Human Authentication - Nanjing University · 2019-11-06 · A New Class of Authentication ... “I...
Transcript of Human Authentication - Nanjing University · 2019-11-06 · A New Class of Authentication ... “I...
![Page 1: Human Authentication - Nanjing University · 2019-11-06 · A New Class of Authentication ... “I simply picked the best looking girl on each page ... ─Behavioral: Voice, Typing](https://reader033.fdocuments.net/reader033/viewer/2022050523/5fa6a82a426fe5260944c3b7/html5/thumbnails/1.jpg)
Human Authentication
Haipeng Dai
[email protected] CS Building
Department of Computer Science and TechnologyNanjing University
![Page 2: Human Authentication - Nanjing University · 2019-11-06 · A New Class of Authentication ... “I simply picked the best looking girl on each page ... ─Behavioral: Voice, Typing](https://reader033.fdocuments.net/reader033/viewer/2022050523/5fa6a82a426fe5260944c3b7/html5/thumbnails/2.jpg)
2
Human Authentication How do you prove to someone that you are who you
claim to be?─ Any system with access control must solve this problem
Mechanisms: ─ Something the user is
● e.g., fingerprint or retinal pattern, DNA sequence, unique bio-electric signals produced by the living body, or other biometric identifier
● IP address─ Something the user has
● e.g., ID card, security token, software token or cell phone─ Something the user knows
● e.g., a password, a pass phrase or a personal identification number (PIN)─ Something the user does
● e.g., voice recognition, signature, or gait
CSE825
![Page 3: Human Authentication - Nanjing University · 2019-11-06 · A New Class of Authentication ... “I simply picked the best looking girl on each page ... ─Behavioral: Voice, Typing](https://reader033.fdocuments.net/reader033/viewer/2022050523/5fa6a82a426fe5260944c3b7/html5/thumbnails/3.jpg)
3
Basic Password Authentication Setup
─ User chooses password─ Hash of password stored in password file
Authentication─ User logs into system, supplies password─ System computes hash, compares with the hash in password
file Attacks
─ Online dictionary attack● Guess passwords and try to log in
─ Offline dictionary attack● Steal password file, try to find p with hash(p) in file
CSE825
![Page 4: Human Authentication - Nanjing University · 2019-11-06 · A New Class of Authentication ... “I simply picked the best looking girl on each page ... ─Behavioral: Voice, Typing](https://reader033.fdocuments.net/reader033/viewer/2022050523/5fa6a82a426fe5260944c3b7/html5/thumbnails/4.jpg)
4
UNIX Password System Uses DES encryption as if it were a hash function
─ Encrypt NULL string using password as the key● Truncates passwords to 8 characters!● low-order 7 bits of each character is used to form the 56-bit DES key
─ Artificial slowdown: run DES 25 times
Problem: passwords are not truly random─ With 52 upper- and lower-case letters, 10 digits and 32 punctuation
symbols, there are 948 ≈ 6 quadrillion possible 8-character passwords─ Humans like to use dictionary words, human and pet names ≈ 1 million
common passwords
![Page 5: Human Authentication - Nanjing University · 2019-11-06 · A New Class of Authentication ... “I simply picked the best looking girl on each page ... ─Behavioral: Voice, Typing](https://reader033.fdocuments.net/reader033/viewer/2022050523/5fa6a82a426fe5260944c3b7/html5/thumbnails/5.jpg)
5
Dictionary Attack – some numbers Typical password dictionary
─ 1,000,000 entries of common passwords● people's names, common pet names, and ordinary words.
─ Suppose you generate and analyze 10 guesses per second● This may be reasonable for a web site; offline is much faster
─ Dictionary attack in at most 100,000 seconds = 28 hours, or 14 hours on average
If passwords were random─ Assume six-character password
● Upper- and lowercase letters, digits, 32 punctuation characters● 689,869,781,056 password combinations.● Exhaustive search requires 1,093 years on average
To prevent using one dictionary to crack many passwords, Unix uses the idea of salt: username|salt|MD(salt, password).
