Advertisement

Assentication: User De-authentication and Lunchtime Attack Mitigation with Seated Posture Biometric

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10892)

Abstract

Biometric techniques are often used as an extra security factor in authenticating human users. Numerous biometrics have been proposed and evaluated, each with its own set of benefits and pitfalls. Static biometrics (such as fingerprints) are geared for discrete operation, to identify users, which typically involves some user burden. Meanwhile, behavioral biometrics (such as keystroke dynamics) are well-suited for continuous and more unobtrusive operation. One important application domain for biometrics is de-authentication: a means of quickly detecting absence of a previously-authenticated user and immediately terminating that user’s secure sessions. De-authentication is crucial for mitigating so-called Lunchtime Attacks, whereby an insider adversary takes over an authenticated state of a careless user who leaves her computer.

Motivated primarily by the need for an unobtrusive and continuous biometric to support effective de-authentication, we introduce Assentication – a new hybrid biometric based on a human user’s seated posture pattern. Assentication captures a unique combination of physiological and behavioral traits. We describe a low-cost fully functioning prototype that involves an office chair instrumented with 16 tiny pressure sensors. We also explore (via user experiments) how Assentication can be used in a typical workplace to provide continuous authentication (and de-authentication) of users. We experimentally assess viability of Assentication in terms of uniqueness by collecting and evaluating posture patterns of a cohort of 30 users. Results show that Assentication yields very low false accept and false reject rates. In particular, users can be identified with \(94.2\%\) and \(91.2\%\) accuracy using 16 and 10 sensors, respectively.

References

  1. 1.
    Chang, K., Bowyer, K.W., Sarkar, S., Victor, B.: Comparison and combination of ear and face images in appearance-based biometrics. IEEE Trans. Pattern Anal. Mach. Intell. 25(9), 1160–1165 (2003)CrossRefGoogle Scholar
  2. 2.
    Eberz, S., Rasmussen, K.B., Lenders, V., Martinovic, I.: Preventing lunchtime attacks: fighting insider threats with eye movement biometrics. In: NDSS (2015)Google Scholar
  3. 3.
    Jain, A.K., Ross, A., Pankanti, S.: Biometrics: a tool for information security. IEEE Trans. Inf. Forensics Secur. 1(2), 125–143 (2006)CrossRefGoogle Scholar
  4. 4.
    Eberz, S., Rasmussen, K.B., Lenders, V., Martinovic, I.: Evaluating behavioral biometrics for continuous authentication: challenges and metrics. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, pp. 386–399. ACM (2017)Google Scholar
  5. 5.
    Rasmussen, K.B., Roeschlin, M., Martinovic, I., Tsudik, G.: Authentication using pulse-response biometrics. In: NDSS (2014)Google Scholar
  6. 6.
    Mare, S., Markham, A.M., Cornelius, C., Peterson, R., Kotz, D.: Zebra: zero-effort bilateral recurring authentication. In: 2014 IEEE Symposium on Security and Privacy (SP), pp. 705–720. IEEE (2014)Google Scholar
  7. 7.
    Huhta, O., Shrestha, P., Udar, S., Juuti, M., Saxena, N., Asokan, N.: Pitfalls in designing zero-effort deauthentication: opportunistic human observation attacks. arXiv preprint arXiv:1505.05779 (2015)
  8. 8.
    Ahmed, A.A., Traore, I.: Biometric recognition based onfree-text keystroke dynamics. IEEE Trans. Cybern. 44(4), 458–472 (2014)CrossRefGoogle Scholar
  9. 9.
    Conti, M., Lovisotto, G., Martinovic, I., Tsudik, G.: Fadewich: fast deauthentication over the wireless channel. In: 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS), pp. 2294–2301. IEEE (2017)Google Scholar
  10. 10.
    Gia, N., Takimoto, T., Giang, N.D.M., Nakazawa, J., Takashio, K., Tokuda, H.: People identification based on sitting patterns. In: Workshop on Ubiquitous Data Mining, p. 33 (2012)Google Scholar
  11. 11.
    Yamada, M., Kamiya, K., Kudo, M., Nonaka, H., Toyama, J.: Soft authentication and behavior analysis using a chair with sensors attached: hipprint authentication. Pattern Anal. Appl. 12(3), 251–260 (2009)MathSciNetCrossRefGoogle Scholar
  12. 12.
    Riener, A., Ferscha, A.: Supporting implicit human-to-vehicle interaction: driver identification from sitting postures. In: The First Annual International Symposium on Vehicular Computing Systems (ISVCS 2008), p. 10 (2008)Google Scholar
  13. 13.
    Mutlu, B., Krause, A., Forlizzi, J., Guestrin, C., Hodgins, J.: Robust, low-cost, non-intrusive sensing and recognition of seated postures. In: Proceedings of the 20th Annual ACM Symposium on User Interface Software and Technology, pp. 149–158. ACM (2007)Google Scholar
  14. 14.
    Uludag, U., Jain, A.K.: Attacks on biometric systems: a case study in fingerprints. Proc. SPIE 5306, 622–633 (2004)CrossRefGoogle Scholar
  15. 15.
    Bowyer, K.W., Doyle, J.S.: Cosmetic contact lenses and iris recognition spoofing. Computer 47(5), 96–98 (2014)CrossRefGoogle Scholar
  16. 16.
    Marques, D., Muslukhov, I., Guerreiro, T.J., Carriço, L., Beznosov, K.: Snooping on mobile phones: prevalence and trends. In: Twelfth Symposium on Usable Privacy and Security, SOUPS 2016, Denver, CO, USA, 22–24 June 2016, pp. 159–174. USENIX (2016)Google Scholar
  17. 17.
    Mickelberg, K., Pollard, N., Schive, L.: US cybercrime: rising risks, reduced readiness key findings from the 2014 US state of cybercrime survey. US Secret Service. National Threat Assessment Center, Pricewaterhousecoopers (2014)Google Scholar
  18. 18.
  19. 19.
    Ryan, C.G., Dall, P.M., Granat, M.H., Grant, P.M.: Sitting patterns at work: objective measurement of adherence to current recommendations. Ergonomics 54(6), 531–538 (2011)CrossRefGoogle Scholar
  20. 20.
    Jéquier, E., Tappy, L.: Regulation of body weight in humans. Physiol. Rev. 79(2), 451–480 (1999)CrossRefGoogle Scholar
  21. 21.
    Jaimes, A.: Sit straight (and tell me what i did today): a human posture alarm and activity summarization system. In: Proceedings of the 2nd ACM Workshop on Continuous Archival and Retrieval of Personal Experiences, pp. 23–34. ACM (2005)Google Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.UC IrvineIrvineUSA

Personalised recommendations