Abstract
Today’s biometric authentication systems are still struggling with replay attacks and irrevocable stolen credentials. This paper introduces a biometric protocol that addresses such vulnerabilities. The approach prevents identity theft by being based on memory creation biometrics. It takes inspiration from two different authentication methods, eye biometrics and challenge systems, as well as a novel biometric feature: the pupil memory effect. The approach can be adjusted for arbitrary levels of security, and credentials can be revoked at any point with no loss to the user. The paper includes an analysis of its security and performance, and shows how it could be deployed and improved.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Asghar, H.J., Li, S., Pieprzyk, J., Wang, H.: Cryptanalysis of the convex hull click human identification protocol. Int. J. Inf. Secur. 12(2), 83–96 (2013)
Ashby, C., Bhatia, A., Tenore, F., Vogelstein, J.: Low-cost electroencephalogram (EEG) based authentication. In: 5th International IEEE/EMBS Conference on Neural Engineering - NER, pp. 442–445. IEEE (2011)
Bednarik, R., Kinnunen, T., Mihaila, A., Fränti, P.: Eye-movements as a biometric. In: Kalviainen, H., Parkkinen, J., Kaarna, A. (eds.) SCIA 2005. LNCS, vol. 3540, pp. 780–789. Springer, Heidelberg (2005). https://doi.org/10.1007/11499145_79
Bonneau, J.: The science of guessing: analyzing an anonymized corpus of 70 million passwords. In: IEEE Symposium on Security and Privacy, pp. 538–552 (5 2012). https://doi.org/10.1109/SP.2012.49
Bowyer, K.W., Hollingsworth, K., Flynn, P.J.: Image understanding for iris biometrics: a survey. Comput. Vis. Image Underst. 110(2), 281–307 (2008)
Bradley, M.M., Lang, P.J.: Memory, emotion, and pupil diameter: repetition of natural scenes. Psychophysiology 52(9), 1186–1193 (2015)
Brostoff, S., Sasse, M.A.: Are passfaces more usable than passwords? A field trial investigation. In: McDonald, S., Waern, Y., Cockton, G. (eds.) People and Computers XIV – Usability or Else!: Proceedings of HCI, pp. 405–424. Springer, London (2000). https://doi.org/10.1007/978-1-4471-0515-2_27
Chiasson, S., Biddle, R., van Oorschot, P.C.: A second look at the usability of click-based graphical passwords. In: Proceedings of the 3rd Symposium on Usable Privacy and Security, SOUPS 2007, pp. 1–12. ACM, New York (2007)
Choudhury, B., Then, P., Issac, B., Raman, V., Haldar, M.: A survey on biometrics and cancelable biometrics systems. Int. J. Image Graph. 18, 1850006 (2018)
Cody, S.: Do Only The Eyes Have It? Predicting subsequent memory with simultaneous neural and pupillometry data. Master’s thesis, The Ohio State University (2015)
Curran, M.T., Yang, J., Merrill, N., Chuang, J.: Passthoughts authentication with low cost EarEEG. In: IEEE 38th Annual International Conference of the Engineering in Medicine and Biology Society - EMBC, pp. 1979–1982. IEEE (2016)
Das, R., Maiorana, E., Campisi, P.: EEG biometrics using visual stimuli: a longitudinal study. IEEE Signal Process. Lett. 23(3), 341–345 (2016)
Deravi, F., Guness, S.P.: Gaze trajectory as a biometric modality. In: Biosignals, pp. 335–341 (2011)
Einhäuser, W.: The pupil as marker of cognitive processes. In: Zhao, Q. (ed.) Computational and Cognitive Neuroscience of Vision. CST, pp. 141–169. Springer, Singapore (2017). https://doi.org/10.1007/978-981-10-0213-7_7
Ferrante, M., Saltalamacchia, M.: The coupon collector’s problem. Materials Matemàtics 0001–35 (2014)
Galdi, C., Nappi, M., Riccio, D., Cantoni, V., Porta, M.: A new gaze analysis based soft-biometric. In: Carrasco-Ochoa, J.A., Martínez-Trinidad, J.F., Rodríguez, J.S., di Baja, G.S. (eds.) MCPR 2013. LNCS, vol. 7914, pp. 136–144. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38989-4_14