CSE825
![Page 6: Human Authentication - Nanjing University · 2019-11-06 · A New Class of Authentication ... “I simply picked the best looking girl on each page ... ─Behavioral: Voice, Typing](https://reader033.fdocuments.net/reader033/viewer/2022050523/5fa6a82a426fe5260944c3b7/html5/thumbnails/6.jpg)
6
Advantage of Salt Without salt
─ Same hash functions on all machines● Compute hash of all common strings once● Compare hash with all known password hashes
With salt─ One password hashed 212 different ways
● Precompute hash file?– Need much larger file to cover all common strings
● Dictionary attack on known password file– For each salt found in file, try all common strings
CSE825
![Page 7: Human Authentication - Nanjing University · 2019-11-06 · A New Class of Authentication ... “I simply picked the best looking girl on each page ... ─Behavioral: Voice, Typing](https://reader033.fdocuments.net/reader033/viewer/2022050523/5fa6a82a426fe5260944c3b7/html5/thumbnails/7.jpg)
7
Passwords in the Real World
From high school pranks…─ Student in Tyler changes school attendance records─ Students in California change grades
● Different authentication for network login and grade system, but teachers were using the same password (very common)
…to serious cash─ English accountant uses co-workers’ password to steal $17 million for
gambling
…to identity theft─ Helpdesk employee uses passwords of a credit card database to sell credit
reports to Nigerian scammers
[PasswordResearch.com]
![Page 8: Human Authentication - Nanjing University · 2019-11-06 · A New Class of Authentication ... “I simply picked the best looking girl on each page ... ─Behavioral: Voice, Typing](https://reader033.fdocuments.net/reader033/viewer/2022050523/5fa6a82a426fe5260944c3b7/html5/thumbnails/8.jpg)
8
Passwords and Computer Security First step after any successful intrusion: install sniffer or
keylogger to steal more passwords
Second step: run cracking tools on password files─ Usually on other hijacked computers
In Mitnick’s “Art of Intrusion”, 8 out of 9 exploits involve password stealing and/or cracking─ Excite@Home: usernames and passwords stored in the clear in
troubleshooting tickets─ “Dixie bank” hack: use default router password to change firewall rules to
enable incoming connections
![Page 9: Human Authentication - Nanjing University · 2019-11-06 · A New Class of Authentication ... “I simply picked the best looking girl on each page ... ─Behavioral: Voice, Typing](https://reader033.fdocuments.net/reader033/viewer/2022050523/5fa6a82a426fe5260944c3b7/html5/thumbnails/9.jpg)
9
Password Security Risks Keystroke loggers
─ Hardware● KeyGhost, KeyShark, others
─ Software (spyware)
Shoulder surfing Same password at multiple sites Broken implementations Social engineering
![Page 10: Human Authentication - Nanjing University · 2019-11-06 · A New Class of Authentication ... “I simply picked the best looking girl on each page ... ─Behavioral: Voice, Typing](https://reader033.fdocuments.net/reader033/viewer/2022050523/5fa6a82a426fe5260944c3b7/html5/thumbnails/10.jpg)
10
Default Passwords Examples from Mitnick’s “Art of Intrusion”
─ U.S. District Courthouse server: “public” / “public”─ NY Times employee database: pwd = last 4 SSN digits─ “Dixie bank”: break into router (pwd=“administrator”), then into IBM
AS/400 server (pwd=“administrator”), install keylogger to snarf other passwords ● “99% of people there used ‘password123’ as their password”
![Page 11: Human Authentication - Nanjing University · 2019-11-06 · A New Class of Authentication ... “I simply picked the best looking girl on each page ... ─Behavioral: Voice, Typing](https://reader033.fdocuments.net/reader033/viewer/2022050523/5fa6a82a426fe5260944c3b7/html5/thumbnails/11.jpg)
11
How People Use Passwords
Write them down Use a single password at multiple sites
─ Do you use the same password for Amazon and your bank account? Do you remember them all?
