This article has been accepted for publication in IEEE Transactions on Mobile Computing.

This is the author's version which has not been fully edited and
content may change prior to final publication. Citation information: DOI 10.1109/TMC.2024.3368331

IEEE TRANSACTIONS ON MOBILE COMPUTING, VOL. X, NO. X, 2023 1

Two-Factor Authentication for Keyless Entry

System via Finger-Induced Vibrations
Hongbo Jiang, Senior Member, IEEE, Panyi Ji, Student Member, IEEE, Taiyuan Zhang, Student
Member, IEEE, Hangcheng Cao, and Daibo Liu, Member, IEEE

Abstract—Keyless entry systems (KES) have become popular due to their high user-friendliness, while fingerprint and digital password
authentication are two of the most widely used unlocking ways. However, current KES are vulnerable to security threats, such as
fingerprint films that deceive fingerprint sensors and stolen passcodes. To address these issues, this paper presents Fingerbeat, a
two-factor authentication system to defend the security risks of the current widely deployed KES devices. Fingerbeat combines original
credentials, such as fingerprint or passcode, with unique and persistent finger-induced vibrations (FIV) to create a two-factor secure
authentication model, without compromising any user-friendliness. Fingerbeat leverages the fact that each person’s finger structure is
distinct and can be represented in distinct vibration patterns. During authentication, FIV are triggered and embodied in the mechanical
vibration of force-bearing body (i.e., KES panel), which can be captured by a low-cost accelerometer. We developed a proof-of-concept
prototype of Fingerbeat, which can extract FIV features from mixed vibration recordings, eliminate the impacts of variable behavior and
external disturbance, and model user identity. We implement a Fingerbeat prototype and use extensive evaluation to demonstrate its
security and effectiveness.

Index Terms—Keyless entry system, Two-factor authentication, Finger-induced vibration biometrics

1 I NTRODUCTION Allow Access Deny To Access

Keyless entry systems (KES), particularly those utilizing

fingerprint biometrics and self-created passcodes, have be-
come widely popular due to their user-friendliness and Or
Original igi
are commonly used in residential and office environments. na V
l FI
According to recent Global Smart Door Lock Market Reports
Attack Attack
[1], KES market size value was USD 6.7 Billion in 2022 and is
forecasted to reach USD 22.8 Billion by 2028. However, the Original Credential KES FingerBeat-based KES

Federal Bureau of Investigation (FBI) [2] recently reported

that annually, over 2.5 million illegal intrusions occur in
private residences, with 34% being attributed to the leakage
of biometric data and passcodes. This leads to over 260,000
personal injuries and an average direct economic loss of
$2700 per family [3], [4]. The report highlights that finger-
print films can easily trick fingerprint sensors and passcodes
can be stolen through shoulder surfing and hidden cameras
[5], [6], presenting a serious threat to personal and property
safety. Thus, it is imperative to upgrade the existing unlock-
ing mechanisms to address these intrinsic vulnerabilities.
To ensure the security of KES, the use of advanced
biometrics-based technologies, such as FaceID [7], iris recog-
nition [8], voice recognition [9], and ultrasonic fingerprint
scanners [10], has been considered. However, these bio-
metric modalities face several limitations that limit their
ability to meet both security and user-friendliness require-
ments. The collection of explicit user biometrics, such as
fingerprints, facial and voice features, is still vulnerable to
information leaks and counterfeiting [11], [12]. Additionally,
the requirement for specialized high-end sensors can signif-
icantly increase hardware costs and reduce the feasibility of
wide deployment. Furthermore, these technologies require
the collection of visible and tangible user biometrics, expos-
ing sensitive sensors to potential destruction by adversaries
Fig. 1: An illustration of utilizing Fingerbeat to defense at-
tacks with fake fingerprints or shoulder surfing. An attacker
may use fake fingerprints or shoulder surfing to bypass
default authenticating scheme, e.g., fingerprint or passcode,
but it is difficult to fool the other factor, namely Fingerbeat,
which identies the FIV released from finger-KES interaction.
and further compromising the security of KES users. An
ideal biometric credential for KES systems, as per market
analysis [13], [14], should have a balance of security and
user-friendly authentication process. Despite advancements
in technology, there is still a significant gap between the cur-
rent available options and the desired biometric credential
that meets both security and user-friendliness requirements.
Under this context, we explore methods to improve the
unlocking security of the widely deployed KES, which use
fingerprint or code-based credentials, without sacrificing
any user-friendliness. To achieve this, we introduce Finger-
beat, a two-factor authentication model for both fingerprint
and code-based KES. This model enhances the security of
the commonly used unlocking credentials (i.e., fingerprint
and passcode) by binding them with the unique physical
biometrics characteristics of the user. The fundamental idea

