1 / 28

Muhammad Shahzad Alex X. Liu Dept. of Computer Science and Engineering

Secure Unlocking of Mobile Touch Screen Devices by Simple Gestures – You can see it but you can not do it. Arjmand Samuel Microsoft Research. Muhammad Shahzad Alex X. Liu Dept. of Computer Science and Engineering Michigan State University.

lindsay
Download Presentation

Muhammad Shahzad Alex X. Liu Dept. of Computer Science and Engineering

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Secure Unlocking of Mobile Touch Screen Devices by Simple Gestures – You can see it but you can not do it Arjmand Samuel Microsoft Research Muhammad Shahzad Alex X. Liu Dept. of Computer Science and Engineering Michigan State University

  2. Security Sensitive Information in Mobile Device

  3. PIN/Password based Authentication Shoulder surfing Smudge attack

  4. Gesture based Authentication (GEAT) J. A. Ouellete and W. Wood. Habit and intention in everyday life: The multiple processes by which past behavior predicts future behavior. Psychological Bulletin, 124(1):54-74, July 1998. Not What they input but How they input Resilient to • Should surfing attack • Smudge attack Requires no extra hardware Scientific foundation: human behavior tends to be consistent in same context.

  5. Gestures for Authentication

  6. Data Collection and Analysis

  7. Data Collection Recruited 50 volunteers • Ages between 19 and 55 • students, faculty, corporate employees Gave phones with data collection app to volunteers Data collection app • Asked users to perform gestures shown on screen • Stored the samples in a cloud based storage

  8. 2 3 4 1 5 6 7 8

  9. Gesture Features Stroke time Displacement Magnitude Displacement Direction Inter-Stroke time • Stroke time • Inter-stroke time • Displacement magnitude • Displacement direction • Velocity magnitude • Velocity direction • Device Acceleration

  10. Stroke, Inter-stroke times Stroke times Inter-stroke times

  11. Displacement Magnitude

  12. Velocity Magnitude Volunteer 1 Volunteer 2

  13. Device Acceleration Volunteer 1 Volunteer 2

  14. GEAT Working Mechanism

  15. How GEAT works Collect training samples Generate classification model Securely unlock the phone

  16. Classification Model Noise removal Features for classification Classifier training and Gesture ranking

  17. Noise Removal Simple Moving Average (Low Pass Filter)

  18. Features for Classification Stroke based features Sub-stroke based features Features used • Stroke time • Inter-stroke time • Displacement magnitude • Displacement direction • Velocity magnitude • Velocity direction • Device Acceleration

  19. Feature Selection Discarded Selected

  20. Classifier training Single class classification Support Vector Distribution Estimation (SVDE) • RBF kernel • Grid search for optimal classifier parameters Gesture Ranking

  21. Securely unlocking the device Rejected Accepted Majority Voting Decision:Accepted Accepted

  22. Handling Multiple Behaviors Segregate the samples from different behaviors Generate Minimum Variance Partitions • Agglomerative Hierarchical Clustering • Wards Linkage Train classifiers for each cluster Test an unknown sample against each cluster

  23. Experimental Evaluation

  24. Accuracy Evaluation Single gesture Three gestures Avg EER • 4.8% with DA • 6.8% without DA Avg EER • 1.7% with DA • 3.7% without DA

  25. Multiple Behaviors

  26. Effect of System Parameters

  27. Conclusion Proposed a gesture based authentication scheme • Improves security and usability • Resilient to shoulder surfing attacks and smudge attacks • Handles multiple user behaviors • Evaluation through simulations and real world experiments More in the paper • Detailed data analysis • Technical details of • extracting multiple behaviors • determining duration and locations of sub-strokes • classifier training • more evaluation

  28. Questions?

More Related