research-article

Public Access

EchoLock: Towards Low-effort Mobile User Identification Leveraging Structure-borne Echos

Authors:
Yilin Yang

Rutgers University, New Brunswick, NJ, USA

Rutgers University, New Brunswick, NJ, USA
View Profile

,
Yan Wang

Temple University, Philadelphia, PA, USA

Temple University, Philadelphia, PA, USA
View Profile

,
Yingying Chen

Rutgers University, New Brunswick, NJ, USA

Rutgers University, New Brunswick, NJ, USA
View Profile

,
Chen Wang

Louisiana State University, Baton Rouge, LA, USA

Louisiana State University, Baton Rouge, LA, USA
View Profile

ASIA CCS '20: Proceedings of the 15th ACM Asia Conference on Computer and Communications SecurityOctober 2020Pages 772–783https://doi.org/10.1145/3320269.3384741

Published:05 October 2020Publication History

ASIA CCS '20: Proceedings of the 15th ACM Asia Conference on Computer and Communications Security

Pages 772–783

ABSTRACT

Many existing identification approaches require active user input, specialized sensing hardware, or personally identifiable information such as fingerprints or face scans. In this paper, we propose EchoLock, a low-effort identification scheme that validates the user by sensing hand geometry via commodity microphones and speakers. EchoLock can serve as a complementary verification method for high-end devices or as a stand-alone user identification scheme for lower-end devices without using privacy-sensitive features. In addition to security applications, our system can also personalize user interactions with smart devices, such as automatically adapting settings or preferences when different people are holding smart remotes. To this end, we study the impact of hands on structure borne sound propagation in mobile devices and develop a user identification scheme that can measure, quantify, and exploit distinct sound reflections in order to differentiate distinct identities. Particularly, we propose a non-intrusive hand sensing technique to derive unique acoustic features in both time and frequency domain, which can effectively capture the physiological and behavioral traits of a user's hand (e.g., hand contours, finger sizes, holding strengths, and holding styles). Furthermore, learning-based algorithms are developed to robustly identify the user under various environments and conditions. We conduct extensive experiments with 20 participants, gathering 80,000 hand geometry samples using different hardware setups across 160 key use case scenarios. Our results show that EchoLock is capable of identifying users with over 94% accuracy, without requiring any active user input.

