This document proposes OpenSesame, a system for unlocking smartphones through handwaving biometrics. It analyzes handwaving patterns collected from 200 users to find unique characteristics. OpenSesame extracts four statistical features from handwaving data using sensors. It uses support vector machines to accurately classify users based on their waving patterns within 1-2 seconds. Experiments show OpenSesame achieves low false positive rates of around 5% on average.
3. ABSTRACT
Screen locking/unlocking is important for modern smart phones to avoid the
unintentional operations and secure the personal stuff. Once the phone is
locked, the user should take a specific action or provide some secret
information to unlock the phone. The existing unlocking approaches can be
categorized into four groups: motion, password, pattern, and fingerprint.
Existing approaches do not support smart phones well due to the deficiency of
security, high cost, and poor usability. We collect 200 users’ handwaving
actions with their smart phones and discover an appealing observation: the
waving pattern of a person is kind of unique, stable and distinguishable. In this
paper, we propose OpenSesame, which employs the users’ waving patterns for
locking/unlocking. The key feature of our system lies in using four fine-
grained and statistic features of handwaving to verify users. Moreover, we
utilize support vector machine (SVM) for accurate and fast classification. Our
technique is robust compatible across different brands of smart phones,
without the need of any specialized hardware. Results from comprehensive
experiments show that the mean false positive rate of OpenSesame is around
4. INTRODUCTION
Nowadays, smart phones are no longer the devices that are
only used to call or text others. Screen locker is a
fundamental utility for smart phones to prevent the device
from unauthorized use. Classical screen lockers have been
proposed long time back. Some of them are:
• Slide to Unlock
• PIN
• Graphical password and so on...
5. To enhance the security as well as the flexibility, many
biometric authentication methods are introduced for screen
lockers. The secrets of these methods cannot be easily spied
and reproduced since they identify based on the user’s natural
features. The biometric measures are grouped into two main
categories:
• Physiological biometrics
• Behavior biometrics
By behavior biometrics, different users wave their smart phones
to produce distinct features. These features derive from user’s
6. WAVING CHARACTERIZATION
WAVING SENSING
• Precisely characterizing user’s waving actions, selecting
appropriate sensors is necessary. As the tremendous
growth of MEMS technology, there are many powerful
sensors equipped in our smart phone today, such as
camera, microphone, proximity sensor, accelerometer,
gyroscope, and magnetic sensor etc.
• The selected sensor should be able to depict the
handwaving. In addition, it should be energy-efficient,
stable, cheap, and compatible for wide deployment in
most kinds of smart phones.
• The accelerometer allows smart phones to detect the
7. DATA COLLECTION
• For investigating the uniqueness of handwaving, we collect the waving
action data from 200 distinct smart phone users. For each specific user,
he is asked to shake the smart phone for more than 10 seconds and
repeat for three times.
• The data is collected in two sampling modes: fast and normal modes.
• In the fast mode, the accelerometer samples every 10 to 20 milliseconds,
corresponding to the acceleration value change rate. rate.There are 100
users’ traces collected using this mode. In the normal mode, the
sampling interval is 200 milliseconds and 100 users’ traces are sampled.
• All the raw waving action are recorded as a sequence of tuples
represented as (xt, yt, zt)
8. WAVING MEASUREMENT
• The traces are illustrated in a 3-D acceleration space,
short for A-Space, where the raw tuple (xt, yt, zt) are
connected in time order.
9. We define the waving function to measure the global
geometric properties of the waving shapes, which is formally
given by:
f = S(A)
where A = {(xt0 , yt0 , zt0 ), (xt1 , yt1 , zt1 ) · · · , (xtn , ytn
, ztn )}. A is a set of raw waving tuples collected during t0
and tn.
The waving function considers A as input and outputs a
feature vector f . A good waving function should have the
following properties:
Efficiency
Invariance
10. For meeting above four requirements, we propose four waving
functions, S1, S2, S3, S4, as follows:
S1: The centroid C is computed first and then two random
points A and B in the A-Space are cho- sen. The angle
∠ACB among these three points are measured. The selection of
random points is repeated for N times. At a result, N angles
output and the corresponding PDF of these angles is reported
as the
feature vector.
S2: This waving function is similar to the S1. The difference is
that all of these three points are randomly selected. One angle
among the three angles formed by these three points is
recorded. As the result, the corresponding PDF of these angles
11. S3: While both S1 and S2 concentrate on the angle
parameter, the other two waving functions, S3 and S4, focus
on the distances among the points. S3 randomly selects N
points and calculates the Euclidean distance between the
centroid and these N selected points. Fi- nally, the
corresponding PDF of distances is calculated as the feature
vector.
S4: Randomly selects N pair of points and calculates their
Euclidean distance. The PDF of these distances is the
feature vector.
12.
13. OPENSESAME
OVERVIEW
Sensing: This component is straightforward used
to record the user’s handwaving action data.
Filter: In practice, we find that there always exist
some silent periods when no waving or very low
level sensing data is detected. For better feature
extraction, we use filter component to wipe out the
silent periods.
14. Fetcher: The filtered raw tuples is feeded into
fetcher component in which four waving functions
are applied to fetch the waving features.
Classifier: To discriminate the authorized users
and unauthorized users, the Support Vector
Machine(SVM) is employed in our system for
classification.
Matcher: In the last component, the extracted
feature is used to determine whether it matches the
pre-defined one.
15. FILTER
Silent periods will seriously affect the accuracy of
OpenSesame, we must filter those data captured during this
periods. The i th raw tuple with composed acceleration value
Ai is wiped out if it satisfies the equation:
where b is called the tolerant static period, representing
the amount of acceleration points used to determine the
stability of an acceleration point. The α is the threshold to
filter the silent points.
17. FETCHER
• After the filter component, we need to generate the
feature vector of the user’s handwaving action.
• Using the field set as an input has two shortcomings.
•
• First, the amount of acceleration points in a field set is
large, usually more than 1000.
• Second, to unlock the smart phone, the user is required
to shake his smart phone for a period to generate same
amount of waving data.
18. • The waving action of user always shows the property
of repeating.
• Inorder to generate the feature vectors: we first
select a window with size w, where w is much
smaller than the size of the field set of data.
• Then we apply the waving function on this input and
deliver the PDF of the feature vectors to describe the
feature of the waving action.
19. CLASSIFIER
• The feature classifier is designed to generate a standard
to discriminate authorizeds user and unauthorized users
with the feature vectors of the input waving action data
• In OpenSesame, the support vector machine, SVM for short,
is selected as the classifier. The SVM classifier is used to
classify a group of linear-inseparable training tuples into
two classes.
•
20. • By injecting enough amount of training tuples into the
SVM classifier, a classification model can be achieve to
verify the authentication data of user.
• In OpenSesame, the label of the training tuple is
either+1 or −1.
• When y = +1, the tuple is generated from the class of
unauthorized users. On the contrary, y = −1 means the
tuple belongs to the authorized user’s class.
21. MATCHER
• The matcher component is performed when the user
activates the authentication interface of OpenSesame and
wants to unlock the smart phone.
• The user shakes the smart phone to input his waving
action as the authentication data.
• The most important requirement is that the feature
matching phase has to be processed within a short time
period, say 1 or 2 seconds.
22. • To reduce the response time, two aspects need to be
considered. The first issue is to reduce the amount of
repetition when doing authentication. This can be achieved
by reducing the false negative rate of authentication.
• The second issue is to reduce the waving time in the
matcher component.By using a small waving function input
with window size w, the waving time can be reduced .
• We calculate the real-time stability of the i th point as Pi
𝑥=𝑖−𝑏
𝑖
(Ax − 𝑦=𝑖−𝑏
𝑖 𝐴𝑦
𝑏+1
)
2
.
• Once the real-time stability value is greater than the
threshold, acceleration point Pi is set to be the initial point,
and the waving action detection terminates when
acceleration point sequence {Pi , Pi+1, ..., Pi+w} is
24. • We implement OpenSesame in Android-based
smart phones. The version of Android system is
2.3.3. the app is developed with Android-SDK
using Java SE.
• We use the open source library tool, LIBSVM [16],
to perform the classification of SVM. LIBSVM is an
integrated software for support vector
classification. The version we used is LIBSVM-
3.12.
25. METRICS
We evaluate OpenSesame in terms of the authentication
accuracy. The authentication accuracy is measured via the
following metrics:
False Negative Rate (FNR)
True Positive Rate (TPR)
False Positive Rate (FPR)
26. EXPERIMENT SETUP
• For investigating the uniqueness of handwaving, we
collect the waving action data from 200 distinct smart
phone users.
• Then he pushes the button of ‘start’ on the screen and
begins to wave the smart phone until the hint sound is
played by the smart phone.
• This waving process lasts for more than 10 seconds.
The user repeats the above action for three times to
terminate the data collection.
27. IMPACT OF WAVING
FUNCTIONSThere are four waving functions to parameterize the A- Space
representation of handwaving and maintains the window size as 50
tuples.
29. • We change the windows size from 5 to 50 with the
increment of 5 and employ S4 for testing.