Authorized licensed use limited to: VTU Consortium. Downloaded on March 27,2024 at 05:54:55 UTC from IEEE Xplore. Restrictions apply.
© 2024 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.See https://www.ieee.org/publications/rights/index.html for more information.
 This article has been accepted for publication in IEEE Transactions on Mobile Computing. This is the author's version which has not been fully edited and
content may change prior to final publication. Citation information: DOI 10.1109/TMC.2024.3368331
IEEE TRANSACTIONS ON MOBILE COMPUTING, VOL. X, NO. X, 2023
behind Fingerbeat is that the physical structure of each
vibration
finger is unique and constant. When unlocking the x(t)
KES,
response
the operating finger releases distinctive and sealed vibra-
f(t) (FIV) patterns,
tion, referred to as finger-induced mvibration
during the act of finger-KES interaction, such as fingerprint
C
scanning or code inputting. These inherent K
FIV patterns
be detected by an inbuilt low-cost accelerometer sensor, and
Fingerbeat then combines these patterns with the original
credentials to achieve two-factor authentication.
However, turning this concept into a practical system
presents multiple challenges. First, the interaction between
the finger and the KES device during fingerprint scanning or
password inputting can produce a complex series of mixed
vibrations that are influenced by the finger structure, KES,
and external interference factors. Uncovering the intrinsic
features that accurately characterize the uniqueness and
persistence of the finger structure is a critical and difficult
task. Additionally, eliminating the impact of external inter-
ference, e.g., inconsistent interaction behavior and location,
on the extraction of FIV signals is another challenge. Unlike
active vibrations, FIV signals are passive and unmodulated,
composed of a variety of frequencies that are mixed in the
vibration recordings, making pattern matching much more
challenging. Finally, to ensure high accessibility and user
acceptance, it is important to provide users with freedom
while unlocking the KES systems. In situations where user
behaviors are difficult to control precisely, it is critical to
determine how to select features closely resembling FIV.
To overcome these challenges in the practical implemen-
tation of Fingerbeat, we first denoise the vibration caused
by external activities and identify the FIV signals leveraging
the differentiated traits in both time and frequency domain.
Then we investigate the FIV property through a theoretical
model by considering the generation and propagation of vi-
bration signals. We propose a fine-grained feature extraction
mechanism to enhance the uniqueness of vibration features
by studying the factors affecting the FIV-based user identity
through a mass of vibration-related features and effectively
distill a set of critical features that are highly relevant to
the user identify and insensitive to interaction behavior.
This process enhaces Fingerbeat to achieve robust FIV ex-
traction and eliminate the impact of subtle changes in user
behaviors. Based on the critical feature vector, Fingerbeat
generates a FIV-based user model, then it combines with
the original credentials to achieve two-factor user authenti-
cation.
We have designed a proof-of-concept prototype of Fin-
gerbeat to emulate a commercial KES device. The Finger-
beat prototype consists of a fingerprint scanner, a touch-
based password entry panel, a processing unit, and a vibra-
tion collector module. We conduct extensive experiments
to evaluate the performance of Fingerbeat by recruiting
15 volunteers. The results of our experiments indicate that
Fingerbeat’s True Positive Pate (TPR) and False Positive Pate
(FPR) are 93.31% and 3.06% respectively for single-vibration
authentication, and 99.97% and 0.1% for multi-vibration
authentication. In a nutshell, our main contributions are
