Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Emerging Technologies for Authorization and Authentication

ETAA 2019: Emerging Technologies for Authorization and Authentication pp 104–121Cite as

Reflexive Memory Authenticator: A Proposal for Effortless Renewable Biometrics

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11967))

Abstract

Today’s biometric authentication systems are still struggling with replay attacks and irrevocable stolen credentials. This paper introduces a biometric protocol that addresses such vulnerabilities. The approach prevents identity theft by being based on memory creation biometrics. It takes inspiration from two different authentication methods, eye biometrics and challenge systems, as well as a novel biometric feature: the pupil memory effect. The approach can be adjusted for arbitrary levels of security, and credentials can be revoked at any point with no loss to the user. The paper includes an analysis of its security and performance, and shows how it could be deployed and improved.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    Meaning that the person trying to authenticate is blocked after three failed attempts.

  2. 2.

    This is enough for the users to have high memory performance as in [37], while still being faster than nearly all password composition policies [46].

References

  1. Asghar, H.J., Li, S., Pieprzyk, J., Wang, H.: Cryptanalysis of the convex hull click human identification protocol. Int. J. Inf. Secur. 12(2), 83–96 (2013)

    Article  MATH  Google Scholar 

  2. Ashby, C., Bhatia, A., Tenore, F., Vogelstein, J.: Low-cost electroencephalogram (EEG) based authentication. In: 5th International IEEE/EMBS Conference on Neural Engineering - NER, pp. 442–445. IEEE (2011)

    Google Scholar 

  3. Bednarik, R., Kinnunen, T., Mihaila, A., Fränti, P.: Eye-movements as a biometric. In: Kalviainen, H., Parkkinen, J., Kaarna, A. (eds.) SCIA 2005. LNCS, vol. 3540, pp. 780–789. Springer, Heidelberg (2005). https://doi.org/10.1007/11499145_79

    Chapter  Google Scholar 

  4. Bonneau, J.: The science of guessing: analyzing an anonymized corpus of 70 million passwords. In: IEEE Symposium on Security and Privacy, pp. 538–552 (5 2012). https://doi.org/10.1109/SP.2012.49

  5. Bowyer, K.W., Hollingsworth, K., Flynn, P.J.: Image understanding for iris biometrics: a survey. Comput. Vis. Image Underst. 110(2), 281–307 (2008)

    Article  Google Scholar 

  6. Bradley, M.M., Lang, P.J.: Memory, emotion, and pupil diameter: repetition of natural scenes. Psychophysiology 52(9), 1186–1193 (2015)

    Article  Google Scholar 

  7. Brostoff, S., Sasse, M.A.: Are passfaces more usable than passwords? A field trial investigation. In: McDonald, S., Waern, Y., Cockton, G. (eds.) People and Computers XIV – Usability or Else!: Proceedings of HCI, pp. 405–424. Springer, London (2000). https://doi.org/10.1007/978-1-4471-0515-2_27

    Chapter  Google Scholar 

  8. Chiasson, S., Biddle, R., van Oorschot, P.C.: A second look at the usability of click-based graphical passwords. In: Proceedings of the 3rd Symposium on Usable Privacy and Security, SOUPS 2007, pp. 1–12. ACM, New York (2007)

    Google Scholar 

  9. Choudhury, B., Then, P., Issac, B., Raman, V., Haldar, M.: A survey on biometrics and cancelable biometrics systems. Int. J. Image Graph. 18, 1850006 (2018)

    Article  Google Scholar 

  10. Cody, S.: Do Only The Eyes Have It? Predicting subsequent memory with simultaneous neural and pupillometry data. Master’s thesis, The Ohio State University (2015)

    Google Scholar 

  11. Curran, M.T., Yang, J., Merrill, N., Chuang, J.: Passthoughts authentication with low cost EarEEG. In: IEEE 38th Annual International Conference of the Engineering in Medicine and Biology Society - EMBC, pp. 1979–1982. IEEE (2016)

    Google Scholar 

  12. Das, R., Maiorana, E., Campisi, P.: EEG biometrics using visual stimuli: a longitudinal study. IEEE Signal Process. Lett. 23(3), 341–345 (2016)

    Article  Google Scholar 

  13. Deravi, F., Guness, S.P.: Gaze trajectory as a biometric modality. In: Biosignals, pp. 335–341 (2011)

    Google Scholar 

  14. Einhäuser, W.: The pupil as marker of cognitive processes. In: Zhao, Q. (ed.) Computational and Cognitive Neuroscience of Vision. CST, pp. 141–169. Springer, Singapore (2017). https://doi.org/10.1007/978-981-10-0213-7_7

    Chapter  Google Scholar 

  15. Ferrante, M., Saltalamacchia, M.: The coupon collector’s problem. Materials Matemàtics 0001–35 (2014)

    Google Scholar 

  16. Galdi, C., Nappi, M., Riccio, D., Cantoni, V., Porta, M.: A new gaze analysis based soft-biometric. In: Carrasco-Ochoa, J.A., Martínez-Trinidad, J.F., Rodríguez, J.S., di Baja, G.S. (eds.) MCPR 2013. LNCS, vol. 7914, pp. 136–144. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38989-4_14