• The average FNR decreases from 20% to 8% and the
average FPR reduces from 42% to 18% as the window size
increases. This shows that the larger window helps
improve the accuracy.
• The number of training tuples also affect the accuracy
33. CONCLUSION
We propose a novel behavioral biometric- based
authentication approach called OpenSesame for smart phone.
We design four waving functions to fetch the unique pattern of
user’s handwaving actions. By applying the SVM classifier, the
smart phone can accurately verify the authorized user with the
pattern of handwaving action. Experiment results based on
200 distinct users’ handwaving actions show that the
OpenSesame reaches high level of se- curity and robustness,
and achieves good user’s experience.
34. REFERENCES
• D. Florencio and C. Herley, “A large-scale study of web password
habits,” in Proc. of ACM WWW, 2007.
• J. Bonneau, “The science of guessing: analyzing an anonymized
corpus of 70 million passwords,” in Proc. of IEEE Security and
Privacy (SP), 2012.
• H.-A. Park, J. W. Hong, J. H. Park, J. Zhan, and D. H. Lee,
“Combined authentication-based multilevel access control in
mobile application for dailylifeservice,” IEEE Transactions on
Mobile Com- puting, 2010
The accelerometer in smart phones measures the acceleration of the phone relative to freefall. A value of 1 indicates that the phone is experiencing 1 g of acceleration exerting on it. 1 g of acceleration is the gravity, which the phone experiences when it is stationary. The accelerometer measures the acceleration of the phone in three different axes: X, Y, and Z.
Clearly, using normal sampling mode of accelerometer loses some data, but saves energy. We will compare these two modes in the evaluation section.
The challenge here is how to measure the handwaving represented in A-Space. We should transform the A-Space representation into a parameterized and comparable feature vector.
Efficiency: Since shape function will be performed in the smart phone, it should be simple enough to be fast and efficiently function.
Invariance: In most time, the smart phone is working in mobile environments. The waving function should be insensitive to the position or direction change of smart phones.
Robustness: Although the waving data generated by one person is similar, there always exist many noises and the sampling time is variable. Hence, the waving function should be robust to noise, blur, cracks, and dust in the waving.
The silent periods may exist at the initial stage before the user shakes his smart phone, or in the final stage after the user stops his waving. The period may also be observed in the intermediate stage when an unexpected user’s pause occurs.
In fact, the input waving action can be regarded as a series of small repeating waving actions which are very similar. Therefore, we can select a continuous sequence of acceleration points with a reasonable amount as an input to the waving function.
Feature vectors can be generated from these small inputs with low data loss.
Training tuples for SVM input is donated as
{v, y}, where v is the attribute vector used to describe the attributes of the training tuple, and y is the label of the
training tuple, which represents the actual class it belongs to. The basic idea of SVM is to transform these attribute vectors of training tuples into a higher dimensional space to make the training tuples linear-separable. Then the training tuples can be separated into two classes by a hyperplane. The SVM classifier classifies the training tuples based on this hyperplane, attempting to classify training tuples with same label into same class. Then a classification model is generated to describe the classification standard of a given tuple. Inputting an unclassified tuple into the SVM classifier using the generated classification model, the tuple can be predicted which class it most probably belongs to.
Feature vectors of the input waving action is generated and used to verify whether the user is the authorized user. If so, the access query is accepted and the smart phone is unlocked. If not, the access query is denied and the smart phone keeps locked.
False Negative Rate (FNR): The probability that an authorized user is treated as an unauthorized user. This rate is indeed the ratio of the number of incorrect authentications conducted by an authorized user to the number of his authentication attempts.
True Positive Rate (TPR): The probability that an authorized user is successfully verified. This rate de- rived from the ratio of correct authentication times of an authorized user to the number of his authentication attempts.
False Positive Rate (FPR): The probability that an unauthorized user is treated as an authorized user. This rate is obtained from the ratio of the incorrect authentication times of an unauthorized user to the
number of his authentication attempts.
Figure 6 plots the FNR and FPR for the four waving functions. From the Figure 6(a), we observe that the average FNR using S1 and S2 are around 20% while the values are below 10% using S3 and S4. The similar observation is obtained on FPR, as sho
We further focus on the distance-based waving functions. S3 and S4 have close FNRs and FPRs. However, the variance of S4 is smaller than that of S3, which means S4 is more stable than S3.
wn in Figure 6(b). This shows that the distance-based waving functions perform better than the angle-based ones.
A large window size will prolong the waving time period for unlocking and seriously affect user experiences.
But a small window size will influence the identification accuracy.