Josef Ressel Center for User-friendly Secure Mobile Environments
User Authentication
Authentication: The Challenge
Nowadays people start to own and carry multiple mobile devices, such as smartphones, tablets, (smart) watches, etc. Usually, all of these devices contain sensitive information or have access to sensitive information which should be protected from unauthorized access. Most mobile devices therefore feature locking mechanisms with which the device can be unlocked using a PIN, password, unlock pattern or face/fingerprint unlock. In comparision to classic personal computer usage, mobile device usage differs in two main aspects: usage is usually more frequent as well as of shorter duration. This leads to "more unlocking-time per usage-time", for which unlocking mobile devices with currently established mechanisms is perceived as excessively displeasing - and further leads to the majority of users deactivating their mobile device locking mechanisms completely. For these reasons in u'smile we explore new ways of usable mobile device authentication mechanisms - utilizing e.g. face and gait authentication, or tranferring authentication state by e.g. briefly shaking mobile devices together.
Face Authentication
In u'smile we've investigated face authentication from two novel aspects: combining different perspectives of users' faces in pan shot face authentication and using range information in face detection and segmentation using head/face range templates.
Pan shot face authentication
With the pan shot face authentication/unlock face information from different perspectives is combined during authentication. To perform a pan shot face authentication users swipe their mobile devices with their camera pointed towards their face 180° around their heads. This leads to potential attackers needing more than just a simple frontal face image to perform an authentication attack ("photo attack"). Attackers would either require a 3D model of the user's head or a photo series showing the user from different perspectives and present them to the mobile device with correct timing while rotating the device.
Corresponding download section: Pan Shot Face Database
Corresponding publications in reverse chronological order: 09/2013, 08/2013, 12/2012
Range based face authentication
Based on the pan shot approach we've incorporated range information in the authentication process, namely in face detection, segmentation and authentication itself. Range information (representing the distance between object(s) and the camera) can be obtained using stereo cameras embeeded in mobile devices and stereo vision algorithms. For range based face detection we take advantage of the face most probably being biggest and closest object to the camera: we use range template matching to detect face size and position and (optionally) use GVF snakes to precisely segment the head border (which corresponds to high range declination). This segmentation is applied to both grayscale and range images to obtain range and grayscale face images - which are used in subsequent face recognition. Compared to grayscale face detection using range information yields more reliable results in a mobile authentication scenario, given sufficient range image quality. Further, for attackers, overcoming range authentication is more difficult as presenting more common grayscale images of authorized users is not sufficient anymore.
Corresponding download section: Pan Shot Face Database
Corresponding publications in reverse chronological order: 12/2013, 09/2013, 04/2013
Authentication State Transfer between Devices
Nowadays users start carrying multiple mobile devices, such as smartphones, (smart) watches, tablets, etc. Most of these devices feature a locking mechanism to protect device access. Further, these devices can stay unlocked for different periods. For example, a watch can stay unlocked as long as it is strapped to it's owners wrist - which could be through a complete day - while a smartphone should probably lock as soon as it is put aside. To minimize authentication effort across multiple devices u'smile investigates authentication state transfer between multiple mobile devices - which means unlocking yet locked devices using other, unlocked devices.
ShakeUnlock
ShakeUnlock features an authentication state transfer between two mobile devices equipped with accelerometers (such as a smartphone and watch) by briefly shaking both devices together. We're investigating shaking for authentication state transfer as it is easy to use, requires very less user attention, is fast to perform and hard to fake for attackers - and nearly all mobile devices feature sufficent acceleromters already.
Corresponding download section: ShakeUnlock Database
Corresponding publications in reverse chronological order: 12/2014
Optimal derotation of multidimensional acceleration timeseries
When measuring similarity of multiple 3D acceleration timeseries (like in ShakeUnlock above), spatial alignment of accelerometers is possibly unknown or cannot be determined exactly. This can be caused by unkown spatial alignment of the devices features the accelerometers (such as smartphones), and/or by manufactoring inexactness (sensor might be slightly rotated inside their housing devices). One approach commonly used to overcome unkown spatial alignment of multidimensional accelerometers is to compute and compare the timeseries magnitudes. Computing Acceleration magnitudes of two devices shaken together (cropped to 2s).magntidues discards rotation information completely. On the one hand, this compensates for the unknown, initial sensor alignment, but on the other hand, this also discards all other rotation information too. Other rotation accounts for rotation of sensors during timeseries recording: for example rotation could indicate that, while 3D acceleration sensor A was rotated at time T, sensor B was not rotated at time T - which would have been overlooked when comparing magnitudes. To preserve rotation information one approach is: first derotate timeseries to compensate for different spatial alignment of sensors, then perform similarity measurements. The optimal derotation between the two multidimensional timeseries maximizes similarity between timeseries (by minimizing their mean squared error/L2 norm). Derotating timeseries increases similarity for correlated timeseries samples (originated from same/similar sensor movement) - but of course also for not correlated samples (recorded e.g. at different time/location) or from different movement. However, experiments show that similarity gain for correlated samples is higher than for not correlated samples. Consequently, similarity related computations benefit from derotating timeseries to their optimal rotation before performing similarity related tasks.
Corresponding download section: ShakeUnlock Database
Corresponding publications in reverse chronological order: 10/2015, 12/2014
Authentication Framework: CORMORANT
CORMORANT combines our work on user authentication into an an extensible, risk-aware, multi-modal, crossdevice authentication framework that enables transparent continuous authentication using different biometrics across multiple trusted devices. The framework is available on GitHub.