Make passwords easy to remember─ “password”, “Longhorns”, “Kevin123”
Some services use “secret questions”to reset passwords─ “What is your favorite pet’s name?”
![Page 12: Human Authentication - Nanjing University · 2019-11-06 · A New Class of Authentication ... “I simply picked the best looking girl on each page ... ─Behavioral: Voice, Typing](https://reader033.fdocuments.net/reader033/viewer/2022050523/5fa6a82a426fe5260944c3b7/html5/thumbnails/12.jpg)
12
Social Engineering Univ. of Sydney study (1996)
─ 336 CS students emailed asking for their passwords● Pretext: “validate” password database after suspected break-in
─ 138 returned their passwords
Treasury Dept. report (2005)─ Auditors pose as IT personnel attempting to correct a “network problem”─ 35 (of 100) IRS managers and employees provide their usernames and
change passwords to a known value
![Page 13: Human Authentication - Nanjing University · 2019-11-06 · A New Class of Authentication ... “I simply picked the best looking girl on each page ... ─Behavioral: Voice, Typing](https://reader033.fdocuments.net/reader033/viewer/2022050523/5fa6a82a426fe5260944c3b7/html5/thumbnails/13.jpg)
13
Strengthening Passwords Add biometrics
─ For example, keystroke dynamics or voiceprint─ Revocation is often a problem with biometrics
Graphical passwords─ Goal: increase the size of memorable password space
Rely on the difficulty of computer vision─ Face recognition is easy for humans, hard for machines─ Present user with a sequence of faces, he must pick the right face several
times in a row to log in
![Page 14: Human Authentication - Nanjing University · 2019-11-06 · A New Class of Authentication ... “I simply picked the best looking girl on each page ... ─Behavioral: Voice, Typing](https://reader033.fdocuments.net/reader033/viewer/2022050523/5fa6a82a426fe5260944c3b7/html5/thumbnails/14.jpg)
14slide 14
Graphical Passwords Images are easy for humans to remember
─ Especially if you invent a memorable story to go along with the images
Dictionary attacks on graphical passwords are believed to be difficult ─ Images are very “random” (is this true?)
Still not a perfect solution─ Need infrastructure for displaying and storing images─ Shoulder surfing
![Page 15: Human Authentication - Nanjing University · 2019-11-06 · A New Class of Authentication ... “I simply picked the best looking girl on each page ... ─Behavioral: Voice, Typing](https://reader033.fdocuments.net/reader033/viewer/2022050523/5fa6a82a426fe5260944c3b7/html5/thumbnails/15.jpg)
Passfaces Meets the Challenge
Secure and Usable
![Page 16: Human Authentication - Nanjing University · 2019-11-06 · A New Class of Authentication ... “I simply picked the best looking girl on each page ... ─Behavioral: Voice, Typing](https://reader033.fdocuments.net/reader033/viewer/2022050523/5fa6a82a426fe5260944c3b7/html5/thumbnails/16.jpg)
16
The Brain Deals with Faces Differently than Any Other Image
Face recognition is a dedicated process which is different from general object recognition.
Source: Face Recognition: A Literature Survey. National Institute of Standards and Technology
![Page 17: Human Authentication - Nanjing University · 2019-11-06 · A New Class of Authentication ... “I simply picked the best looking girl on each page ... ─Behavioral: Voice, Typing](https://reader033.fdocuments.net/reader033/viewer/2022050523/5fa6a82a426fe5260944c3b7/html5/thumbnails/17.jpg)
17
Recall vs. Recognize
You must RECALL a password You simply RECOGNIZE a face
Remember High School …. What kind of test did your prefer?
