Enabling Finger-touch-based Mobile User Authentication via Physical Vibrations on IoT Devices

Abstract : This work enables mobile user authentication via finger inputs on ubiquitous surfaces leveraging low-cost physical vibration. The system we proposed extends finger-input authentication beyond touch screens to any solid surface for IoT devices (e.g., smart access systems and IoT appliances). Unlike passcode or biometrics-based solutions, it integrates passcode, behavioral and physiological characteristics, and surface dependency together to provide a low-cost, tangible and enhanced security solution. The proposed system builds upon a touch sensing technique with vibration signals that can operate on surfaces constructed from a broad range of materials. New algorithms are developed to discriminate fine-grained finger inputs and supports three independent passcode secrets including PIN number, lock pattern, and simple gestures by extracting unique features in the frequency domain to capture both behavioral and physiological characteristics including contacting area, touching force, and etc. The system is implemented using a single pair of low-cost portable vibration motor and receiver that can be easily attached to any surface (e.g., a door panel, a stovetop or an appliance). Extensive experiments demonstrate that our system can authenticate users with high accuracy (e.g., over 97% within two trials), low false positive rate (e.g., less 2%) and is robust to various types of attacks.

 EXISTING SYSTEM :

 ? Many existing authentication approaches require active input from the user or specialized sensing hardware, and studies on mobile device usage show significant interest in less inconvenient procedures. ? Existing solutions in the market are typically considered effective and fast, but do have some limitations regarding ease of use. ? We designed EchoLock as a fast and low effort user authentication scheme using existing hardware components to detect and process structure-borne sound waves. ? Existing studies propose to leverage the difference between the propagation speed of the structure-borne signal and that of the airborne signal to separate them.

 DISADVANTAGE :

 ? Many devices, however, exhibit considerable attenuation problems when transmitting frequencies exceeding 20kHz due to hardware imperfections in onboard speakers. ? Pressure from the hand applied to the device has a unique and observable impact on structure-borne sound propagation. ? We find simple learning-based algorithms (i.e., SVM and LDA) are sufficient to robustly identify the user considering various impact factors. ? We also investigate the impact of accessories that may transform the properties of the user’s hand or device structure, such as gloves or smartphone cases. ? Therefore, the value of d directly influences the training data selection and further impacts the performance of TouchPass.

 PROPOSED SYSTEM :

 • The proposed system does not require any input from the user and is non-invasive by utilizing a inaudible frequencies. • Graph-based authentication, such as lock patterns and image-based authentications , are proposed to ease the mental burden. • Our proposed technique does not depend on personally identifiable information, active user inputs, long input time, or specialized hardware. • We have proposed EchoLock, an inexpensive, nonintrusive, and lightweight identification protocol deployable on commodity mobile devices or smart IoT devices. • We propose EchoLock, an original and inexpensive technique capable of secure, fast, and loweffort user identification utilizing only commodity speakers and microphones.

 ADVANTAGE :

 ? We then evaluate the performance of TouchPass under different behavioral biometrics, including touching positions, touching forces and supports for smartphones. ? A larger registration data size usually improve the performance of the system, but leads to tedious finger work. ? We evaluate the performance of TouchPass under different sampling rates of IMU sensors on smartphones. The authentication accuracy of TouchPass under different sampling rates. ? TouchPass actively generates vibration signals to authenticate users, the strength of vibration signals could impact the authentication performance. ? Then, by checking the duration of collected vibration signal, TouchPass can resist the advanced replay attack, while keep the performance of user authentication.