Professional Documents
Culture Documents
2fa 2024
2fa 2024
2fa 2024
This is the author's version which has not been fully edited and
content may change prior to final publication. Citation information: DOI 10.1109/TMC.2024.3368331
Abstract—Keyless entry systems (KES) have become popular due to their high user-friendliness, while fingerprint and digital password
authentication are two of the most widely used unlocking ways. However, current KES are vulnerable to security threats, such as
fingerprint films that deceive fingerprint sensors and stolen passcodes. To address these issues, this paper presents Fingerbeat, a
two-factor authentication system to defend the security risks of the current widely deployed KES devices. Fingerbeat combines original
credentials, such as fingerprint or passcode, with unique and persistent finger-induced vibrations (FIV) to create a two-factor secure
authentication model, without compromising any user-friendliness. Fingerbeat leverages the fact that each person’s finger structure is
distinct and can be represented in distinct vibration patterns. During authentication, FIV are triggered and embodied in the mechanical
vibration of force-bearing body (i.e., KES panel), which can be captured by a low-cost accelerometer. We developed a proof-of-concept
prototype of Fingerbeat, which can extract FIV features from mixed vibration recordings, eliminate the impacts of variable behavior and
external disturbance, and model user identity. We implement a Fingerbeat prototype and use extensive evaluation to demonstrate its
security and effectiveness.
Authorized licensed use limited to: VTU Consortium. Downloaded on March 27,2024 at 05:54:55 UTC from IEEE Xplore. Restrictions apply.
© 2024 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.See https://www.ieee.org/publications/rights/index.html for more information.
This article has been accepted for publication in IEEE Transactions on Mobile Computing. This is the author's version which has not been fully edited and
content may change prior to final publication. Citation information: DOI 10.1109/TMC.2024.3368331
Authorized licensed use limited to: VTU Consortium. Downloaded on March 27,2024 at 05:54:55 UTC from IEEE Xplore. Restrictions apply.
© 2024 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.See https://www.ieee.org/publications/rights/index.html for more information.
This article has been accepted for publication in IEEE Transactions on Mobile Computing. This is the author's version which has not been fully edited and
content may change prior to final publication. Citation information: DOI 10.1109/TMC.2024.3368331
Amplitude
composed sinusoidal forces. Therefore, we can infer the 0.6 (7,0.8)
CDF
0.04
influence factors of FIV from the vibration response caused 0.4
by sinusoidal signals. In the spring-mass-damper model, the 0.02
0.2
vibration response generated by the sinusoidal excitation (7,0.21)
0 0
can be expressed as: 0 50 100 150 200 250 0 5 10 15
Frequency(Hz) Distance
2
d xi (t) dxi (t)
m +c + kxi (t) = Fi sin ωi (t). (2) (a) ASD of FIV (b) FIV uniqueness
dt2 dt
The equation is transformed into:
Fig. 3: Empirical results on the uniqueness of FIV measured
d2 xi (t) dxi (t) Fi with amplitude spectrum density (ASD) and Euclidean dis-
+ 2ξwn + wn2 x(t) = sin ωi t. (3)
dt2 dt m tance.
k
where wn2 = m , ξ = √c . The solution of this equation is
2 mk
as follows:
2.2 Feasibility Analysis
xi (t)
In this section, we conduct a feasibility study to corroborate
ξwn sin ψ − ωi cos ψ
= X0 e−ξwn t sin ωd t + sin ψ cos ωd t the theoretical analysis presented in the previous section.
ωd
v0 and explore the feasibility of using FIV-based implicit bio-
−ξwn t
+e xi cos ωd t + sin ωd t metrics for user identification.
u
+ X0 sin (ωi t − ψ) . Experimental setup. We designed a prototype of KES that
(4) integrates with a fingerprint scanner, touch-based password
where ψ = arctan 1−λ 2ξλ
2 , X 0 = √ Fi /k
, and λ = entry panel, processing unit, and a vibration collector mod-
2 2 2
(1−λ ) +(2ξλ)
ωi ule, to evaluate the feasibility studies and the performance
wn . of Fingerbeat in Sec. 4. The FIV signals is acquired by
According to the expression, we can find that the vi- a builtin accelerometer sensor in model AKF392-T-68. We
bration wave generation (i.e., vertical displacement xi (t)) is instructed 15 volunteers to operate the KES. Without loss of
affected by m, c, k , Fi and ωi . From this result, we infer generality, we select the collected FIV signals of two random
that x(t) is affected by three factors. (1)The m, c and k volunteers (denoted as S1 and S2 ) to represent the analysis
parameters of the finger-KES oscillator, depending on the results. The detail experimental results of all volunteers are
structure of the finger and KES; (2)The amplitude of each given in Sec. 4. We use Euclidean distance to denote the
sinusoidal component, F = {F1 , F2 , . . . , Fn }, is related to dissimilarity of two vectors, which can be calculated by
tapping force; (3)The frequency composition ω of f (t). Due Dynamic Time Warping (DTW) [22]. The Euclidean distance
to the differences in bone structure, muscle, and size among is 0 if two vectors are the same; the greater the difference
fingers/users, the structure of each finger-KES oscillator and between the two vectors, the larger the distance.
the pattern of forces exerted by the fingers are unique. More
Uniqueness. For each finger-KES interaction, i.e., finger-
importantly, the finger is a nonlinear response medium due
print scanning or passcode entry, the frequency distribu-
to its complex physiological structure [20], which means that
tions and harmonics of the produced FIV are dependent
the frequency composition of the vibration response x(t)
on the internal composition of vibrating source. Such traits
cannot be predicted.