Fill in the Blank Multiple Choices
1 2 3 g f w y
![Page 18: Human Authentication - Nanjing University · 2019-11-06 · A New Class of Authentication ... “I simply picked the best looking girl on each page ... ─Behavioral: Voice, Typing](https://reader033.fdocuments.net/reader033/viewer/2022050523/5fa6a82a426fe5260944c3b7/html5/thumbnails/18.jpg)
18
Passface
Familiarize the user with a randomly-selected set of faces and check if they can recognize them when they see them again
It’s as easy as recognizing an old friend
![Page 19: Human Authentication - Nanjing University · 2019-11-06 · A New Class of Authentication ... “I simply picked the best looking girl on each page ... ─Behavioral: Voice, Typing](https://reader033.fdocuments.net/reader033/viewer/2022050523/5fa6a82a426fe5260944c3b7/html5/thumbnails/19.jpg)
19
How Passfaces Works
Users Are Assigned a Set of 5* Passfaces
User InterfaceLibrary of Faces
* Typical implementation – 3 to 7 possible as standard
![Page 20: Human Authentication - Nanjing University · 2019-11-06 · A New Class of Authentication ... “I simply picked the best looking girl on each page ... ─Behavioral: Voice, Typing](https://reader033.fdocuments.net/reader033/viewer/2022050523/5fa6a82a426fe5260944c3b7/html5/thumbnails/20.jpg)
20
How Passfaces Works 5 Passfaces are Associated with 40 associated decoys Passfaces are presented in five 3 by 3 matrices each having 1 Passface
and 8 decoys
![Page 21: Human Authentication - Nanjing University · 2019-11-06 · A New Class of Authentication ... “I simply picked the best looking girl on each page ... ─Behavioral: Voice, Typing](https://reader033.fdocuments.net/reader033/viewer/2022050523/5fa6a82a426fe5260944c3b7/html5/thumbnails/21.jpg)
21
New Users are Familiarized with their Passfaces
Users enroll with a 2 to 4 minute familiarization process
Using instant feedback, encouragement, and simple dialogs, users are trained until they can easily recognize their Passfaces
The process is optimized and presented like an easy game
Let’s PracticeLet’s Practice
Action
Click OnYour Passface
It’s Moving
(There is only One on this Page)
![Page 22: Human Authentication - Nanjing University · 2019-11-06 · A New Class of Authentication ... “I simply picked the best looking girl on each page ... ─Behavioral: Voice, Typing](https://reader033.fdocuments.net/reader033/viewer/2022050523/5fa6a82a426fe5260944c3b7/html5/thumbnails/22.jpg)
22
A New Class of Authentication
Passfaces represents a new, 4th class of authentication:Cognometrics
Recognition-Based Authentication
![Page 23: Human Authentication - Nanjing University · 2019-11-06 · A New Class of Authentication ... “I simply picked the best looking girl on each page ... ─Behavioral: Voice, Typing](https://reader033.fdocuments.net/reader033/viewer/2022050523/5fa6a82a426fe5260944c3b7/html5/thumbnails/23.jpg)
23
Empirical Results Experimental study of 154 computer science students at Johns
Hopkins and Carnegie Mellon Conclusions:
─ “… faces chosen by users are highly affected by the race of the user… the gender and attractiveness of the faces bias password choice… In the case of male users, we found this bias so severe that we do not believe it possible to make this scheme secure against an online attack…”
2 guesses enough for 10% of male users 8 guesses enough for 25% of male users
![Page 24: Human Authentication - Nanjing University · 2019-11-06 · A New Class of Authentication ... “I simply picked the best looking girl on each page ... ─Behavioral: Voice, Typing](https://reader033.fdocuments.net/reader033/viewer/2022050523/5fa6a82a426fe5260944c3b7/html5/thumbnails/24.jpg)
24
User Quotes
“I chose the images of the ladies which appealed the most” “I simply picked the best looking girl on each page” “In order to remember all the pictures for my login (after
forgetting my ‘password’ 4 times in a row) I needed to pick pictures I could EASILY remember... So I chose beautiful women. The other option I would have chosen was handsome men, but the women are much more pleasing to look at”
![Page 25: Human Authentication - Nanjing University · 2019-11-06 · A New Class of Authentication ... “I simply picked the best looking girl on each page ... ─Behavioral: Voice, Typing](https://reader033.fdocuments.net/reader033/viewer/2022050523/5fa6a82a426fe5260944c3b7/html5/thumbnails/25.jpg)
25
More User Quotes
“I picked her because she was female and Asian and being female and Asian, I thought I could remember that”
“I started by deciding to choose faces of people in my own race…”
“… Plus he is African-American like me”
![Page 26: Human Authentication - Nanjing University · 2019-11-06 · A New Class of Authentication ... “I simply picked the best looking girl on each page ... ─Behavioral: Voice, Typing](https://reader033.fdocuments.net/reader033/viewer/2022050523/5fa6a82a426fe5260944c3b7/html5/thumbnails/26.jpg)
26
What About Other Images?