Galdi, C., Nappi, M., Riccio, D., Wechsler, H.: Eye movement analysis for human authentication: a critical survey. Pattern Recogn. Lett. 84, 272–283 (2016)
German, R.L., Barber, K.S.: Consumer attitudes about biometric authentication. Technical report, University of Texas at Austin Center for Identity (2018)
Golla, M., Schnitzler, T., Dürmuth, M.: Will any password do? Exploring rate-limiting on the web. In: Who Are You ?! Adventures in Authentication (2016)
Gomes, C.A., Montaldi, D., Mayes, A.: The pupil as an indicator of unconscious memory: introducing the pupil priming effect. Psychophysiology 52(6), 754–769 (2015)
Jensen, W., Gavrila, S., Korolev, V., et al.: Picture password: a visual login technique for mobile devices. Technical report, National Institute of Standards and Technology (2003)
Just, M., Aspinall, D.: Personal choice and challenge questions: a security and usability assessment. In: Proceedings of the 5th Symposium on Usable Privacy and Security, p. 8. ACM (2009)
Just, M., Aspinall, D.: Challenging challenge questions: an experimental analysis of authentication technologies and user behaviour. Policy Internet 2(1), 99–115 (2010)
Kafkas, A., Montaldi, D.: Recognition memory strength is predicted by pupillary responses at encoding while fixation patterns distinguish recollection from familiarity. Q. J. Exp. Psychol. 64(10), 1971–1989 (2011)
Karthika, S., Devaki, P.: An efficient user authentication using captcha and graphical passwords - a survey. Int. J. Sci. Res. 3(11), 123 (2014)
Kasprowski, P., Komogortsev, O.V., Karpov, A.: First eye movement verification and identification competition at BTAS 2012. In: IEEE 5th International Conference on Biometrics: Theory, Applications and Systems - BTAS, pp. 195–202. IEEE (2012)
Klamkin, M.S., Newman, D.J.: Extensions of the birthday surprise. J. Comb. Theory 3(3), 279–282 (1967)
Kollreider, K., Fronthaler, H., Bigun, J.: Evaluating liveness by face images and the structure tensor. In: IEEE 4th Workshop on Automatic Identification Advanced Technologies - AutoID, pp. 75–80, October 2005
Lashkari, A.H., Farmand, S., Zakaria, O.B., Saleh, R.: Shoulder surfing attack in graphical password authentication. Int. J. Comput. Sci. Inf. Secur. - IJCSIS 6(2) (2009). http://arxiv.org/abs/0912.0951
Lee, C., Kim, J.: Cancelable fingerprint templates using minutiae-based bit-strings. J. Netw. Comput. Appl. 33(3), 236–246 (2010)
de Leeuw, K.M.M., Bergstra, J.: The History of Information Security: A Comprehensive Handbook. Elsevier, Amsterdam (2007)
Loftus, G.R.: Eye fixations and recognition memory for pictures. Cogn. Psychol. 3(4), 525–551 (1972)
Marcel, S., Millán, J.R.: Person authentication using brainwaves (EEG) and maximum a posteriori model adaptation. IEEE Trans. Pattern Anal. Mach. Intell. 29(4), 743–752 (2007)
McCulley, S., Roussev, V.: Latent typing biometrics in online collaboration services. In: Proceedings of the 34th Annual Computer Security Applications Conference, ACSAC 2018, pp. 66–76. ACM, New York (2018). https://doi.org/10.1145/3274694.3274754
Moon, D., Yoo, J.H., Lee, M.K.: Improved cancelable fingerprint templates using minutiae-based functional transform. Secur. Commun. Netw. 7(10), 1543–1551 (2014). https://doi.org/10.1002/sec.788
Shepard, R.N.: Recognition memory for words, sentences, and pictures. J. Verbal Learn. Verbal Behav. 6, 156–163 (1967). https://doi.org/10.1016/S0022-5371(67)80067-7