can be characterized by the amplitude spectrum density
After the vibration signal x(t) is generated in the force-
(ASD) of the FIV signals. Therefore, we can use the fea-
bearing area, it will spread outward through the finger-device
ture of ASD profiles to distinguish FIV signals generated
oscillator, which finally can be sensed by the accelerom-
from different fingers. To verify the uniqueness of FIV, we
eter installed in the KES, as shown in Fig. 2(b). During
instruct two volunteers to repeatedly operate the KES on
this process, vibration amplitude continuously attenuates,
the same position with an identical finger for more than
which is characterized by the following vibration attenua-
10 times. Fig. 3(a) shows the ASD of collected FIV signals,
tion model [21]:
which indicates the ASD of FIV signals generated from the
y(t) = x(t)e−αd , (5)
same finger are with similar outline, and the ASD of FIV
where y(t) is the propagation vibration signal at the ac- from different fingers are significantly different. Fig. 3(b)
celerometer, α is the attenuation coefficient related to the shows the cumulative distribution function (CDF) of the
propagation medium, and d is the propagation distance Euclidean distance between the FIV signals from the same
between the press point and accelerometer. Note that dif- finger (Case1) and the Euclidean distance between differ-
ferent device materials and press points can lead to distinct ent fingers (Case2). The distance between FIV signals of
values of the coefficient α and d, which in turn affect the the same finger is significantly smaller than the distance
attenuation of x(t) during propagating. between FIV signals generated from different fingers. More
According to the above theoretical model, the captured than 79% of the distances in Case1 are less than 7, while
FIV feature is mainly composed of the relevant parameters more than 80% of the distances in Case2 are larger than 7,
m, k and c of the finger-KES oscillator, the tapping force which sheds light on the feasibility of exploiting FIV signal
related to the structure of finger, and the parameters α and for finger identification. Moreover, there is an overlapping
d affected by different tapping locations. area between Case1 and Case2, which means that we cannot
Authorized licensed use limited to: VTU Consortium. Downloaded on March 27,2024 at 05:54:55 UTC from IEEE Xplore. Restrictions apply.
© 2024 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.See https://www.ieee.org/publications/rights/index.html for more information.
This article has been accepted for publication in IEEE Transactions on Mobile Computing. This is the author's version which has not been fully edited and
content may change prior to final publication. Citation information: DOI 10.1109/TMC.2024.3368331
1 1 0.03 0.03
FF Position1 Time1
Case3
FS Time2
0.8 Case4 Position2
FT 0.8
Case5
Amplitude
Amplitude
0.02 0.02
0.6 0.6
CDF
CDF
0.4 0.4
0.01 0.01
0.2 0.2
0 0 0 0
0 4 8 12 0 50 100 150 200 250 0 50 100 150 200 250
4 6 8 10 12
Distance Distance Frequency(Hz) Frequency(Hz)
(a) Time persistence (b) Impact of force (c) Different position (d) The same position
Fig. 4: Exploring the impact of inconsistent interaction behaviors and position on FIV, (a) distance between FIV signals
under different time; (b) distance between FIV signals under different forces; (c) ASD of FIV signals at two differennt
positions; and (d) ASD of FIV signals at the same position.
directly leverage raw FIV signals to fully distinguish users. tap position.
Therefore, we need to further extract fine-grained features Summaries and insights. In summary, The FIV contains
to amplify the differences across fingers (users). the user’s unique finger structure information and changes
Time persistence. To verify the time persistence of FIV little over time, has the potential to be used as a credential
signals, we recruited volunteers to use the same finger for identity authentication. Although different interaction
operating on the same position of KES panel 10 times every forces and inconsistent operating positions have an impact
other month. By using the 10 samples collected in the first on FIV signals, we can still find partial signal components
month as the benchmark, we calculate the distance in the that is less affected and highly relevant to the finger identity,
following two cases: only among the benchmark samples; such as the interval with a large correlation in the frequency
between benchmark samples and other ones collected at domain sequence, statistical features such as frequency of
different times. For simplicity, we use “FF”, “FS”, “FT” to peak, smoothness, etc. Moreover, we use the method intro-
respectively denote the distance between the samples of the duced in Sec. 3.3 to extract features and use some intelligent
first month, between the samples of the first and the second algorithms to try to eliminate the impact of different forces
months, and between the samples of the first and the third on FIV authentication.
months. As shown in Fig. 4(a), the results show that for the
same finger, the FIV signals collected from different time 2.3 Threat Model
are very similar, which indicates the implicit biometrics of Assuming that an attacker attempting to gain illegal access
finger in form of FIV signals is with good time persistence to a victim’s private space by spoofing the Fingerbeat sys-
and also verifies that the parameter m, k and c in the mass- tem, there are four potential types of attacks that can be
spring-damper model are constant. carried out on both fingerprint-based and passcode-based
Impact of inconsistent interaction behavior and position. KES.
To evaluate the impact of inconsistent interaction behaviors Blind attack. An attacker does not have any prior knowl-
and positions on FIV-based user identification, we first ask edge of the user’s fingerprint, password, or FIV information.
two volunteers to tap the same position on entry panel for In the case of a fingerprint-based KES, an attacker tries
10 times with gentle forces and heavy forces, respectively. unlocking the system with different fingers. In the case of
We calculate the distance between the samples of the same security-code KES, the attacker repeatedly inputs different
finger with the same force (Case3), the distance between patterns of six-digit passcodes.
the samples of the same user with different force (Case4), Premeditated attack. An attacker has premeditated to ob-
and the distance between the samples of different users tain the user’s fingerprint or security code. However, he/she
with the same force (Case5), respectively, and plot them in does not have any information on the victim’s FIV signals.
Fig. 4(b). As shown, the average distance of the same user On the premise of successfully passing the fingerprint or
with the same force is smallest and the distance of samples password authentication, an attacker randomly presses the
generated with different forces is significantly larger, which fingerprint scanner or password interactive panel. At the
demonstrates the interaction force has an impact on the same time, the operation will generate an FIV signal to
generated FIV signals. Then, we let volunteer S1 tap on emulate a legitimate user and try to trick the Fingerbeat
different positions of the entry panel and plot the distance system.
in Fig. 4(c). As shown, due to the impact of parameter d Deliberate attack. An attacker not only successfully obtains
in Eqn. 5 on signal propagation, the FIV signals generated the victim’s fingerprint or security code, but also deliber-
from different locations are distinguishing. However, when ately eavesdrops on the victim’s FIV signal through an ac-
we tap the fingerprint scanner or a number, the position celerometer sensor deployed 50cm away from the door lock.
change is weak. Fig. 4(d) shows the spectrum of the same However, in practice, the eavesdropping device must be
user tapping the same number twice. It can be seen that the placed in a more inconspicuous location to avoid detection.
effect of slight changes in position on FIV is not obvious. The technical difficulty of reproducing the signal and the
Therefore, in the security-code KES, we train the classifica- asynchronous problem of two-factor authentication during
tion model for each number to eliminate the influence of the the attack are ignored.
Authorized licensed use limited to: VTU Consortium. Downloaded on March 27,2024 at 05:54:55 UTC from IEEE Xplore. Restrictions apply.
© 2024 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.See https://www.ieee.org/publications/rights/index.html for more information.
This article has been accepted for publication in IEEE Transactions on Mobile Computing. This is the author's version which has not been fully edited and
content may change prior to final publication. Citation information: DOI 10.1109/TMC.2024.3368331
Fig. 5: System overview of Fingerbeat, consisting of Origial Certification module, Signal Processing and FIV Detection model,
FIV-based User Identification module, and Two-Factor Authentication Model.
Flood attack. Attacker has ample time and patience to con- frequency of 15Hz to eliminate the interference of human
tinuously execute the premeditated attack until the desired motion.
outcome is achieved. Normalization. Accordig to the theoretical FIV model, it
is difficult to ensure that the user’s operating behaviors,
such as tapping force ft=0 , always keep identical. Therefore,
3 S YSTEM D ESIGN we use a lightweight normalization method to solve these
In this section, we first present the system overview of problems. Specifically, the mean and variance of FIV signal
Fingerbeat and then introduce the technical details of each in the time domain are normalized to 0 and 1, respectively.
component.
3.2.2 Segmentation and Detection.
To detect the finger operation event from the acceleration
3.1 System Overview signal, we further conduct two rounds of segmentation.
Fig. 5 illustrates the system overview of Fingerbeat. The col- Firstly, we cut out the vibration events in coarse granularity
lected fingerprint/password and FIV signals are processed based on the energy threshold (ET). Secondly, we use the
in separate modules. The fingerprint/password signals are finger operation event detection method presented below to
sent to the Original Certification module for one factor au- screen out the real FIV signal.
thentication, while the FIV signals are first sent to the Signal Event Segmentation. Fingerbeat first used a sliding win-
Processing and FIV Detection module (detailed in Sec. 3.2) dow algorithm based on adaptive energy thresholds to
where the FIV signals is extracted after preprocessing. The segment the vibration events from the acceleration signal.
FIV-based User Profile module (see Sec. 3.3) extracts the criti- For more accurate segmentation, the ET should be related
cal features from FIV signals, which are then used to classify to the noise level. Assuming that the noise conforms to the
the user identity, i.e., the other factor authentication. Finally, Gaussian distribution, the mean and standard deviation of
the results of both fingerprint/password authentication and the noise energy are calculated in the non-vibration period.
FIV-based authentication are combined in the Two-Factor The sliding window is used to calculate the energy of the
Authentication Model (see Sec. 3.4) to jointly determine the acceleration signal and compare it with ET to determine the
user’s identity. The Original Certification Module is imple- position of the cutting point.
mented using existing technologies [23] [24], and we briefly FIV Detection. The signals obtained by the above steps are
describe it in this paper. segmented into various events, including those generated
by door-related actions such as knocking, ringing, opening,
etc. Thus, we need a method to determine whether it is a FIV
3.2 Signal Processing and FIV Detection event. Fig. 6 shows the time-domain and frequency-domain
3.2.1 Preprocessing diagrams of these signals. By closely examining both the
We first conduct signal preprocessing to normalize the cap- time and frequency traits, it is possible to differentiate the
tured FIV signals. signals. Our analysis reveals that the duration of FIV sig-
Unification of sampling rate. The sampling rates of ac- nals is between 0.4-0.6 seconds and distinct from the other
celerometers of different equipment are not uniform, which signals. The frequency spectrum of FIV signals displays
is difficult to carry out a unified time-frequency analysis. distinct symmetry and trailing patterns when compared to
Therefore, we first use sinc interpolation to unify the sam- the other three ones. To accurately identify FIV signals, the
pling rate to 1000Hz [25]. time-domain signal duration, as well as the skewness and
Denoising. External vibration signals generated by hu- kurtosis in the frequency domain, have been selected as
man activities such as walking, going up/down stairs, and relevant features.
running vehicles can affect the user authentication, which
need to be denoised. Most of the noise generated by hu- 3.3 FIV-based User Profile
man behaviors and running vehicles is concentrated within We have verified that tapping devices by different users will
15Hz, however the information of FIV is concentrated above produce FIV signal unique to users in Sec. 2.1. Next, we
15Hz, so we use Butterworth high-pass filter with cut-off analyze the critical features that can be used to identify user.
Authorized licensed use limited to: VTU Consortium. Downloaded on March 27,2024 at 05:54:55 UTC from IEEE Xplore. Restrictions apply.
© 2024 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.See https://www.ieee.org/publications/rights/index.html for more information.
This article has been accepted for publication in IEEE Transactions on Mobile Computing. This is the author's version which has not been fully edited and
content may change prior to final publication. Citation information: DOI 10.1109/TMC.2024.3368331
Amplitude
Amplitude
Amplitude
Amplitude
-0.5 0.0 0.00 0.0
-0.2 -0.01
(a) Finger-KES interaction (b) Knocking door (c) Doorbell ringing (d) Opening door
0.01 0.02 0.01
0.01
Amplitude
Amplitude
Amplitude
Amplitude
0.01
0 0 0 0
0 100 200 300 0 100 200 300 0 100 200 300 0 100 200 300
Frequency(Hz) Frequency(Hz) Frequency(Hz) Frequency(Hz)
(e) Finger-KES interaction (f) Knocking door (g) Doorbell ringing (h) Opening door
Fig. 6: Vibration signals generated from different daily activities in both time and frequency domains: (a)-(e) finger-KES
interaction, (b)-(f) knocking the door, (c)-(g) doorbell ringing, and (d)-(h) opening the door, where subfigures (a-d) show
the vibration signal in time domain, and (e-h) show their spectrogram respectively.
3.3.1 Feature Extraction search ability of the improved particle swarm optimiza-
According to empirical studies, the features of FIV signals in tion(BBPSO) [29] and the local search ability of the filtering
both time and frequency domain contain the characteristics method. In BBPSO algorithm, each particle contains a vari-
of users. Hence, we can extract some overall statistical able number of features, which is the candidate solution of
features of two domain signals. the optimization problem. A particle updates its position in
Statistical features. Through the study of signal process- the following ways:
ing, statistical features can be used to represent multiple
N (µij , |δij |) , r < prob
attributes of the FIV signal [26]. Therefore, we use the xt+1
ij = t
P bij ,
(6)
otherwise
LibXtract tool to capture scalar statistical features for each
FIV signal in the time and frequency domain. where xt+1ij = 1 indicates that j
th
feature is selected into ith
th
Amplitude spectral density (ASD). We perform Fast feature subset in the (t + 1) interaction; otherwise, it is not
Fourier Transform (FFT) on FIV signals to obtain the corre- selected. N (µij , |δij |) is Gaussian distribution, where µij is
sponding amplitude spectral density. As mentioned above, mean, which is calculated by µij = 0.5 P btij + Gbtj ; |δij | is
we fix the sampling rate of accelerometer at 1000Hz. Ac- variance, which is calculated by |δij | = P btij − Gbtj + ∆,
cording to Nyquist Sampling Theorem [27], the value range where ∆ = r3 × P btmj − P btnj × exp (f (Gbt ) − f (Xit )),
of amplitude spectral density is between 0 and 500Hz. r3 is random value between 0 and 1, P bi and Gb present
Therefore, by taking the amplitude at each frequency as the personal and global leaders respectively. The local search al-
feature, we can get a fixed length feature vector. gorithm uses mutual information to calculate the similarity
Through Sec 2.1, we can know that since the FIV signal between features and the correlation between features and
is tightly sealed in fingertip’s physical structure and is tags, so as to improve the local search ability.
only activated by the finger-KES interaction, how to extract The feature set obtained by F S method deletes the fea-
features highly related to user identity from the signal mixed tures sensitive to tapping position, equipment, and similar
in mechanical vibrations is needed. Here, we choose the features, and retains the features that effectively represent
statistical features and amplitude spectral density(ASD) as the uniqueness of fingers/users, which further ensures the
the basic features, and filter out some key traits. reliability of authentication and reduces data redundancy.
Authorized licensed use limited to: VTU Consortium. Downloaded on March 27,2024 at 05:54:55 UTC from IEEE Xplore. Restrictions apply.
© 2024 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.See https://www.ieee.org/publications/rights/index.html for more information.
This article has been accepted for publication in IEEE Transactions on Mobile Computing. This is the author's version which has not been fully edited and
content may change prior to final publication. Citation information: DOI 10.1109/TMC.2024.3368331
4 E VALUATION
Authorized licensed use limited to: VTU Consortium. Downloaded on March 27,2024 at 05:54:55 UTC from IEEE Xplore. Restrictions apply.
© 2024 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.See https://www.ieee.org/publications/rights/index.html for more information.
This article has been accepted for publication in IEEE Transactions on Mobile Computing. This is the author's version which has not been fully edited and
content may change prior to final publication. Citation information: DOI 10.1109/TMC.2024.3368331
Authorized licensed use limited to: VTU Consortium. Downloaded on March 27,2024 at 05:54:55 UTC from IEEE Xplore. Restrictions apply.
© 2024 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.See https://www.ieee.org/publications/rights/index.html for more information.
This article has been accepted for publication in IEEE Transactions on Mobile Computing. This is the author's version which has not been fully edited and
content may change prior to final publication. Citation information: DOI 10.1109/TMC.2024.3368331
0.12
0.9 0.9
0.09
TPR
BAC
FPR
0.06
0.8 0.8
0.03
1 0 0
1 0 0 .0 0 1 0 0 .0 0 9 9 .9 7 9 9 .4 1
9 3 .8 7
T P R walking on Fingerbeat. We conducted comparative experi-
F P R ments in three environments: (1) no walking, (2) one people
8 0 walking and (3) two people walking. The results in Table 2
6 4 .5 7
6 0 show that the performance difference in the three scenarios
is very small.
4 0
TABLE 2: TPR in different environments.
2 0 .7 9
2 0 Environment TPR
1 .9 7 0 .1 0 0 .0 0 0 .0 0 0 .0 0
0 no walking 93.31%
S 1 S 2 S 3 S 4 S 5 S 6 one people walking 93.26%
T h r e s h o ld V a lu e two people walking 92.8%
Fig. 11: Multi-vibration authentication strategy selection.
TABLE 1: Vibration signal detection result.
Vibration Type/Detection Result FIV Interference
4.4.2 Robustness of Attack
FIV (30 times) 30 0 In this part, we evaluate the security of the KES de-
Knocking (30 times) 2 28 ployed with Fingerbeat under the four attacks mentioned
Ringing (30 times) 0 30 in Sec. 2.3.
Opening (30 times) 0 30
Defend Against Blind Attack. In this case, the at-
tacker does not know the user’s fingerprint information
and password. Without knowing the user’s fingerprint, it
4.3.3 Performance of Different Classification Models
is almost impossible for the attacker to pass fingerprint
To choose the most appropriate classifier, we compare authentication. In the security-code KES, the probability of
the performance of common classifiers using the data in an attacker guessing the 6-digit password is 1016 , which is
Sec 4.3.1. The experiment compares the performance of approximately 0. Therefore, in the blind attacker scenario,
five classifiers, Support Vector Machine (SVM), K-Nearest whether or not Fingerbeat is deployed, the probability of
Neighbor (KNN), Decision Tree (DT), Naive Bayes (NB) and successful is approximately 0.
Logistic Rregression (LR) [32]. The training set and test set
Defend Against Premeditated Attack. In this case, it is
of each classifier are exactly the same. Fig. 12(a), Fig. 12(b)
assumed that the attacker can successfully deceive finger-
and Fig. 12(c) respectively show the TPR, FPR and BAC
print/password authentication. Thus, the probability of an
value of the classification results of different classifiers. It
attacker passing a KES (no Fingerbeat) is 100%. Fingerbeat
can be seen that the performance of SVM classification is
adds single vibration authentication for fingerprint-based
better than other classifiers.
KES and multi-vibration authentication for security-code
4.3.4 Performance of Panel Materials. KES. According to Sec 4.3.1, the attack success rates of single
vibration authentication and multi-vibration authentication
In addition to fingers, the panel material can also affect
are 3.06% and 0.1%.
the structure of the whole vibration body and hence FIVs.
Defend Against Deliberate Attack. In this case, it is as-
Therefore, in this section, volunteers are asked to click
sumed that the attacker can pass fingerprint/password au-
on three types of materials (i.e., wood, plastic, iron) 100
thentication and attempt to attack vibration authentication
times each time. Subsequently, we calculate the average
with eavesdropped FIV signals. We designed an experiment
performance variation across distinct materials, i.e., 0.14%
to test the ability of Fingerbeat to resist the attack. We let
TPR and 0.09% BAC. The result states that the door mate-
legitimate users perform the unlocking operation normally,
rial imposes an insignificant impact on the authentication
and the acceleration sensor is placed 50cm away from the
performance, hence it is a neglected factor.
lock body. This signal is directly used as an attack signal and
put into our trained model for classification. We collected 80
4.4 Robustness Verification
attack signals and none of them were successful. This result
4.4.1 Robustness of Walking is not surprising. The model in Section 2.1 mentions that
When we are unlocking, there may be neighbors walking the propagation distance affects the vibration signal. The
in the corridor, so it is necessary to discuss the impact of eavesdropped signal propagated for a certain distance and
Authorized licensed use limited to: VTU Consortium. Downloaded on March 27,2024 at 05:54:55 UTC from IEEE Xplore. Restrictions apply.
© 2024 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.See https://www.ieee.org/publications/rights/index.html for more information.
This article has been accepted for publication in IEEE Transactions on Mobile Computing. This is the author's version which has not been fully edited and
content may change prior to final publication. Citation information: DOI 10.1109/TMC.2024.3368331
0.9 0.9
0.2
0.8 0.8
TPR
FPR
BAC
0.7 0.7
0.1
0.6 0.6
0.5 0 0.5
SVM KNN DT NB LR SVM KNN DT NB LR SVM KNN DT NB LR
Classifier Classifier Classifier
(a) TPR of different classification models. (b) FPR of different classification models. (c) BAC of different classification models.
Fig. 12: Performance of different classification models.
the medium changed from the lock body to the door panel, new scenarios, such as the impact of pedestrian walking,
which was obviously deformed and distorted. Therefore, it hand tremors, and vehicle bumps on authentication. In
is difficult to be identified. future work, we also need to explore the performance varia-
Defend against Flood Attack. In this case, the attacker tion of the authentication mechanism when the user’s finger
repeats premeditated attacks countless times. Although the structure is damaged, while proposing the corresponding
success rate of a single attack is very low, repeated many fault tolerance method.
times is bound to succeed. Fortunately, the deadlock mecha- Advanced network. As shown in Sec. 4, Fingerbeat has a
nism of Fingerbeat only allows three unsuccessful attempts good performance using simple classifiers for identity de-
in a short period of time. Therefore, the attack success rate cisions. However, a well-designed learning-based network
of Fingerbeat deployed in the fingerprint lock is 8.9% and can further improve authentication performance described
security-code lock is 0.3%. in TouchPass [33], HandKey [15]. In future work, we will
Fig. 13(a) and Fig. 13(b) show the success rates of try to design an effective network such as contrastive learn-
fingerprint-based KES (with and without Fingerbeat) and ing for Fingerbeat to further improve its robustness facing
security-code KES under four attacks, respectively. It can cross-domain applications. In addition, we need to explore
be seen that Fingerbeat can effectively resist the above four a unified metric [34]–[38] to measure the superiority and
attacks, which greatly improves the security of fingerprint- uniqueness of the biological features themselves.
based KES and security-code KES.
1 0 0 1 0 0
1 0 0 1 0 0 1 0 0 1 0 0 1 0 0 1 0 0 6 R ELATED W ORK
8 0 8 0
O n e -fa c to r O n e -fa c to r
T w o -fa c to r T w o -fa c to r
F P R (% )
6 0
4 0 4 0
2 0 2 0 Keyless entry systems use the user’s own memory, portable
8 .9 0
0 0 .0 0 3 .0 6 0 .0 0
0 0 .0 0 0 .1 0 0 .0 0 0 .3 0 smart devices or unique biometrics to unlock the door and
a te d a te d
0 0
a te lo o d a te lo o d
B lin dP r e m e d it D e lib e r F B lin dP r e m e d it D e lib e r F completely get rid of the ”keychain”. In the early stages,
(a) The success rate of fingerprint(b) The success rate of fingerprint keyless entry system unlock credentials were user-defined
lock attacks in the three scenarios. lock attacks in the three scenarios. passwords [39], which relies heavily on the user’s memory
Fig. 13: Performance of defending potential attacks. and increases the user’s burden. What’s more, passwords
are easily peeked by covert camera attacks or shoulder surf-
ing attacks, posing a privacy leakage risk that cannot be ig-
nored [5], [6]. Due to the higher security and convenience of
5 D ISCUSSION AND F UTURE W ORK Fingerprint-based KES, it has become the choice of more and
The current version of Fingerbeat has some limitations. In more users. However, users will leave complete fingerprint
this section, we will discuss these limitations and explore information on the items they have touched. Attackers can
where we can improve in the future. use fingerprints left on items to create fingerprint films to
Potential advanced attacks. The unique propagation char- deceive fingerprint-based KES [11]. More advanced sensors
acteristics of vibration signals make it difficult for attackers can solve this problem. Qualcomm Fingerprint Sensor [10]
to steal. However, advanced attackers may obtain the FIV uses sound waves to scan the sweat pores of the user’s
features of legitimate users from the operating system and finger to obtain accurate 3D images. However, the high cost
inject them into the login system. In our further work, we and unknown risks make it difficult to apply it on a large
should explore the security risks of this attack targeted at scale. SoundLock [35] leveraged the auditory-pupillary re-
the operation system. sponse as biometrics to construct a novel user authentication
Apply to more scenarios. To improve the security of the scheme for VR devices, but it is not suitable for the contact
widely used KES, Fingerbeat uses as a secondary authen- human-computer interaction scenario. Fingerbeat combines
tication factor. Finger tapping, as a natural and convenient fingerprint/password authentication and vibration authen-
interactive action, has the potential ability to be applied in tication to realize two-factor authentication, which makes
more scenarios, such as mobile phones, computers and on- up for the security loopholes in the above authentication
board devices. Inevitably, there will be new challenges in methods.
Authorized licensed use limited to: VTU Consortium. Downloaded on March 27,2024 at 05:54:55 UTC from IEEE Xplore. Restrictions apply.
© 2024 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.See https://www.ieee.org/publications/rights/index.html for more information.
This article has been accepted for publication in IEEE Transactions on Mobile Computing. This is the author's version which has not been fully edited and
content may change prior to final publication. Citation information: DOI 10.1109/TMC.2024.3368331
6.2 Vibration-based User Identity the use of FIV-based authentication to address the security
Existing vibration-based authentication mostly relies on ac- shortcomings of fingerprint-based and security code KES
tive sensing, such as the methods described in [16], [26], systems. Additionally, the operation of Fingerbeat is simple
[33], [40]. These methods generate vibrations using a motor and avoids the major drawback of two-factor authentica-
or other excitation source, then capture the vibration signals tion, which is its complicated operation.
transmitted by the human body for identity authentication.
VibID [26], [40] is deployed on smartwatches and uses the 7 C ONCLUSION
vibration signal generated by an external motor to sense This paper presents Fingerbeat, a two-factor authentication
the unique physical characteristics of the user’s arm. Touch- model for Keyless Entry Systems (KES) that combines both
Pass [33] employs a Siamese network to mine hidden fin- fingerprint and security code recognition. The unique phys-
ger structure features in the vibration signal. VibWrite [16] ical structure of each finger results in distinctive, constant
senses the touch position of the finger to identify the legality vibrations, known as finger-induced vibrations (FIV), dur-
of the PIN/pattern/gesture entered by the user using the ing unlocking interactions such as fingerprint scanning or
vibration signal. It needs a motor as a signal source to code inputting. By utilizing these FIV patterns, we can dis-
actively trigger vibration signals; while our work relies on tinguish users for authentication purposes. Our implemen-
the vibration signal generated by passively clicking the tation of the KES prototype integrates a fingerprint scanner,
touch panel to complete the authentication. Velody [20] touch-based password entry panel, processing unit, and a
senses the unique physical structure of the user’s palm vibration collector module. The results of our experiments
for authentication using vibration signals and includes a demonstrate that Fingerbeat accurately authenticates users
“challenge-response” mechanism to prevent replay attacks. and effectively defends against various attacks.
VibSense [41] uses vibration signals of known frequencies
to identify items that vary in size and weight. Another
proposed method [42] utilizes user-generated involuntary R EFERENCES
muscle movements under electrical impulse stimulation, [1] Smart door lock market research report 2023. In
requiring a custom EMS sleeve for the user. https://www.industryresearch.biz/global-smart-door-lock-market-
19951618, 2023.
Previous research on passive sensing of vibration signals [2] FBI.gov. Burglary. https://ucr.fbi.gov/crime-in-the-
has focused on exploring new ways of human-computer u.s/2017/crime-in-the-u.s.-2017/topic-pages/burglary. 2017.
interaction. Taprint [21] uses the hand as a virtual keyboard [3] safewise. 8 surprising home burglary facts and stats.
for smartwatches by detecting the location of taps. Vib- https://safeatlast.co/blog/burglary-statistics/gref. 2020.
[4] safeatlast. Burglars, fires, and break-ins – oh my!(infographic).
Sense [41] extends the input interface to any device surface https://safeatlast.co/blog/burglary-statistics/gref. 2020.
through tap positioning. Thumprint [43], AwareLESS [44], [5] Guixin Ye, Zhanyong Tang, Dingyi Fang, Xiaojiang Chen, et al.
KnockKnocking [45], KeyClick [46] and [47] rely on the Cracking Android Pattern Lock in Five Attempts. ISOC NDSS,
2017.
tap behavior factor for identity authentication. However, [6] et al Malin Eiband, Mohamed Khamis. Understanding Shoulder
behavior-based features can change over time, reducing the Surfing in the Wild: Stories from Users and Observers. ACM CHI,
robustness of the system. Fingerbeat proposes an authenti- 2017.
cation method using passively perceived vibration signals [7] Apple. About Face ID advanced technology, 2018. [Online].
[8] K. Priya, A. N. Khan, and A. Kumari. Iris recognition : A biometric
that is based on the user’s hand structure rather than authentication approach. INROADS- An International Journal of
behavior, providing a more robust solution. Jaipur National University, 7(si):91, 2018.
[9] H. Feng, K. Fawaz, and K. G. Shin. Continuous authentication for
voice assistants. arXiv e-prints, 2017.
6.3 Two-Factor Authentication [10] Qualcomm. Fingerprint Sensors, 2018. [Online].
[11] None. Researchers publish method of hacking fingerprint authen-
Two-factor authentication (2FA) provides an additional tication on smartphones. Biometric Technology Today, 2016(4).
layer of security to protect users’ privacy and assets. Cur- [12] F. Tari, A. A. Ozok, and S. H. Holden. A comparison of per-
rently, some online banking services and websites offer ceived and real shoulder-surfing risks between alphanumeric and
graphical passwords. In Proceedings of the 2nd Symposium on Usable
2FA to enhance account security [48]. However, a study Privacy and Security, SOUPS 2006, Pittsburgh, Pennsylvania, USA,
by [49] found that the adoption rate of 2FA was lower than July 12-14, 2006, 2006.
6.4% among over 100,000 Google accounts. Similarly, [50] [13] Ho Grant, Leung Derek, Mishra Pratyush, Hosseini, et al. Smart
estimated the coverage of 2FA to be between 2% and 5%. locks: Lessons for securing commodity internet of things devices.
pages 461–472, 2016.
This low adoption rate may be due to the complexity of the [14] Ziff Davis. The best smart locks for 2020, 2020. [Online].
2FA process. Compared to single-factor authentication, the [15] Hangcheng Cao, Daibo Liu, Hongbo Jiang, Chao Cai, Tianyue
completion of 2FA takes an additional 20 seconds [51]. Most Zheng, John C. S. Lui, and Jun Luo. Handkey: Knocking-triggered
robust vibration signature for keyless unlocking. IEEE Transactions
users prioritize usability over security [52]. It is also believed
on Mobile Computing, pages 1–15, 2022.
that 2FA is not completely immune to active threats such as [16] Jian Liu, Chen Wang, Yingying Chen, and Nitesh Saxena. Vib-
phishing [53] and Trojan horses during remote login [54]. Write: Towards Finger-input Authentication on Ubiquitous Sur-
Despite these limitations, 2FA is still effective against eaves- faces via Physical Vibration. ACM CCS, pages 73–87, 2017.
[17] Peter Christian Muller and Werner Schiehlen. Linear vibrations:
dropping and offline password attacks, making it more a theoretical treatment of multi-degree-of-freedom vibrating systems,
suitable for local login. EchoPrint [55] implements a secure volume 7. Springer Science & Business Media, 2012.
and convenient 2FA system that uses acoustics and vision. [18] Lydik S Jacobsen. Steady forced vibration as influenced by damp-
However, it can only be used on platforms with speakers, ing: an approximate solution of the steady forced vibration of a
system of one degree of freedom under the influence of various
microphones, and cameras, and is not suitable for door types of damping. Transactions of the American Society of Mechanical
lock scenarios. Fingerbeat, on the other hand, proposes Engineers, 52(2):169–178, 1930.
Authorized licensed use limited to: VTU Consortium. Downloaded on March 27,2024 at 05:54:55 UTC from IEEE Xplore. Restrictions apply.
© 2024 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.See https://www.ieee.org/publications/rights/index.html for more information.
This article has been accepted for publication in IEEE Transactions on Mobile Computing. This is the author's version which has not been fully edited and
content may change prior to final publication. Citation information: DOI 10.1109/TMC.2024.3368331
[19] D. Childers, R. Varga, and N. Perry. Composite signal decomposi- IEEE Transactions on Information Forensics and Security, 18:597–612,
tion. IEEE Transactions on Audio and Electroacoustics, 18(4):471–477, 2022.
1970. [38] Ding Wang and Ping Wang. Two birds with one stone: Two-factor
[20] Jingjie Li, Kassem Fawaz, and Younghyun Kim. Velody: Nonlinear authentication with security beyond conventional bound. IEEE
vibration challenge-response for resilient user authentication. In transactions on dependable and secure computing, 15(4):708–722, 2016.
the 2019 ACM SIGSAC Conference, 2019. [39] Jeff Jianxin Yan, Alan F. Blackwell, Ross J. Anderson and Alasdair
[21] Wenqiang Chen, Lin Chen, Yandao Huang, Xinyu Zhang, Lu Grant. Password memorability and security: Empirical results.
Wang, et al. Taprint: Secure Text Input for Commodity Smart IEEE Security & Privacy, 2(5):25–31, 2004.
Wristbands. ACM MobiCom, pages 17:1–17:16, 2019. [40] Lin Yang, Wei Wang, and Qian Zhang. VibID: User Identification
[22] Donald J. Berndt and James Clifford. Using dynamic time warping through Bio-Vibrometry. ACM/IEEE ISPN, pages 11:1–11:12, 2016.
to find patterns in time series. In Proceedings of the 3rd International
[41] L. Jian, Y. Chen, M. Gruteser, and W. Yan. Vibsense: Sensing
Conference on Knowledge Discovery and Data Mining, AAAIWS’94,
touches on ubiquitous surfaces through vibration. In 2017 14th
page 359–370. AAAI Press, 1994.
Annual IEEE International Conference on Sensing, Communication,
[23] M. G. Vargas, F. E. Hoyos, and J. E. Candelo. Portable and efficient
and Networking (SECON), 2017.
fingerprint authentication system based on a microcontroller. In-
ternational Journal of Electrical and Computer Engineering, 9(4):2346, [42] Yuxin Chen, Zhuolin Yang, Ruben Abbou, Pedro Lopes, Ben Y.
2019. Zhao, and Haitao Zheng. User authentication via electrical muscle
[24] J. Syed. Method and system for one time password based authen- stimulation. CHI ’21, 2021.
tication and integrated remote access. 2008. [43] Sauvik Das, Gierad Laput, Chris Harrison, and Jason I. Hong
[25] Shay Maymon and Alan V Oppenheim. Sinc interpolation of . Thumprint: Socially-Inclusive Local Group Authentication
nonuniform samples. IEEE Transactions on Signal Processing, Through Shared Secret Knocks. ACM CHI, pages 3764–3774, 2017.
59(10):4745–4758, 2011. [44] Hiroyuki Manabe and Masaaki Fukumoto. AwareLESS authen-
[26] Sunwoo Lee, Wonsuk Choi, and Dong Hoon Lee. Usable user tication: insensible input based authentication. ACM CHI, pages
authentication on a smartwatch using vibration. CCS ’21, 2021. 2561–2566, 2007.
[27] Christopher L Farrow, Margaret Shaw, Hyunjeong Kim, Pavol [45] Marisa Lu, Gautam Bose, Austin S. Lee, and Peter Scupelli.
Juhás, and Simon JL Billinge. Nyquist-shannon sampling theorem Knock Knock to Unlock: A Human-centered Novel Authentication
applied to refinements of the atomic pair distribution function. Method for Secure System Fluidity. ACM TEI, pages 729–732, 2017.
Physical Review B, 84(13):134105, 2011. [46] HsiangYu Chen, Jaeyoung Park, Steve Dai and Hong Z. Tan .
[28] A Xfs, Z. A. Yong, B Dwga, and A Xys. Feature selection using Design and Evaluation of Identifiable KeyClick Signals for Mobile
bare-bones particle swarm optimization with mutual information Devices. IEEE Transactions on Haptics, pages 229–241, 2011.
- sciencedirect. Pattern Recognition, 2020. [47] Nan Zheng, Kun Bai, Hai Huang, and Haining Wang. You are
[29] G. Hao, H. Hu, B. Wang, and C. Li. Adaptive bare bones particle how you touch: User verification on smartphones via tapping
swarm optimization for feature selection. In Control Decision behaviors. In 2014 IEEE 22nd International Conference on Network
Conference, 2016. Protocols, 2014.
[30] Rehan Akbani, Stephen Kwek, and Nathalie Japkowicz. Applying [48] Two factor auth (2fa) – list of websites and whether or not they
support vector machines to imbalanced datasets. In Machine support 2fa. https://twofactorauth.org/.
Learning: ECML 2004, 15th European Conference on Machine Learning, [49] Thanasis Petsas, Giorgos Tsirantonakis, Elias Athanasopoulos, and
Pisa, Italy, September 20-24, 2004, Proceedings, 2004. Sotiris Ioannidis. Two-factor authentication: Is the world ready?
[31] V. Ganganwar. An overview of classification algorithms for imbal- quantifying 2fa adoption. In the Eighth European Workshop, 2015.
anced datasets. 2012. [50] Paul Moore. Does two factor authentication actually weaken secu-
[32] Le Wang, Meng Han, Xiaojuan Li, and Haodong Cheng. Review rity? https://ramblingrant.co.uk/does-two-factor-authentication-
of classification methods on unbalanced data sets. IEEE Access, actually-weaken-security/.
2021.
[51] Nancie, Gunson, , , Diarmid, Marshall, , , Hazel, Morton, , , and
[33] Xiangyu Xu, Jiadi Yu, Yingying Chen, Qin Hua, et al. Touch-
Mervyn. User perceptions of security and usability of single-factor
Pass: towards behavior-irrelevant on-touch user authentication on
and two-factor authentication in automated telephone banking.
smartphones leveraging vibrations. ACM MobiCom, pages 24:1–
Computers Security, 2011.
24:13, 2020.
[34] Ding Wang, Qianchen Gu, Xinyi Huang, and Ping Wang. Un- [52] Catherine S. Weir, Gary Douglas, Tim Richardson, and Mervyn A.
derstanding human-chosen pins: characteristics, distribution and Jack. Usable security: User preferences for authentication methods
security. In Proceedings of the 2017 ACM on Asia Conference on in ebanking and the effects of experience. Interact. Comput.
Computer and Communications Security, pages 372–385, 2017. [53] Rachna Dhamija, J. D. Tygar, and Marti Hearst. Why phishing
[35] Huadi Zhu, Mingyan Xiao, Demoria Sherman, and et al. Sound- works. In Proceedings of the SIGCHI Conference on Human Factors in
lock: A novel user authentication scheme for vr devices using Computing Systems, page 581–590, 2006.
auditory-pupillary response. In NDSS, 2023. [54] Bruce Schneier. Two-factor authentication: Too little, too late.
[36] Yi C Feng and Pong C Yuen. Binary discriminant analysis for Communications of the Acm, 48(4):136, 2005.
generating binary face template. IEEE Transactions on Information [55] Bing Zhou, Jay Lohokare, Ruipeng Gao, and Fan Ye. Echoprint:
Forensics and Security, 7(2):613–624, 2011. Two-factor authentication using acoustics and vision on smart-
[37] Qingxuan Wang and Ding Wang. Understanding failures in phones. In the 24th Annual International Conference, page 321–336,
security proofs of multi-factor authentication for mobile devices. 2018.
Authorized licensed use limited to: VTU Consortium. Downloaded on March 27,2024 at 05:54:55 UTC from IEEE Xplore. Restrictions apply.
© 2024 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.See https://www.ieee.org/publications/rights/index.html for more information.