Invent a story for an imageor a sequence of images
“We went for a walkin the park yesterday”
Need to remember the order!
Fish-woman-girl-corn
![Page 27: Human Authentication - Nanjing University · 2019-11-06 · A New Class of Authentication ... “I simply picked the best looking girl on each page ... ─Behavioral: Voice, Typing](https://reader033.fdocuments.net/reader033/viewer/2022050523/5fa6a82a426fe5260944c3b7/html5/thumbnails/27.jpg)
27
User Experiences 50% unable to invent a story, so try to pick four pleasing
pictures and memorize their order─ “I had no problem remembering the four pictures, but I could not
remember the original order”─ “… but the third try I found a sequence that I could remember. fish-
woman-girl-corn, I would screw up the fish and corn order 50% of the time, but I knew they were the pictures”
Picture selection biases─ Males select nature and sports more than females─ Females select food images more often
![Page 28: Human Authentication - Nanjing University · 2019-11-06 · A New Class of Authentication ... “I simply picked the best looking girl on each page ... ─Behavioral: Voice, Typing](https://reader033.fdocuments.net/reader033/viewer/2022050523/5fa6a82a426fe5260944c3b7/html5/thumbnails/28.jpg)
28
Shoulder Surfing Graphical password schemes are perceived to be more
vulnerable to “shoulder surfing” Experimental study with graduate students at the University of
Maryland Baltimore County─ 4 types of passwords: Passfaces with mouse, Passfaces with keyboard,
dictionary text password, non-dictionary text password (random words and numbers)
Result: non-dictionary text password most vulnerable to shoulder surfing[1]
[1] Tari, Furkan, Ant Ozok, and Stephen H. Holden. "A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords." Proceedings of the second symposium on Usable privacy and security. ACM, 2006.
![Page 29: Human Authentication - Nanjing University · 2019-11-06 · A New Class of Authentication ... “I simply picked the best looking girl on each page ... ─Behavioral: Voice, Typing](https://reader033.fdocuments.net/reader033/viewer/2022050523/5fa6a82a426fe5260944c3b7/html5/thumbnails/29.jpg)
29
SecurID cardUsername:
paul
Password:
1234032848
PIN passcode from card+
Something you knowSomething you have
1. Enter PIN2. Press ◊3. Card computes password4. Read off password
Password:
354982
Passcode changes every 60 seconds
![Page 30: Human Authentication - Nanjing University · 2019-11-06 · A New Class of Authentication ... “I simply picked the best looking girl on each page ... ─Behavioral: Voice, Typing](https://reader033.fdocuments.net/reader033/viewer/2022050523/5fa6a82a426fe5260944c3b7/html5/thumbnails/30.jpg)
30
SecurID card from RSA, SASL mechanism: RFC 2808 Compute: AES-hash on:
─ 128-bit token-specific seed─ 64-bit ISO representation of time of day
(Y:M:D:H:M:S)─ 32-bit serial number of token─ 32-bits of padding
Server computes three hashes with different clock values to account for drift.