Naber, M., Frässle, S., Rutishauser, U., Einhäuser, W.: Pupil size signals novelty and predicts later retrieval success for declarative memories of natural scenes. J. Vis. 13(2), 11–11 (2013)
Noton, D., Stark, L.: Scanpaths in saccadic eye movements while viewing and recognizing patterns. Vis. Res. 11(9), 929–942 (1971)
Phetmak, N., Liwlompaisan, W., Boonma, P.: Travel password: a secure and memorable password scheme. In: Nguyen, N.T., Attachoo, B., Trawiński, B., Somboonviwat, K. (eds.) ACIIDS 2014. LNCS (LNAI), vol. 8397, pp. 402–411. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-05476-6_41
Rajan, R., Selker, T., Lane, I.: Task load estimation and mediation using psycho-physiological measures. In: Proceedings of the 21st International Conference on Intelligent User Interfaces, pp. 48–59. ACM (2016)
Rayner, K.: Eye movement latencies for parafoveally presented words. Bull. Psychon. Soc. 11(1), 13–16 (1978)
Reddy, P.V., Kumar, A., Rahman, S., Mundra, T.S.: A new antispoofing approach for biometric devices. IEEE Trans. Biomed. Circ. Syst. 2(4), 328–37 (2008)
Rigas, I., Abdulin, E., Komogortsev, O.: Towards a multi-source fusion approach for eye movement-driven recognition. Inf. Fusion 32, 13–25 (2016)
Roberts, C.: Biometric attack vectors and defences. Comput. Secur. 26(1), 14–25 (2007)
Schechter, S., Brush, A.J.B., Egelman, S.: It’s no secret. Measuring the security and reliability of authentication via “secret” questions. In: 30th IEEE Symposium on Security and Privacy, pp. 375–390. IEEE (2009)
Segreti, S.M., et al.: Diversify to survive: making passwords stronger with adaptive policies. In: 13th Symposium on Usable Privacy and Security - SOUPS, pp. 1–12. USENIX Association, Santa Clara, CA (2017)
Selker, T.: Understanding considerate systems - UCS (pronounced: You see us). In: 2010 International Symposium on Collaborative Technologies and Systems, pp. 1–12, May 2010. https://doi.org/10.1109/CTS.2010.5478532
Shape: 2018 credential spill report. Technical report, Shape Security (2018)
Shin, S.W., Lee, M.K., Moon, D., Moon, K.: Dictionary attack on functional transform-based cancelable fingerprint templates. ETRI J. 31(5), 628–630 (2009)
Singh, S., Agarwal, G.: Integration of sound signature in graphical password authentication system. Int. J. Comput. Appl. 12(9), 11–13 (2011)
Sluganovic, I., Roeschlin, M., Rasmussen, K.B., Martinovic, I.: Using reflexive eye movements for fast challenge-response authentication. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS 2016, pp. 1056–1067. ACM, New York (2016)
Wiedenbeck, S., Waters, J., Birget, J.C., Brodskiy, A., Memon, N.: Passpoints: design and longitudinal evaluation of a graphical password system. Int. J. Hum Comput Stud. 63(1–2), 102–127 (2005)
Zviran, M., Haga, W.J.: Cognitive passwords: the key to easy access control. Comput. Secur. 9(8), 723–736 (1990)
Acknowledgements
We’d like to thank Leila Gabasova for their help with the figures. This work was supported partly by the french PIA project “Lorraine Université d’Excellence”, reference ANR-15-IDEX-04-LUE.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Blanchard, N.K., Kachanovich, S., Selker, T., Waligorski, F. (2020). Reflexive Memory Authenticator: A Proposal for Effortless Renewable Biometrics. In: Saracino, A., Mori, P. (eds) Emerging Technologies for Authorization and Authentication. ETAA 2019. Lecture Notes in Computer Science(), vol 11967. Springer, Cham. https://doi.org/10.1007/978-3-030-39749-4_7
Download citation
DOI: https://doi.org/10.1007/978-3-030-39749-4_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-39748-7
Online ISBN: 978-3-030-39749-4
eBook Packages: Computer ScienceComputer Science (R0)