ABSTRACT
Many existing identification approaches require active user input, specialized sensing hardware, or personally identifiable information such as fingerprints or face scans. In this paper, we propose EchoLock, a low-effort identification scheme that validates the user by sensing hand geometry via commodity microphones and speakers. EchoLock can serve as a complementary verification method for high-end devices or as a stand-alone user identification scheme for lower-end devices without using privacy-sensitive features. In addition to security applications, our system can also personalize user interactions with smart devices, such as automatically adapting settings or preferences when different people are holding smart remotes. To this end, we study the impact of hands on structure borne sound propagation in mobile devices and develop a user identification scheme that can measure, quantify, and exploit distinct sound reflections in order to differentiate distinct identities. Particularly, we propose a non-intrusive hand sensing technique to derive unique acoustic features in both time and frequency domain, which can effectively capture the physiological and behavioral traits of a user's hand (e.g., hand contours, finger sizes, holding strengths, and holding styles). Furthermore, learning-based algorithms are developed to robustly identify the user under various environments and conditions. We conduct extensive experiments with 20 participants, gathering 80,000 hand geometry samples using different hardware setups across 160 key use case scenarios. Our results show that EchoLock is capable of identifying users with over 94% accuracy, without requiring any active user input.
Supplemental Material
- 2019. Internet of Things (IoT) connected devices installed base worldwide from 2015 to 2025 (in billions). https://www.statista.com/statistics/471264/iot-number-of-connected-devices-worldwide/.Google Scholar
- 2019. Material Sound Velocities. https://www.olympus-ims.com/en/ndt-tutorials/thickness-gage/appendices-velocities/.Google Scholar
- Abbas Acar, Hidayet Aksu, A. Selcuk Uluagac, and Kemal Akkaya. 2018. WACA: Wearable-Assisted Continuous Authentication. In IEEE Symposium on Security and Privacy Workshops.Google Scholar
- Amazon. 2018. Fire TV Stick. https://developer.amazon.com/docs/fire-tv/device-specifications-fire-tv-stick.html.Google Scholar
- Apple. 2018. Apple iOS. support.apple.com.Google Scholar
- Kaoru Ashihara. 2007. Hearing thresholds for pure tones above 16 kHz. The Journal of the Acoustical Society of America, Vol. 122, 3 (2007).Google ScholarCross Ref
- Silvio Barra, Maria De Marsico, Michele Nappi, Fabio Narducci, and Daniel Riccio. 2019. A hand-based biometric system in visible light for mobile environments. Information Sciences, Vol. 479 (2019), 472--485.Google ScholarCross Ref
- Todd Bishop. 2019. Amazon's Blink unveils new security camera with 'exclusive' chip and two-year battery life. https://www.geekwire.com/2019/amazons-blink-unveils-new-security-camera-proprietary-chip-enables-two-year-battery-life/.Google Scholar
- Cam Bunton. 2016. Samsung Galaxy Note 7 iris scanner. https://www.pocket-lint.com/phones/news/samsung/138335-samsung-galaxy-note-7-iris-scanner-what-is-it-and-how-does-it-work.Google Scholar
- J. Guerra Casanova, C. Sánchez Ávila, A. de Santos Sierra, G. Bailador del Pozo, and V. Jara Vera. 2010. A Real-Time In-Air Signature Biometric Technique Using a Mobile Device Embedding an Accelerometer. In Networked Digital Technologies, Filip Zavoral, Jakub Yaghob, Pit Pichappan, and Eyas El-Qawasmeh (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 497--503.Google Scholar
- Chih-Chung Chang and Chih-Jen Lin. 2011. LIBSVM: a library for support vector machines. ACM Transactions on Intelligent Systems and Technology (TIST), Vol. 2, 3 (2011), 27.Google ScholarDigital Library
- Ivan Cherapau, Ildar Muslukhov, Nalin Asanka, and Konstantin Beznosov. 2015. On the Impact of Touch ID on iPhone Passcodes.. In Symposium on Usable Privacy and Security (SOUPS). 257--276.Google Scholar
- Hsin-Yi Chiang and Sonia Chiasson. 2013. Improving user authentication on mobile devices: a touchscreen graphical password. In Proceedings of the 15th International Conference on Human-computer interaction with mobile devices and services. MobileHCI.Google ScholarDigital Library
- Sonia Chiasson, Paul C van Oorschot, and Robert Biddle. 2007. Graphical password authentication using cued click points. In Computer Security--ESORICS 2007. Springer, 359--374.Google ScholarDigital Library
- Eric Chiu. 2017. Google's CEO Wants 30 dollar Smartphones For Developing Countries. https://www.ibtimes.com/googles-ceo-wants-30-smartphones-developing-countries-2471321/.Google Scholar
- Mohammed E. Fathy, Vishal M. Patel, and Rama Chellappa. 2015. Face-based Active Authentication on mobile devices. In Proceedings of the International Conference on Acoustics, Speech and Signal Processing. IEEE.Google ScholarCross Ref
- Jeremy Ford. 2011. 80 dollar Android Phone Sells Like Hotcakes in Kenya, the World Next? https://singularityhub.com/2011/08/16/80-android-phone-sells-like-hotcakes-in-kenya-the-world-next/.Google Scholar
- Google. 2019. Android Developer Resources. https://developer.android.com/ reference/android/media/AudioRecord.html.Google Scholar
- Marian Harbach, Emanuel von Zezchwitz, Andreas Fichtner, Alexander De Luca, and Matthew Smith. 2014. It's a Hard Lock Life: A Field Study of Smartphone (Un)Locking Behavior and Risk Perception. In Proceedings of the Tenth Symposium on Usable Privacy and Security (SOUP). SOUP, 213--224.Google Scholar
- R.C. Johnson, Walter J. Scheirer, and Terrance E. Boult. 2013. Secure voice-based authentication for mobile devices: vaulted voice verification. In Proceedings of Biometric and Surveillance Technology for Human and Activity Identification. SPIE.Google Scholar
- Sven Kratz and Md Tanvir Islam Aumi. 2014. AirAuth: a biometric authentication system using in-air hand gestures. In CHI'14 Extended Abstracts on Human Factors in Computing Systems. ACM, 499--502.Google ScholarDigital Library
- Jian Liu, Hongbo Liu, Yingying Chen, Yan Wang, and Chen Wang. 2019. Wireless Sensing for Human Activity: A Survey. IEEE Communications Surveys & Tutorials (2019).Google Scholar
- Jian Liu, Chen Wang, Yingying Chen, and Nitesh Saxena. 2017. VibWrite: Towards finger-input authentication on ubiquitous surfaces via physical vibration. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM, 73--87.Google ScholarDigital Library
- Beth Logan et al. 2000. Mel Frequency Cepstral Coefficients for Music Modeling.. In ISMIR, Vol. 270. 1--11.Google Scholar
- Andrew Martinik. 2018. How to customize Active Edge on the Google Pixel 3. https://www.androidcentral.com/how-customize-active-edge-pixel-3.Google Scholar
- Surbhi Mathur, Ankit Vjay, Jidnya Shah, Shreyasi Das, and Adil Malla. 2016. Methodology for partial fingerprint enrollment and authentiation on mobile devices. In Proceedings of the International Conference on Biometrics. IEEE.Google Scholar
- Meinard Müller, Frank Kurth, and Michael Clausen. 2005. Audio Matching via Chroma-Based Statistical Features.. In ISMIR, Vol. 2005. 6th.Google Scholar
- Yanzhi Ren, Yingying Chen, Mooi Choo Chuah, and Jie Yang. 2014. User Verification Leveraging Gait Recognition For Smartphone Enabled Mobile Healthcare Systems. IEEE Transactions on Mobile Computing (2014).Google Scholar
- Yanzhi Ren, Chen Wang, Yingying Chen, Mooi Choo Chuah, and Jie Yang. 2015. Critical segment based real-time e-signature for securing mobile transactions. In 2015 IEEE Conference on Communications and Network Security (CNS). IEEE, 7--15.Google ScholarCross Ref
- Jan Rychlewski. 1984. On Hooke's law. Journal of Applied Mathematics and Mechanics, Vol. 48, 3 (1984), 303--314.Google ScholarCross Ref
- Napa Sae-Bae, Kowsar Ahmed, Katherine Isbister, and Nasir Memon. 2012. Biometric-rich Gestures: A Novel Approach to Authentication on Multi-touch Devices. In Proceedings of ACM SIGCHI.Google ScholarDigital Library
- Muhammad Shahzad, Alex X Liu, and Arjmand Samuel. 2013. Secure unlocking of mobile touch screen devices by simple gestures: You can see it but you can not do it. In ACM MobiCom. 39--50.Google Scholar