![Page 31: Human Authentication - Nanjing University · 2019-11-06 · A New Class of Authentication ... “I simply picked the best looking girl on each page ... ─Behavioral: Voice, Typing](https://reader033.fdocuments.net/reader033/viewer/2022050523/5fa6a82a426fe5260944c3b7/html5/thumbnails/31.jpg)
31
Biometrics-based Authentication A biometric is a physiological or behavioral characteristic of a
human being that can distinguish one person from another and that theoretically can be used for identification or verification of identity.”
Biometric applications available today are categorized into 2 sectors─ Psychological: Iris, Fingerprints, Hand, Retinal and Face recognition
─ Behavioral: Voice, Typing pattern, Signature
CSE825
![Page 32: Human Authentication - Nanjing University · 2019-11-06 · A New Class of Authentication ... “I simply picked the best looking girl on each page ... ─Behavioral: Voice, Typing](https://reader033.fdocuments.net/reader033/viewer/2022050523/5fa6a82a426fe5260944c3b7/html5/thumbnails/32.jpg)
32
Biometric Authentication Process Acquisition Creation of Master characteristics Storage of Master characteristics Acquisition(s) Comparison Decision
CSE825
![Page 33: Human Authentication - Nanjing University · 2019-11-06 · A New Class of Authentication ... “I simply picked the best looking girl on each page ... ─Behavioral: Voice, Typing](https://reader033.fdocuments.net/reader033/viewer/2022050523/5fa6a82a426fe5260944c3b7/html5/thumbnails/33.jpg)
33
Current applications of Biometrics Banks
Immigration facilities across USA
IDwidget – interesting research
Eyegaze at Stanford
![Page 34: Human Authentication - Nanjing University · 2019-11-06 · A New Class of Authentication ... “I simply picked the best looking girl on each page ... ─Behavioral: Voice, Typing](https://reader033.fdocuments.net/reader033/viewer/2022050523/5fa6a82a426fe5260944c3b7/html5/thumbnails/34.jpg)
34
Risks of Biometrics Criminal gives an inexperienced policeman fingerprints in the
wrong order─ Record not found; gets off as a first-time offender
Can be attacked using recordings─ Ross Anderson: in countries where fingerprints are used to pay pensions,
there are persistent tales of “Granny’s finger in the pickle jar” being the most valuable property she bequeathed to her family
Birthday paradox─ With false accept rate of 1 in a million, probability of false match is
above 50% with only 1609 samples
![Page 35: Human Authentication - Nanjing University · 2019-11-06 · A New Class of Authentication ... “I simply picked the best looking girl on each page ... ─Behavioral: Voice, Typing](https://reader033.fdocuments.net/reader033/viewer/2022050523/5fa6a82a426fe5260944c3b7/html5/thumbnails/35.jpg)
35slide 35
Bypassing Biometrics
![Page 36: Human Authentication - Nanjing University · 2019-11-06 · A New Class of Authentication ... “I simply picked the best looking girl on each page ... ─Behavioral: Voice, Typing](https://reader033.fdocuments.net/reader033/viewer/2022050523/5fa6a82a426fe5260944c3b7/html5/thumbnails/36.jpg)
36
The metrics of Biometrics FTE – Failure To Enroll
FTA – Failure To Accept
FAR – False Acceptance Rates
FRR – False Reject Rates
For biometrics, U.K. banks set target FAR <= 1%, FRR<=0.01% [Ross Anderson]─ Common signature recognition systems achieve equal error rates around
1% - not good enough!
![Page 37: Human Authentication - Nanjing University · 2019-11-06 · A New Class of Authentication ... “I simply picked the best looking girl on each page ... ─Behavioral: Voice, Typing](https://reader033.fdocuments.net/reader033/viewer/2022050523/5fa6a82a426fe5260944c3b7/html5/thumbnails/37.jpg)
37
Fingerprint recognition Divides print into loops, whorls and arch
Calculates minutiae points (ridge endings)
Fingerprints─ 1911: first US conviction on fingerprint evidence─ U.K. traditionally requires 16-point match
● Probability of false match is 1 in 10 billion● No successful challenges until 2000
─ Fingerprint damage impairs recognition● Ross Anderson’s scar crashes FBI scanner
Disadvantages:─ Dirt , grime and wounds
─ Placement of finger
─ Too big a database to process
─ Can be spoofed –liveness important!
