An official website of the United States government
Biometric recognition, or simply biometrics, is the use of biological attributes such as face, fingerprints or iris in order to recognize an individual in an automated manner. A key application of biometrics is authentication; i.e., using said biological attributes to provide access by verifying the claimed identity of an individual. This paper presents a framework for Biometrics-as-a-Service (BaaS) that performs biometric matching operations in the cloud, while relying on simple and ubiquitous consumer devices such as smartphones. Further, the framework promotes innovation by providing interfaces for a plurality of software developers to upload their matching algorithms to the cloud. When a biometric authentication request is submitted, the system uses a criteria to automatically select an appropriate matching algorithm. Every time a particular algorithm is selected, the corresponding developer is rendered a micropayment. This creates an innovative and competitive ecosystem that benefits both software developers and the consumers. As a case study, we have implemented the following: (a) an ocular recognition system using a mobile web interface providing user access to a biometric authentication service, and (b) a Linux-based virtual machine environment used by software developers for algorithm development and submission.
more »
« less
A Survey on Heart Biometrics
In recent years, biometrics (e.g., fingerprint or face recognition) has replaced traditional passwords and PINs as a widely used method for user authentication, particularly in personal or mobile devices. Differing from state-of-the-art biometrics, heart biometrics offer the advantages of liveness detection, which provides strong tolerance to spoofing attacks. To date, several authentication methods primarily focusing on electrocardiogram (ECG) have demonstrated remarkable success; however, the degree of exploration with other cardiac signals is still limited. To this end, we discuss the challenges in various cardiac domains and propose future prospectives for developing effective heart biometrics systems in real-world applications.
more »
« less
- PAR ID:
- 10274529
- Date Published:
- Journal Name:
- ACM Computing Surveys
- Volume:
- 53
- Issue:
- 6
- ISSN:
- 0360-0300
- Page Range / eLocation ID:
- 1 to 38
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
With the increasing prevalence of mobile and IoT devices (e.g., smartphones, tablets, smart-home appliances), massive private and sensitive information are stored on these devices. To prevent unauthorized access on these devices, existing user verification solutions either rely on the complexity of user-defined secrets (e.g., password) or resort to specialized biometric sensors (e.g., fingerprint reader), but the users may still suffer from various attacks, such as password theft, shoulder surfing, smudge, and forged biometrics attacks. In this paper, we propose, CardioCam, a low-cost, general, hard-to-forge user verification system leveraging the unique cardiac biometrics extracted from the readily available built-in cameras in mobile and IoT devices. We demonstrate that the unique cardiac features can be extracted from the cardiac motion patterns in fingertips, by pressing on the built-in camera. To mitigate the impacts of various ambient lighting conditions and human movements under practical scenarios, CardioCam develops a gradient-based technique to optimize the camera configuration, and dynamically selects the most sensitive pixels in a camera frame to extract reliable cardiac motion patterns. Furthermore, the morphological characteristic analysis is deployed to derive user-specific cardiac features, and a feature transformation scheme grounded on Principle Component Analysis (PCA) is developed to enhance the robustness of cardiac biometrics for effective user verification. With the prototyped system, extensive experiments involving 25 subjects are conducted to demonstrate that CardioCam can achieve effective and reliable user verification with over $99%$ average true positive rate (TPR) while maintaining the false positive rate (FPR) as low as 4%.more » « less
-
null (Ed.)We are creating a streamlined way to adapt WebIDs [1], and biometrics [2] to the cyber world. This involves building a user authentication system that enables quick, fast and secure access. It is understood that compared to traditional username and password user authentication, WebIDs are designed to provide such services. Nevertheless, if an intruder either has direct access to the user's computer or somehow gets the unique certificate of the user, important information can be stolen with solely the use of WebIDs. Since biometric data (e.g. fingerprints, iris scanning, etc.) is unique and not easily duplicated, this possibility can be avoided by including biometrics in the authentication process. We also include an enrollment protocol that checks whether a user has a WebID while trying to access a server. If they do, we allow the user access to the server, and if they do not, by accessing their own server, we register the user for a WebID with their permission. Implementing these features in the WebID protocol will greatly enhance user authentication safety.more » « less
-
User authentication systems based on cardiovascular biosignals have gained prominence in recent years, as these signals are presumed to be difficult to forge. We challenge this assumption by showing that an observer who has access to one type of cardiac data --- such as a user's pulse waveform, readily obtainable from video and commercial smartwatches --- can design a spoofing attack strong enough to fool authentication systems based on other cardiovascular biosignals. We present BioForge, an approach that leverages a cycle-consistent generative adversarial network to synthesize realistic physiological signals for a given user without relying on simultaneously collected supervision data. We evaluate BioForge on multiple open-access datasets and an array of verification systems, many of which can be fooled over 50% of the time in 10 or fewer attempts. Notably, we are able to fool systems that rely not just on heart rate and peak locations but also on the morphology of the waveforms. We additionally showcase how BioForge can be used to spoof authentication systems from biosignal data extracted from video clips of a target user. Our work demonstrates that authentication systems should not rely on the secrecy of cardiovascular biosignals.more » « less
-
null (Ed.)With the growing popularity of smartphones, continuous and implicit authentication of such devices via behavioral biometrics such as touch dynamics becomes an attractive option. Specially, when the physical biometrics are challenging to utilize, and their frequent and continuous usage annoys the user. This paper presents a touchstroke authentication model based on several classification algorithms and compare their performances in authenticating legitimate smartphone users. The evaluation results suggest that it is possible to achieve comparable authentication accuracies with an average accuracy of 91% considering the best performing model. This research is supervised by Dr. Debzani Deb (debd@wssu.edu), Department of Computer Science at Winston-Salem State University, NC.more » « less
- Free Publicly Accessible Full Text
-
Accepted Manuscript1.0
- Journal Article:
- https://doi.org/10.1145/3410158
