.J.B., Egelman, S.: It’s no secret. Measuring the security and reliability of authentication via “secret” questions. In: 30th IEEE Symposium on Security and Privacy, pp. 375–390. IEEE (2009)
46.
Zurück zum Zitat Segreti, S.M., et al.: Diversify to survive: making passwords stronger with adaptive policies. In: 13th Symposium on Usable Privacy and Security - SOUPS, pp. 1–12. USENIX Association, Santa Clara, CA (2017) Segreti, S.M., et al.: Diversify to survive: making passwords stronger with adaptive policies. In: 13th Symposium on Usable Privacy and Security - SOUPS, pp. 1–12. USENIX Association, Santa Clara, CA (2017)
48.
Zurück zum Zitat Shape: 2018 credential spill report. Technical report, Shape Security (2018) Shape: 2018 credential spill report. Technical report, Shape Security (2018)
49.
Zurück zum Zitat Shin, S.W., Lee, M.K., Moon, D., Moon, K.: Dictionary attack on functional transform-based cancelable fingerprint templates. ETRI J. 31(5), 628–630 (2009) CrossRef Shin, S.W., Lee, M.K., Moon, D., Moon, K.: Dictionary attack on functional transform-based cancelable fingerprint templates. ETRI J. 31(5), 628–630 (2009) CrossRef
50.
Zurück zum Zitat Singh, S., Agarwal, G.: Integration of sound signature in graphical password authentication system. Int. J. Comput. Appl. 12(9), 11–13 (2011) Singh, S., Agarwal, G.: Integration of sound signature in graphical password authentication system. Int. J. Comput. Appl. 12(9), 11–13 (2011)
51.
Zurück zum Zitat Sluganovic, I., Roeschlin, M., Rasmussen, K.B., Martinovic, I.: Using reflexive eye movements for fast challenge-response authentication. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS 2016, pp. 1056–1067. ACM, New York (2016) Sluganovic, I., Roeschlin, M., Rasmussen, K.B., Martinovic, I.: Using reflexive eye movements for fast challenge-response authentication. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS 2016, pp. 1056–1067. ACM, New York (2016)
52.
Zurück zum Zitat Wiedenbeck, S., Waters, J., Birget, J.C., Brodskiy, A., Memon, N.: Passpoints: design and longitudinal evaluation of a graphical password system. Int. J. Hum Comput Stud. 63(1–2), 102–127 (2005) CrossRef Wiedenbeck, S., Waters, J., Birget, J.C., Brodskiy, A., Memon, N.: Passpoints: design and longitudinal evaluation of a graphical password system. Int. J. Hum Comput Stud. 63(1–2), 102–127 (2005) CrossRef
53.
Zurück zum Zitat Zviran, M., Haga, W.J.: Cognitive passwords: the key to easy access control. Comput. Secur. 9(8), 723–736 (1990) CrossRef Zviran, M., Haga, W.J.: Cognitive passwords: the key to easy access control. Comput. Secur. 9(8), 723–736 (1990) CrossRef
Metadaten
Titel
Reflexive Memory Authenticator: A Proposal for Effortless Renewable Biometrics
verfasst von
Nikola K. Blanchard
Siargey Kachanovich
Ted Selker
Florentin Waligorski
Copyright-Jahr
2020
DOI
https://doi.org/10.1007/978-3-030-39749-4_7

Premium Partner