![Page 38: Human Authentication - Nanjing University · 2019-11-06 · A New Class of Authentication ... “I simply picked the best looking girl on each page ... ─Behavioral: Voice, Typing](https://reader033.fdocuments.net/reader033/viewer/2022050523/5fa6a82a426fe5260944c3b7/html5/thumbnails/38.jpg)
38
Cloning a Finger[Matsumoto]
![Page 39: Human Authentication - Nanjing University · 2019-11-06 · A New Class of Authentication ... “I simply picked the best looking girl on each page ... ─Behavioral: Voice, Typing](https://reader033.fdocuments.net/reader033/viewer/2022050523/5fa6a82a426fe5260944c3b7/html5/thumbnails/39.jpg)
39slide 39
Cloning Process[Matsumoto]
![Page 40: Human Authentication - Nanjing University · 2019-11-06 · A New Class of Authentication ... “I simply picked the best looking girl on each page ... ─Behavioral: Voice, Typing](https://reader033.fdocuments.net/reader033/viewer/2022050523/5fa6a82a426fe5260944c3b7/html5/thumbnails/40.jpg)
40
Fingerprint Image[Matsumoto]
![Page 41: Human Authentication - Nanjing University · 2019-11-06 · A New Class of Authentication ... “I simply picked the best looking girl on each page ... ─Behavioral: Voice, Typing](https://reader033.fdocuments.net/reader033/viewer/2022050523/5fa6a82a426fe5260944c3b7/html5/thumbnails/41.jpg)
41
Molding[Matsumoto]
![Page 42: Human Authentication - Nanjing University · 2019-11-06 · A New Class of Authentication ... “I simply picked the best looking girl on each page ... ─Behavioral: Voice, Typing](https://reader033.fdocuments.net/reader033/viewer/2022050523/5fa6a82a426fe5260944c3b7/html5/thumbnails/42.jpg)
42
The Mold and the Gummy Finger[Matsumoto]
![Page 43: Human Authentication - Nanjing University · 2019-11-06 · A New Class of Authentication ... “I simply picked the best looking girl on each page ... ─Behavioral: Voice, Typing](https://reader033.fdocuments.net/reader033/viewer/2022050523/5fa6a82a426fe5260944c3b7/html5/thumbnails/43.jpg)
43
Side By Side[Matsumoto]
![Page 44: Human Authentication - Nanjing University · 2019-11-06 · A New Class of Authentication ... “I simply picked the best looking girl on each page ... ─Behavioral: Voice, Typing](https://reader033.fdocuments.net/reader033/viewer/2022050523/5fa6a82a426fe5260944c3b7/html5/thumbnails/44.jpg)
44
Play-Doh Fingers
Alternative to gelatin Play-Doh fingers fool 90% of
fingerprint scanners─ Clarkson University study
Suggested perspiration measurement to test “liveness” of the finger
[Schuckers]
![Page 45: Human Authentication - Nanjing University · 2019-11-06 · A New Class of Authentication ... “I simply picked the best looking girl on each page ... ─Behavioral: Voice, Typing](https://reader033.fdocuments.net/reader033/viewer/2022050523/5fa6a82a426fe5260944c3b7/html5/thumbnails/45.jpg)
45
Hand Geometry Geometry of users hands
More reliable than fingerprinting
Balance in performance and usability
Disadvantage:─ Very large scanners
![Page 46: Human Authentication - Nanjing University · 2019-11-06 · A New Class of Authentication ... “I simply picked the best looking girl on each page ... ─Behavioral: Voice, Typing](https://reader033.fdocuments.net/reader033/viewer/2022050523/5fa6a82a426fe5260944c3b7/html5/thumbnails/46.jpg)
46
Retinal Scanning Scans retina into database
User looks straight into retinal reader
Scan using low intensity light
Disadvantages:─ User has to look “directly”
─ FTE ratio high in this biometric
─ Acceptability concerns● Light exposure
● Hygiene
![Page 47: Human Authentication - Nanjing University · 2019-11-06 · A New Class of Authentication ... “I simply picked the best looking girl on each page ... ─Behavioral: Voice, Typing](https://reader033.fdocuments.net/reader033/viewer/2022050523/5fa6a82a426fe5260944c3b7/html5/thumbnails/47.jpg)
47
Iris Scanner Scans unique pattern of iris
Iris is colored and visible from far
No touch required
Overcomes retinal scanner issues
![Page 48: Human Authentication - Nanjing University · 2019-11-06 · A New Class of Authentication ... “I simply picked the best looking girl on each page ... ─Behavioral: Voice, Typing](https://reader033.fdocuments.net/reader033/viewer/2022050523/5fa6a82a426fe5260944c3b7/html5/thumbnails/48.jpg)
48
Face recognition User faces camera Neutral expression required Apt lighting and position Algorithms for processing Decision Disadvantages:
─ Identification across expression
─ FRR or FAR fluctuate: Error rates up to 20%, given reasonable variations in lighting, viewpoint and expression
─ Tougher usability
─ High Environmental impact
![Page 49: Human Authentication - Nanjing University · 2019-11-06 · A New Class of Authentication ... “I simply picked the best looking girl on each page ... ─Behavioral: Voice, Typing](https://reader033.fdocuments.net/reader033/viewer/2022050523/5fa6a82a426fe5260944c3b7/html5/thumbnails/49.jpg)
49
Behavioral Voice
Signature
Typing pattern
![Page 50: Human Authentication - Nanjing University · 2019-11-06 · A New Class of Authentication ... “I simply picked the best looking girl on each page ... ─Behavioral: Voice, Typing](https://reader033.fdocuments.net/reader033/viewer/2022050523/5fa6a82a426fe5260944c3b7/html5/thumbnails/50.jpg)
50
Voice Recognition Speech input
─ Frequency─ Duration ─ Cadence
Neutral tone User friendly
Disadvantages:─ Local acoustics─ Background noise─ Device quality─ Illness, emotional behavior─ Time consuming enrollment─ Large processing template
![Page 51: Human Authentication - Nanjing University · 2019-11-06 · A New Class of Authentication ... “I simply picked the best looking girl on each page ... ─Behavioral: Voice, Typing](https://reader033.fdocuments.net/reader033/viewer/2022050523/5fa6a82a426fe5260944c3b7/html5/thumbnails/51.jpg)
51
Signature Recognition Signature measures (dynamic)
─ Speed─ Velocity─ Pressure • Captures images (static)• High user acceptance
Disadvantages:─ Signature variable with Age, illness, emotions ─ Requires high quality hardware─ High FRR as signatures are very dynamic
![Page 52: Human Authentication - Nanjing University · 2019-11-06 · A New Class of Authentication ... “I simply picked the best looking girl on each page ... ─Behavioral: Voice, Typing](https://reader033.fdocuments.net/reader033/viewer/2022050523/5fa6a82a426fe5260944c3b7/html5/thumbnails/52.jpg)
52
Forging Handwriting[Ballard, Monrose, Lopresti]
Generated by computer algorithm trainedon handwriting samples
![Page 53: Human Authentication - Nanjing University · 2019-11-06 · A New Class of Authentication ... “I simply picked the best looking girl on each page ... ─Behavioral: Voice, Typing](https://reader033.fdocuments.net/reader033/viewer/2022050523/5fa6a82a426fe5260944c3b7/html5/thumbnails/53.jpg)
53
Typing Patterns User typing pattern
─ Speed─ Press and Release Rate• Unique patterns are generated• comparisons
Disadvantages:─ Not very scalable─ FRR is high─ Can be spoofed – by simple technology (recorders)