Supplemental Material

3320269.3384741.mp4

mp4

35.4 MB

Download

References

2019. Internet of Things (IoT) connected devices installed base worldwide from 2015 to 2025 (in billions). https://www.statista.com/statistics/471264/iot-number-of-connected-devices-worldwide/.Google Scholar
2019. Material Sound Velocities. https://www.olympus-ims.com/en/ndt-tutorials/thickness-gage/appendices-velocities/.Google Scholar
Abbas Acar, Hidayet Aksu, A. Selcuk Uluagac, and Kemal Akkaya. 2018. WACA: Wearable-Assisted Continuous Authentication. In IEEE Symposium on Security and Privacy Workshops.Google Scholar
Amazon. 2018. Fire TV Stick. https://developer.amazon.com/docs/fire-tv/device-specifications-fire-tv-stick.html.Google Scholar
Apple. 2018. Apple iOS. support.apple.com.Google Scholar
Kaoru Ashihara. 2007. Hearing thresholds for pure tones above 16 kHz. The Journal of the Acoustical Society of America, Vol. 122, 3 (2007).Google ScholarCross Ref
Silvio Barra, Maria De Marsico, Michele Nappi, Fabio Narducci, and Daniel Riccio. 2019. A hand-based biometric system in visible light for mobile environments. Information Sciences, Vol. 479 (2019), 472--485.Google ScholarCross Ref
Todd Bishop. 2019. Amazon's Blink unveils new security camera with 'exclusive' chip and two-year battery life. https://www.geekwire.com/2019/amazons-blink-unveils-new-security-camera-proprietary-chip-enables-two-year-battery-life/.Google Scholar
Cam Bunton. 2016. Samsung Galaxy Note 7 iris scanner. https://www.pocket-lint.com/phones/news/samsung/138335-samsung-galaxy-note-7-iris-scanner-what-is-it-and-how-does-it-work.Google Scholar
J. Guerra Casanova, C. Sánchez Ávila, A. de Santos Sierra, G. Bailador del Pozo, and V. Jara Vera. 2010. A Real-Time In-Air Signature Biometric Technique Using a Mobile Device Embedding an Accelerometer. In Networked Digital Technologies, Filip Zavoral, Jakub Yaghob, Pit Pichappan, and Eyas El-Qawasmeh (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 497--503.Google Scholar
Chih-Chung Chang and Chih-Jen Lin. 2011. LIBSVM: a library for support vector machines. ACM Transactions on Intelligent Systems and Technology (TIST), Vol. 2, 3 (2011), 27.Google ScholarDigital Library
Ivan Cherapau, Ildar Muslukhov, Nalin Asanka, and Konstantin Beznosov. 2015. On the Impact of Touch ID on iPhone Passcodes.. In Symposium on Usable Privacy and Security (SOUPS). 257--276.Google Scholar
Hsin-Yi Chiang and Sonia Chiasson. 2013. Improving user authentication on mobile devices: a touchscreen graphical password. In Proceedings of the 15th International Conference on Human-computer interaction with mobile devices and services. MobileHCI.Google ScholarDigital Library
Sonia Chiasson, Paul C van Oorschot, and Robert Biddle. 2007. Graphical password authentication using cued click points. In Computer Security--ESORICS 2007. Springer, 359--374.Google ScholarDigital Library
Eric Chiu. 2017. Google's CEO Wants 30 dollar Smartphones For Developing Countries. https://www.ibtimes.com/googles-ceo-wants-30-smartphones-developing-countries-2471321/.Google Scholar
Mohammed E. Fathy, Vishal M. Patel, and Rama Chellappa. 2015. Face-based Active Authentication on mobile devices. In Proceedings of the International Conference on Acoustics, Speech and Signal Processing. IEEE.Google ScholarCross Ref
Jeremy Ford. 2011. 80 dollar Android Phone Sells Like Hotcakes in Kenya, the World Next? https://singularityhub.com/2011/08/16/80-android-phone-sells-like-hotcakes-in-kenya-the-world-next/.Google Scholar
Google. 2019. Android Developer Resources. https://developer.android.com/ reference/android/media/AudioRecord.html.Google Scholar
Marian Harbach, Emanuel von Zezchwitz, Andreas Fichtner, Alexander De Luca, and Matthew Smith. 2014. It's a Hard Lock Life: A Field Study of Smartphone (Un)Locking Behavior and Risk Perception. In Proceedings of the Tenth Symposium on Usable Privacy and Security (SOUP). SOUP, 213--224.Google Scholar
R.C. Johnson, Walter J. Scheirer, and Terrance E. Boult. 2013. Secure voice-based authentication for mobile devices: vaulted voice verification. In Proceedings of Biometric and Surveillance Technology for Human and Activity Identification. SPIE.Google Scholar
Sven Kratz and Md Tanvir Islam Aumi. 2014. AirAuth: a biometric authentication system using in-air hand gestures. In CHI'14 Extended Abstracts on Human Factors in Computing Systems. ACM, 499--502.Google ScholarDigital Library
Jian Liu, Hongbo Liu, Yingying Chen, Yan Wang, and Chen Wang. 2019. Wireless Sensing for Human Activity: A Survey. IEEE Communications Surveys & Tutorials (2019).Google Scholar