- Ke Sun, Ting Zhao, Wei Wang, and Lei Xie. 2018. VSkin: Sensing Touch Gestures on Surfaces of Mobile Devices Using Acoustic Signals. In Proceedings of the 24th Annual International Conference on Mobile Computing and Networking. 591--605.Google ScholarDigital Library
- Xiaoyuan Suo, Ying Zhu, and G Scott Owen. 2005. Graphical passwords: A survey. In Proceedings of the 21st Annual Computer Security Applications Conference. IEEE.Google ScholarDigital Library
- TSYS. 2016. 2016 U.S. Consumer Payment Study. https://www.tsys. com/Assets/TSYS/downloads/rs_2016-us-consumer-payment-study.pdf.Google Scholar
- Yu-Chih Tung and Kang G. Shin. 2015. EchoTag: Accurate Infrastructure-Free Indoor Location Tagging with Smartphones. In Proceedings of the 21st Annual International Conference on Mobile Computing and Networking. 525--536.Google Scholar
- Yu-Chih Tung and Kang G. Shin. 2016. Expansion of Human-Phone Interface By Sensing Structure-Borne Sound Propagation. In Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and Services. 277--289.Google Scholar
- Sebastian Uellenbeck, Markus Dürmuth, Christopher Wolf, and Thorsten Holz. 2013. Quantifying the security of graphical passwords: the case of android unlock patterns. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security. 161--172.Google ScholarDigital Library
- Dirk Van Bruggen, Shu Liu, Mitch Kajzer, Aaron Striegel, Charles R. Crowell, and D'Arcy John. 2013. Modifying Smartphone User Locking Behavior. In Proceedings of the Ninth Symposium on Usable Privacy and Security (SOUP). SOUP, 213--224.Google ScholarDigital Library
- Chen Wang, Yan Wang, Yingying Chen, Hongbo Liu, and Jian Liu. 2020. User authentication on mobile devices: Approaches, threats and trends. Computer Networks, Vol. 170 (2020), 107--118. https://doi.org/10.1016/j.comnet.2020.107118Google ScholarDigital Library
- WeChat. 2017. Voiceprint. https://thenextweb.com/apps/2015/03/25/wechat-on-ios-now-lets-you-log-in-using-just-your-voice/.Google Scholar
- Nan Zheng, Kun Bai, Hai Huang, and Haining Wang. 2014. You Are How You Touch: User Verification on Smartphones via Tapping Behaviors.. In ICNP, Vol. 14. 221--232.Google Scholar
- Yu Zhong and Yunbin Deng. 2014. Sensor orientation invariant mobile gait biometrics. In Proceedings of the IEEE International Joint Conference on Biometrics. IEEE.Google ScholarCross Ref
- Bing Zhou, Jay Lohokare, Ruipeng Gao, and Fan Ye. 2018a. EchoPrint: Two-factor Authentication using Acoustics and Vision on Smartphones. In Proceedings of the 24th Annual International Conference on Mobile Computing and Networking. 321--336.Google ScholarDigital Library
- Man Zhou, Qian Wang, Jingxiao Yang, Qi Li, Feng Xiao, Zhibo Wang, and Xiaofeng Chen. 2018b. PatternListener: Cracking Android Pattern Lock Using Acoustic Signals. In ACM Conference on Computer and Communications Security.Google ScholarDigital Library
Index Terms
- EchoLock: Towards Low-effort Mobile User Identification Leveraging Structure-borne Echos
Recommendations
Augmenting User Identification with WiFi Based Gesture Recognition
Over the last few years, researchers have proposed several WiFi based gesture recognition systems that can recognize predefined gestures performed by users at runtime. As most environments are inhabited by multiple users, the true potential of WiFi based ...
An ear canal deformation based continuous user authentication using earables
MobiCom '21: Proceedings of the 27th Annual International Conference on Mobile Computing and NetworkingBiometric-based authentication is gaining increasing attention for wearables and mobile applications. Meanwhile, the growing adoption of sensors in wearables also provides opportunities to capture novel wearable biometrics. In this work, we propose ...
Evaluation of Bone-Conducted Cross-Talk Sound in the Head for Biometric Identification
IC3INA '21: Proceedings of the 2021 International Conference on Computer, Control, Informatics and Its ApplicationsJust like a fingerprint, every human head has its own uniqueness. To take advantage of its unique geometrical and physical characteristics, we can insert an inward-facing microphone into the ear canal to record sound coming from a bone conduction ...
Comments