Velody: Nonlinear vibration challenge-response for resilient user authentication

45Citations
Citations of this article
50Readers
Mendeley users who have this article in their library.
Get full text

Abstract

Biometrics have been widely adopted for enhancing user authentication, benefiting usability by exploiting pervasive and collectible unique characteristics from physiological or behavioral traits of human. However, successful attacks on “static” biometrics such as fingerprints have been reported where an adversary acquires users' biometrics stealthily and compromises non-resilient biometrics. To mitigate the vulnerabilities of static biometrics, we leverage the unique and nonlinear hand-surface vibration response and design a system called VELODY to defend against various attacks including replay and synthesis. The VELODY system relies on two major properties in hand-surface vibration responses: uniqueness, contributed by physiological characteristics of human hands, and nonlinearity, whose complexity prevents attackers from predicting the response to an unseen challenge. VELODY employs a challenge-response protocol. By changing the vibration challenge, the system elicits input-dependent nonlinear “symptoms” and unique spectrotemporal features in the vibration response, stopping both replay and synthesis attacks. Also, a large number of disposable challenge-response pairs can be collected during enrollment passively for daily authentication sessions. We build a prototype of VELODY with an off-the-shelf vibration speaker and accelerometers to verify its usability and security through a comprehensive user experiment. Our results show that VELODY demonstrates both strong security and long-term consistency with a low equal error rate (EER) of 5.8% against impersonation attack while correctly rejecting all other attacks including replay and synthesis attacks using a very short vibration challenge.

Cite

CITATION STYLE

APA

Li, J., Fawaz, K., & Kim, Y. (2019). Velody: Nonlinear vibration challenge-response for resilient user authentication. In Proceedings of the ACM Conference on Computer and Communications Security (pp. 1201–1213). Association for Computing Machinery. https://doi.org/10.1145/3319535.3354242

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free