Jian Liu, Chen Wang, Yingying Chen, and Nitesh Saxena. 2017. VibWrite: Towards finger-input authentication on ubiquitous surfaces via physical vibration. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM, 73--87.Google ScholarDigital Library
Beth Logan et al. 2000. Mel Frequency Cepstral Coefficients for Music Modeling.. In ISMIR, Vol. 270. 1--11.Google Scholar
Andrew Martinik. 2018. How to customize Active Edge on the Google Pixel 3. https://www.androidcentral.com/how-customize-active-edge-pixel-3.Google Scholar
Surbhi Mathur, Ankit Vjay, Jidnya Shah, Shreyasi Das, and Adil Malla. 2016. Methodology for partial fingerprint enrollment and authentiation on mobile devices. In Proceedings of the International Conference on Biometrics. IEEE.Google Scholar
Meinard Müller, Frank Kurth, and Michael Clausen. 2005. Audio Matching via Chroma-Based Statistical Features.. In ISMIR, Vol. 2005. 6th.Google Scholar
Yanzhi Ren, Yingying Chen, Mooi Choo Chuah, and Jie Yang. 2014. User Verification Leveraging Gait Recognition For Smartphone Enabled Mobile Healthcare Systems. IEEE Transactions on Mobile Computing (2014).Google Scholar
Yanzhi Ren, Chen Wang, Yingying Chen, Mooi Choo Chuah, and Jie Yang. 2015. Critical segment based real-time e-signature for securing mobile transactions. In 2015 IEEE Conference on Communications and Network Security (CNS). IEEE, 7--15.Google ScholarCross Ref
Jan Rychlewski. 1984. On Hooke's law. Journal of Applied Mathematics and Mechanics, Vol. 48, 3 (1984), 303--314.Google ScholarCross Ref
Napa Sae-Bae, Kowsar Ahmed, Katherine Isbister, and Nasir Memon. 2012. Biometric-rich Gestures: A Novel Approach to Authentication on Multi-touch Devices. In Proceedings of ACM SIGCHI.Google ScholarDigital Library
Muhammad Shahzad, Alex X Liu, and Arjmand Samuel. 2013. Secure unlocking of mobile touch screen devices by simple gestures: You can see it but you can not do it. In ACM MobiCom. 39--50.Google Scholar
Ke Sun, Ting Zhao, Wei Wang, and Lei Xie. 2018. VSkin: Sensing Touch Gestures on Surfaces of Mobile Devices Using Acoustic Signals. In Proceedings of the 24th Annual International Conference on Mobile Computing and Networking. 591--605.Google ScholarDigital Library
Xiaoyuan Suo, Ying Zhu, and G Scott Owen. 2005. Graphical passwords: A survey. In Proceedings of the 21st Annual Computer Security Applications Conference. IEEE.Google ScholarDigital Library
TSYS. 2016. 2016 U.S. Consumer Payment Study. https://www.tsys. com/Assets/TSYS/downloads/rs_2016-us-consumer-payment-study.pdf.Google Scholar
Yu-Chih Tung and Kang G. Shin. 2015. EchoTag: Accurate Infrastructure-Free Indoor Location Tagging with Smartphones. In Proceedings of the 21st Annual International Conference on Mobile Computing and Networking. 525--536.Google Scholar
Yu-Chih Tung and Kang G. Shin. 2016. Expansion of Human-Phone Interface By Sensing Structure-Borne Sound Propagation. In Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and Services. 277--289.Google Scholar
Sebastian Uellenbeck, Markus Dürmuth, Christopher Wolf, and Thorsten Holz. 2013. Quantifying the security of graphical passwords: the case of android unlock patterns. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security. 161--172.Google ScholarDigital Library
Dirk Van Bruggen, Shu Liu, Mitch Kajzer, Aaron Striegel, Charles R. Crowell, and D'Arcy John. 2013. Modifying Smartphone User Locking Behavior. In Proceedings of the Ninth Symposium on Usable Privacy and Security (SOUP). SOUP, 213--224.Google ScholarDigital Library
Chen Wang, Yan Wang, Yingying Chen, Hongbo Liu, and Jian Liu. 2020. User authentication on mobile devices: Approaches, threats and trends. Computer Networks, Vol. 170 (2020), 107--118. https://doi.org/10.1016/j.comnet.2020.107118Google ScholarDigital Library
WeChat. 2017. Voiceprint. https://thenextweb.com/apps/2015/03/25/wechat-on-ios-now-lets-you-log-in-using-just-your-voice/.Google Scholar
Nan Zheng, Kun Bai, Hai Huang, and Haining Wang. 2014. You Are How You Touch: User Verification on Smartphones via Tapping Behaviors.. In ICNP, Vol. 14. 221--232.Google Scholar
Yu Zhong and Yunbin Deng. 2014. Sensor orientation invariant mobile gait biometrics. In Proceedings of the IEEE International Joint Conference on Biometrics. IEEE.Google ScholarCross Ref
Bing Zhou, Jay Lohokare, Ruipeng Gao, and Fan Ye. 2018a. EchoPrint: Two-factor Authentication using Acoustics and Vision on Smartphones. In Proceedings of the 24th Annual International Conference on Mobile Computing and Networking. 321--336.Google ScholarDigital Library
Man Zhou, Qian Wang, Jingxiao Yang, Qi Li, Feng Xiao, Zhibo Wang, and Xiaofeng Chen. 2018b. PatternListener: Cracking Android Pattern Lock Using Acoustic Signals. In ACM Conference on Computer and Communications Security.Google ScholarDigital Library