    Chapter  Google Scholar 

  17. Galdi, C., Nappi, M., Riccio, D., Wechsler, H.: Eye movement analysis for human authentication: a critical survey. Pattern Recogn. Lett. 84, 272–283 (2016)

    Article  Google Scholar 

  18. German, R.L., Barber, K.S.: Consumer attitudes about biometric authentication. Technical report, University of Texas at Austin Center for Identity (2018)

    Google Scholar 

  19. Golla, M., Schnitzler, T., Dürmuth, M.: Will any password do? Exploring rate-limiting on the web. In: Who Are You ?! Adventures in Authentication (2016)

    Google Scholar 

  20. Gomes, C.A., Montaldi, D., Mayes, A.: The pupil as an indicator of unconscious memory: introducing the pupil priming effect. Psychophysiology 52(6), 754–769 (2015)

    Article  Google Scholar 

  21. Jensen, W., Gavrila, S., Korolev, V., et al.: Picture password: a visual login technique for mobile devices. Technical report, National Institute of Standards and Technology (2003)

    Google Scholar 

  22. Just, M., Aspinall, D.: Personal choice and challenge questions: a security and usability assessment. In: Proceedings of the 5th Symposium on Usable Privacy and Security, p. 8. ACM (2009)

    Google Scholar 

  23. Just, M., Aspinall, D.: Challenging challenge questions: an experimental analysis of authentication technologies and user behaviour. Policy Internet 2(1), 99–115 (2010)

    Article  Google Scholar 

  24. Kafkas, A., Montaldi, D.: Recognition memory strength is predicted by pupillary responses at encoding while fixation patterns distinguish recollection from familiarity. Q. J. Exp. Psychol. 64(10), 1971–1989 (2011)

    Article  Google Scholar 

  25. Karthika, S., Devaki, P.: An efficient user authentication using captcha and graphical passwords - a survey. Int. J. Sci. Res. 3(11), 123 (2014)

    Google Scholar 

  26. Kasprowski, P., Komogortsev, O.V., Karpov, A.: First eye movement verification and identification competition at BTAS 2012. In: IEEE 5th International Conference on Biometrics: Theory, Applications and Systems - BTAS, pp. 195–202. IEEE (2012)

    Google Scholar 

  27. Klamkin, M.S., Newman, D.J.: Extensions of the birthday surprise. J. Comb. Theory 3(3), 279–282 (1967)

    Article  MathSciNet  Google Scholar 

  28. Kollreider, K., Fronthaler, H., Bigun, J.: Evaluating liveness by face images and the structure tensor. In: IEEE 4th Workshop on Automatic Identification Advanced Technologies - AutoID, pp. 75–80, October 2005

    Google Scholar 

  29. Lashkari, A.H., Farmand, S., Zakaria, O.B., Saleh, R.: Shoulder surfing attack in graphical password authentication. Int. J. Comput. Sci. Inf. Secur. - IJCSIS 6(2) (2009). http://arxiv.org/abs/0912.0951

  30. Lee, C., Kim, J.: Cancelable fingerprint templates using minutiae-based bit-strings. J. Netw. Comput. Appl. 33(3), 236–246 (2010)

    Article  Google Scholar 

  31. de Leeuw, K.M.M., Bergstra, J.: The History of Information Security: A Comprehensive Handbook. Elsevier, Amsterdam (2007)

    Google Scholar 

  32. Loftus, G.R.: Eye fixations and recognition memory for pictures. Cogn. Psychol. 3(4), 525–551 (1972)

    Article  Google Scholar 

  33. Marcel, S., Millán, J.R.: Person authentication using brainwaves (EEG) and maximum a posteriori model adaptation. IEEE Trans. Pattern Anal. Mach. Intell. 29(4), 743–752 (2007)

    Article  Google Scholar 

  34. McCulley, S., Roussev, V.: Latent typing biometrics in online collaboration services. In: Proceedings of the 34th Annual Computer Security Applications Conference, ACSAC 2018, pp. 66–76. ACM, New York (2018). https://doi.org/10.1145/3274694.3274754

  35. Moon, D., Yoo, J.H., Lee, M.K.: Improved cancelable fingerprint templates using minutiae-based functional transform. Secur. Commun. Netw. 7(10), 1543–1551 (2014). https://doi.org/10.1002/sec.788

    Article  Google Scholar 

  36. Shepard, R.N.: Recognition memory for words, sentences, and pictures. J. Verbal Learn. Verbal Behav. 6, 156–163 (1967). https://doi.org/10.1016/S0022-5371(67)80067-7

    Article  Google Scholar 

  37. Naber, M., Frässle, S., Rutishauser, U., Einhäuser, W.: Pupil size signals novelty and predicts later retrieval success for declarative memories of natural scenes. J. Vis. 13(2), 11–11 (2013)

