kinwrite: handwriting-based authentication using kinect proceedings of the 20th annual network &...
TRANSCRIPT
KinWrite: Handwriting-Based Authentication Using Kinect
Proceedings of the 20th Annual Network & Distributed System Security Symposium,
NDSS 2013
Jing Tian, Wenyuan Xu and Song WangDept. of Computer Science and Engineering, University of South CarolinaChengzhang QuSchool of Computer Science, Wuhan University
OutlineIntroduction
KinWrite ArchitectureData Processing & Feature ExtractionTemplate Selection and Verification
Experiment and Evaluation
Conclusion
2
Introduction(1/4)Authentication plays a key role in securing various resources including corporate facilities or electronic assets.
Authentication mechanisms can be divided into three categoriesknowledge-basedtoken-basedbiometrics-based.
3
Introduction(2/4)There are some requirements of the system
Around-the-Clock Use.Rapid Enrollment.Rapid Verification.No Unauthorized Access.Low False Negative.
4
Introduction(3/4) There are some possible categories of attack :
Random Attack
Observer Attack
Content-Aware Attack
Educated Attack
Insider Attack
5
Introduction(4/4)In this paper, we propose a user-friendly authentication system, called KinWrite.allows users to choose short and easy-to-memorize passwords while
providing resilience to password cracking and password theft.
For instance, a Kinect can be installed at the entrance of a building.
6
KinWrite Architecture
7
KinWrite Architecture
8
Data ProcessingWe construct a refined 3D-signature from a raw depth image sequenceFingertip localizationSignature normalizationSignature smoothing
9
fingertip localizationWe choose a small number of the first K = 3 frames, and find the pixel with the minimum-depth value in each frame.If they show good temporal continuity, we consider them as the
fingertip positions in these K frames and process all the other frames.
Otherwise, we remove the first frame of these K frames and add the next frame.
given the fingertip position(t) =((t); (t); (t)) at the t-th frame
The fingertip position should only vary in a small range between two consecutive frames.we only search within a small region (4040 pixels) centered at in
frame (t + 1) for the fingertip position
10
Signature normalizationThe size of a signature in the xy image plane may vary when the distance between the user and the Kinect sensor changes.
We scale the raw 3D-signatures into a 111 bounding box.
11
Signature smoothing Apply a Kalman filter to smooth the raw 3D-signatures
We choose the time-independent variance as the variance of the fingertip positions.
12
KinWrite Architecture
13
Feature SelectionPosition and Position Difference between Frames
◦ The fingertip position in the t-th frame :◦ the inter-frame position difference :
Velocity :
Magnitude of acceleration :
Slope Angle :
Path Angle :
Log radius of curvature :
curvature :
14
15
Feature ProcessingFirst, we normalize each feature such that it conforms to a normal Gaussian distribution N(0,1) over all the frames.
Second, we weigh each feature differently to achieve a better performance.selected a small set of training samples for each signatureverified these training samples using the Dynamic Time
Warping(DTW) classifiersimply consider the average verification rate over all signatures as the
weight for this feature
16
Dynamic Time Warping (DTW) We use DTW to quantify the difference between two 3D signature samples.◦ Time warping can compensate the feature difference caused by the
signing speed.
Given two 3D-signature samples, we denote their feature vectors
construct a N1 N2 distance matrix D with
17
KinWrite Architecture
18
Template Selectionwe simply choose the most representative 3D-signature sample from the training set.given n training 3D signature samplescalculate the pairwise DTW distance choose the template that has the minimum total DTW distance
to all these n samples
19
Threshold Selection We calculate the DTW distance between the template of a user u and all the M training samples (from all the users), and sort them.
20
KinWrite Architecture
21
22
Experiment and Evaluation
We use the Microsoft Kinect for data collection.
The resolution of the depth image to 240320 pixels (30 fps).
The distance between the user and the Kinect was in the range of [1.5, 2.5] meters.
We studied 18 users who provided 35 different 3D-signatures.
For each signature, we collected 18 to 47 3D-signature samples over a period of five months.
In total, we collected 1180 genuine 3D-signature samples for 35 signatures.
Data Acquisition
23
Evaluation Matrix
the number of true positives
the number of false positives
the number of true negatives
the number of false negatives
Precision reflects how cautious the system is to accept a user
Recallquantifies the fraction of honest users that have been granted access
out of all honest users
24
Evaluation Matrix
the number of true positives
the number of false positives
the number of true negatives
the number of false negatives
ROC curve stands for receiver operating characteristic curvea plot of true positive rate (TPR) over false positive rate (FPR)
An ideal system has 100% TPR and 0% FPRmeans all honest users can pass the verification while none of the
attackers can fool the system
25
Evaluate the impact of training size
26
Performance(1/2)
27
Performance(2/2)
28
29
30
Data AcquisitionWe selected four signatures as the victims with the spelling being “Bry”, “Jy”, “ma”, and “Tj”.
considered the other 31 signatures as random attackers
collected 1200 attack samples for all types of attackersCA : 6 attackers 10 samples 4 signatures = 240 attack samplesOb-1 : 12 attackers samples signatures = 240 attack samplesOb-4 : 12 attackers samples signatures = 240 attack samplesCA-Ob4 : 12 attackers samples signatures = 240 attack samplesInsider : 6 attackers 10 samples 4 signatures = 240 attack samples
31
Performance
32
Performance
33
Conclusion We have designed a behavior-based authentication system called KinWrite that can be used for building access control.
To evaluate the performance of KinWrite, we collected 1180 samples for 35 different signatures over five months.
In addition, we modelled 5 types of attackers and collected 1200 3D signature samples from 18 ‘attackers’.
These results suggest that KinWrite can deny the access requests from all unauthorized users with a high probability, and honest users can acquire access with 1.3 trials on average.
34
35
Thanks for your listening!