Index Terms

EchoLock: Towards Low-effort Mobile User Identification Leveraging Structure-borne Echos
1. Security and privacy
  1. Security services
    1. Authentication

Recommendations

Augmenting User Identification with WiFi Based Gesture Recognition

Over the last few years, researchers have proposed several WiFi based gesture recognition systems that can recognize predefined gestures performed by users at runtime. As most environments are inhabited by multiple users, the true potential of WiFi based ...
Read More
An ear canal deformation based continuous user authentication using earables
MobiCom '21: Proceedings of the 27th Annual International Conference on Mobile Computing and Networking

Biometric-based authentication is gaining increasing attention for wearables and mobile applications. Meanwhile, the growing adoption of sensors in wearables also provides opportunities to capture novel wearable biometrics. In this work, we propose ...
Read More
Evaluation of Bone-Conducted Cross-Talk Sound in the Head for Biometric Identification
IC3INA '21: Proceedings of the 2021 International Conference on Computer, Control, Informatics and Its Applications

Just like a fingerprint, every human head has its own uniqueness. To take advantage of its unique geometrical and physical characteristics, we can insert an inward-facing microphone into the ear canal to record sound coming from a bone conduction ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
ASIA CCS '20: Proceedings of the 15th ACM Asia Conference on Computer and Communications Security
October 2020
957 pages
ISBN:9781450367509
DOI:10.1145/3320269
General Chairs:
Hung-Min Sun
National Tsing Hua University, Taiwan
,
Shiuhpyng Shieh
National Chiao Tung University, Taiwan
,
Program Chairs:
Guofei Gu
Texas A&M University, USA
,
Giuseppe Ateniese
Stevens Institute of Technology, USA
Copyright © 2020 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 5 October 2020
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
acoustic sensing
biometrics
internet of things
user identification
Qualifiers
- research-article
Conference

Acceptance Rates
Overall Acceptance Rate418of2,322submissions,18%
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 7
  Total Citations
  View Citations
- 477
  Total Downloads
- Downloads (Last 12 months)111
- Downloads (Last 6 weeks)9
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

EchoLock: Towards Low-effort Mobile User Identification Leveraging Structure-borne Echos

ASIA CCS '20: Proceedings of the 15th ACM Asia Conference on Computer and Communications Security

ABSTRACT

Supplemental Material

References

Cited By

Index Terms

Recommendations

Augmenting User Identification with WiFi Based Gesture Recognition

An ear canal deformation based continuous user authentication using earables

Evaluation of Bone-Conducted Cross-Talk Sound in the Head for Biometric Identification