kinwrite: handwriting-based authentication using kinect proceedings of the 20th annual network &...

KinWrite: Handwriting-Based Authentication Using Kinect

Proceedings of the 20th Annual Network & Distributed System Security Symposium,

NDSS 2013  

Jing Tian, Wenyuan Xu and Song WangDept. of Computer Science and Engineering, University of South CarolinaChengzhang QuSchool of Computer Science, Wuhan University

OutlineIntroduction

KinWrite ArchitectureData Processing & Feature ExtractionTemplate Selection and Verification

Experiment and Evaluation

Conclusion

2

Introduction(1/4)Authentication plays a key role in securing various resources including corporate facilities or electronic assets.

Authentication mechanisms can be divided into three categoriesknowledge-basedtoken-basedbiometrics-based.

3

Introduction(2/4)There are some requirements of the system

Around-the-Clock Use.Rapid Enrollment.Rapid Verification.No Unauthorized Access.Low False Negative.

4

Introduction(3/4) There are some possible categories of attack :

Random Attack

Observer Attack

Content-Aware Attack

Educated Attack

Insider Attack

5

Introduction(4/4)In this paper, we propose a user-friendly authentication system, called KinWrite.allows users to choose short and easy-to-memorize passwords while

providing resilience to password cracking and password theft.

For instance, a Kinect can be installed at the entrance of a building.

6

KinWrite Architecture

7

KinWrite Architecture

8

Data ProcessingWe construct a refined 3D-signature from a raw depth image sequenceFingertip localizationSignature normalizationSignature smoothing

9

fingertip localizationWe choose a small number of the first K = 3 frames, and find the pixel with the minimum-depth value in each frame.If they show good temporal continuity, we consider them as the

fingertip positions in these K frames and process all the other frames.

Otherwise, we remove the first frame of these K frames and add the next frame.

given the fingertip position(t) =((t); (t); (t)) at the t-th frame

The fingertip position should only vary in a small range between two consecutive frames.we only search within a small region (4040 pixels) centered at in

frame (t + 1) for the fingertip position

10

Signature normalizationThe size of a signature in the xy image plane may vary when the distance between the user and the Kinect sensor changes.

We scale the raw 3D-signatures into a 111 bounding box.

11

Signature smoothing Apply a Kalman filter to smooth the raw 3D-signatures

We choose the time-independent variance as the variance of the fingertip positions.

12

KinWrite Architecture

13

Feature SelectionPosition and Position Difference between Frames

◦ The fingertip position in the t-th frame :◦ the inter-frame position difference :

Velocity :

Magnitude of acceleration :

Slope Angle :

Path Angle :

Log radius of curvature :

curvature :

14

15

Feature ProcessingFirst, we normalize each feature such that it conforms to a normal Gaussian distribution N(0,1) over all the frames.

Second, we weigh each feature differently to achieve a better performance.selected a small set of training samples for each signatureverified these training samples using the Dynamic Time

Warping(DTW) classifiersimply consider the average verification rate over all signatures as the

weight for this feature

16

Dynamic Time Warping (DTW) We use DTW to quantify the difference between two 3D signature samples.◦ Time warping can compensate the feature difference caused by the

signing speed.

Given two 3D-signature samples, we denote their feature vectors

construct a N1 N2 distance matrix D with

17

KinWrite Architecture

18

Template Selectionwe simply choose the most representative 3D-signature sample from the training set.given n training 3D signature samplescalculate the pairwise DTW distance choose the template that has the minimum total DTW distance

to all these n samples

19

Threshold Selection We calculate the DTW distance between the template of a user u and all the M training samples (from all the users), and sort them.

20

KinWrite Architecture

21

22

Experiment and Evaluation

We use the Microsoft Kinect for data collection.

The resolution of the depth image to 240320 pixels (30 fps).

The distance between the user and the Kinect was in the range of [1.5, 2.5] meters.

We studied 18 users who provided 35 different 3D-signatures.

For each signature, we collected 18 to 47 3D-signature samples over a period of five months.

In total, we collected 1180 genuine 3D-signature samples for 35 signatures.

Data Acquisition

23

Evaluation Matrix

the number of true positives

the number of false positives

the number of true negatives

the number of false negatives

Precision reflects how cautious the system is to accept a user

Recallquantifies the fraction of honest users that have been granted access

out of all honest users

24

Evaluation Matrix

the number of true positives

the number of false positives

the number of true negatives

the number of false negatives

ROC curve stands for receiver operating characteristic curvea plot of true positive rate (TPR) over false positive rate (FPR)

An ideal system has 100% TPR and 0% FPRmeans all honest users can pass the verification while none of the

attackers can fool the system

25

Evaluate the impact of training size

26

Performance(1/2)

27

Performance(2/2)

28

29

30

Data AcquisitionWe selected four signatures as the victims with the spelling being “Bry”, “Jy”, “ma”, and “Tj”.

considered the other 31 signatures as random attackers

collected 1200 attack samples for all types of attackersCA : 6 attackers 10 samples 4 signatures = 240 attack samplesOb-1 : 12 attackers samples signatures = 240 attack samplesOb-4 : 12 attackers samples signatures = 240 attack samplesCA-Ob4 : 12 attackers samples signatures = 240 attack samplesInsider : 6 attackers 10 samples 4 signatures = 240 attack samples

31

Performance

32

Performance

33

Conclusion We have designed a behavior-based authentication system called KinWrite that can be used for building access control.

To evaluate the performance of KinWrite, we collected 1180 samples for 35 different signatures over five months.

In addition, we modelled 5 types of attackers and collected 1200 3D signature samples from 18 ‘attackers’.

These results suggest that KinWrite can deny the access requests from all unauthorized users with a high probability, and honest users can acquire access with 1.3 trials on average.

34

35

Thanks for your listening!