    Article  Google Scholar 

  38. Noton, D., Stark, L.: Scanpaths in saccadic eye movements while viewing and recognizing patterns. Vis. Res. 11(9), 929–942 (1971)

    Article  Google Scholar 

  39. Phetmak, N., Liwlompaisan, W., Boonma, P.: Travel password: a secure and memorable password scheme. In: Nguyen, N.T., Attachoo, B., Trawiński, B., Somboonviwat, K. (eds.) ACIIDS 2014. LNCS (LNAI), vol. 8397, pp. 402–411. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-05476-6_41

    Chapter  Google Scholar 

  40. Rajan, R., Selker, T., Lane, I.: Task load estimation and mediation using psycho-physiological measures. In: Proceedings of the 21st International Conference on Intelligent User Interfaces, pp. 48–59. ACM (2016)

    Google Scholar 

  41. Rayner, K.: Eye movement latencies for parafoveally presented words. Bull. Psychon. Soc. 11(1), 13–16 (1978)

    Article  Google Scholar 

  42. Reddy, P.V., Kumar, A., Rahman, S., Mundra, T.S.: A new antispoofing approach for biometric devices. IEEE Trans. Biomed. Circ. Syst. 2(4), 328–37 (2008)

    Article  Google Scholar 

  43. Rigas, I., Abdulin, E., Komogortsev, O.: Towards a multi-source fusion approach for eye movement-driven recognition. Inf. Fusion 32, 13–25 (2016)

    Article  Google Scholar 

  44. Roberts, C.: Biometric attack vectors and defences. Comput. Secur. 26(1), 14–25 (2007)

    Article  MathSciNet  Google Scholar 

  45. Schechter, S., Brush, A.J.B., Egelman, S.: It’s no secret. Measuring the security and reliability of authentication via “secret” questions. In: 30th IEEE Symposium on Security and Privacy, pp. 375–390. IEEE (2009)

    Google Scholar 

  46. Segreti, S.M., et al.: Diversify to survive: making passwords stronger with adaptive policies. In: 13th Symposium on Usable Privacy and Security - SOUPS, pp. 1–12. USENIX Association, Santa Clara, CA (2017)

    Google Scholar 

  47. Selker, T.: Understanding considerate systems - UCS (pronounced: You see us). In: 2010 International Symposium on Collaborative Technologies and Systems, pp. 1–12, May 2010. https://doi.org/10.1109/CTS.2010.5478532

  48. Shape: 2018 credential spill report. Technical report, Shape Security (2018)

    Google Scholar 

  49. Shin, S.W., Lee, M.K., Moon, D., Moon, K.: Dictionary attack on functional transform-based cancelable fingerprint templates. ETRI J. 31(5), 628–630 (2009)

    Article  Google Scholar 

  50. Singh, S., Agarwal, G.: Integration of sound signature in graphical password authentication system. Int. J. Comput. Appl. 12(9), 11–13 (2011)

    Google Scholar 

  51. Sluganovic, I., Roeschlin, M., Rasmussen, K.B., Martinovic, I.: Using reflexive eye movements for fast challenge-response authentication. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS 2016, pp. 1056–1067. ACM, New York (2016)

    Google Scholar 

  52. Wiedenbeck, S., Waters, J., Birget, J.C., Brodskiy, A., Memon, N.: Passpoints: design and longitudinal evaluation of a graphical password system. Int. J. Hum Comput Stud. 63(1–2), 102–127 (2005)

    Article  Google Scholar 

  53. Zviran, M., Haga, W.J.: Cognitive passwords: the key to easy access control. Comput. Secur. 9(8), 723–736 (1990)

    Article  Google Scholar 

Download references

Acknowledgements

We’d like to thank Leila Gabasova for their help with the figures. This work was supported partly by the french PIA project “Lorraine Université d’Excellence”, reference ANR-15-IDEX-04-LUE.

Author information

Authors and Affiliations

  1. Digitrust, Loria, Université de Lorraine, Nancy, France

    Nikola K. Blanchard

  2. Université Côte d’Azur, Inria Sophia-Antipolis, Nice, France

    Siargey Kachanovich

  3. University of Maryland, Baltimore County, Palo Alto, CA, USA

    Ted Selker

  4. Observatoire de Paris, Paris, France

    Florentin Waligorski

Authors
  1. Nikola K. Blanchard
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Siargey Kachanovich
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ted Selker
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Florentin Waligorski
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nikola K. Blanchard .

Editor information

Editors and Affiliations

  1. IIT-CNR, Pisa, Italy

    Andrea Saracino

  2. IIT-CNR, Pisa, Italy

    Paolo Mori

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Blanchard, N.K., Kachanovich, S., Selker, T., Waligorski, F. (2020). Reflexive Memory Authenticator: A Proposal for Effortless Renewable Biometrics. In: Saracino, A., Mori, P. (eds) Emerging Technologies for Authorization and Authentication. ETAA 2019. Lecture Notes in Computer Science(), vol 11967. Springer, Cham. https://doi.org/10.1007/978-3-030-39749-4_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-39749-4_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-39748-7

  • Online ISBN: 978-3-030-39749-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation