Authenticating Users with 3D Passwords Captured by Motion Sensors

Monday, November 6, 2017 - 12:00pm to 1:00pm
Meeting room 2265, Storey Innovation Center.

Department of Computer Science and Engineering
University of South Carolina

Author : Tian Jing
Advisor : Dr. Wenyuan Xu
Date : Nov 6th 2017
Time : 12:00 pm
Place : Meeting room 2265, Innovation Center.


Authentication plays a key role in securing various resources including corporate facilities or electronic assets. As the most used authentication scheme, knowledge-based authentication is easy to use but its security is bounded by how much a user can remember. Biometrics-based authentication requires no memorization but ‘resetting’ a biometric password may not always be possible. Thus, we propose study several behavioral biometrics (i.e., mid-air gestures) for authentication which does not have the same privacy or availability concerns as of physiological biometrics.

In this dissertation, we first propose a user-friendly authentication system KinWrite that allows users to choose arbitrary, short and easy-to-memorize passwords while providing resilience to password cracking and password theft. Specifically, we let users write their passwords (i.e., signatures in the 3D space), and verify a user’s identity with similarities between the user’s password and enrolled password templates. Dynamic time warping distance is used for similarity calculation between 3D passwords samples.

In the second part of the dissertation, we design an authentication scheme that does not depend on the handwriting contents, i.e., regardless of the written words or symbols, and adapt challenge-response mechanism to avoid possible eavesdropping, man-in-the-middle attacks, and reply attacks. We design a MoCRA system that utilizes Leap Motion to capture users’ writing movements and use writing style to verify users, even if what they write during the verification is completely different from what they write during the enrollment. Specifically, MoCRA leverages co-occurrence matrices to model the handwriting styles, and use a Support Vector Machine (SVM) to accept a legitimate user and reject the rest.

In the third part, we study both security and usability performance on multiple types of mid-air gestures that used as passwords, including writing signatures in the air. We objectively quantify the usability performance by metrics related to the enroll time and the complexity of the gestures, and evaluate the security performance by the authentication performance. In addition, we subjectively evaluate the gestures by survey responses from both field subjects who participated in gesture experiments and on-line subjects who watched a short video on gesture introducing. Finally, we study the consistency of gestures over samples collected in a two-month period, and evaluate their security under shoulder surfing attacks.