summarized as follows:
• We propose Fingerbeat, a two-factor authentication
model for widely used KES, delivering a secure, seam-
less user experience at a low cost.
Authorized licensed use limited to: VTU Consortium. Downloaded on March 27,2024 at 05:54:55 UTC from IEEE Xplore. Restrictions apply.
© 2024 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.See https://www.ieee.org/publications/rights/index.html for more information.
2
vibration
response x(t)
f(t)
m
can C K
(a) Finger-KES interaction (b) Vibration model
Fig. 2: Finger-KES interaction and vibration model.
• We analyze the mechanism of finger-induced vibration
and demonstrate the feasibility of FIV-based user iden-
tification.
• We have successfully implemented the Fingerbeat pro-
totype and conducted comprehensive experiments to
evaluate its effectiveness. The results are encouraging,
demonstrating that our method can attain the best
performance with a FPR of 0.1% and a TPR of 99.97%.
2 P RELIMINARIES AND T HREAT M ODELS
In this section, we present the vibration model, FIV, of
finger-KES interaction and explore the feasibility study on
using FIV patterns to enhance the unlocking mechanism for
KES. Afterwards, we introduce potential threat model.
2.1 FIV Model
Principle Behind. When a finger operates on the interactive
interface of KES panel, e.g., fingerprint scanner or numeric
keypad as illustrated in Fig. 2(a), the force-bearing area,
namely the contact position of finger-KES interaction, is
deformed and thus generates vibration waves. Note that
vibration generation and propagation depend on structure
properties such as spring constant and damper coefficient
of both the operating finger and KES’s sensing field, which
jointly form an oscillator. Therefore, given the same oper-
ating finger and interactive interface, the finger-KES inter-
action between them could produce user-specific vibration
signatures [15].
Theoretical FIV Model. To describe the finger-KES interac-
tion stage, we adopt a mass-spring-damper model [16]–[18]
as shown in Fig 2(b). The finger-KES oscillator can be char-
acterized using its mass m, spring constant k , and damper
coefficient c, which are affected by the structure of the finger
and KES. The operating force f (t) exerted by the finger
tapping on the KES body is a complex and time-varying
force. It excites the vibration response x(t). By performing
a quadrature decomposition of the signal, it can be shown
that any continuous time signals can be represented as the
accumulation of a series of sinusoidal/cosine functions of
different frequencies [19]. Thus, f (t) can be viewed as a
superposition of a series of sinusoidal forces. Suppose that
f (t) contains n frequency components and the frequency set
is ω = {ω1 , ω2 , . . . , ωn }. The formula can be expressed as:
n
X
f (t) = Fi sin ωi t. (1)
i=1
 This article has been accepted for publication in IEEE Transactions on Mobile Computing. This is the author's version which has not been fully edited and
content may change prior to final publication. Citation information: DOI 10.1109/TMC.2024.3368331

IEEE TRANSACTIONS ON MOBILE COMPUTING, VOL. X, NO. X, 2023 3

The vibration response caused by f (t) is formed by the U1(D1) 1

0.06 U1(D2)
Case1
interaction of vibration responses caused by the the de- U2(D1) 0.8 Case2
U2(D2)

Amplitude
composed sinusoidal forces. Therefore, we can infer the 0.6 (7,0.8)

CDF
0.04
influence factors of FIV from the vibration response caused 0.4
by sinusoidal signals. In the spring-mass-damper model, the 0.02
0.2
vibration response generated by the sinusoidal excitation (7,0.21)
0 0
can be expressed as: 0 50 100 150 200 250 0 5 10 15
Frequency(Hz) Distance
2
d xi (t) dxi (t)
m +c + kxi (t) = Fi sin ωi (t). (2) (a) ASD of FIV (b) FIV uniqueness
dt2 dt
The equation is transformed into:
Fig. 3: Empirical results on the uniqueness of FIV measured
d2 xi (t) dxi (t) Fi with amplitude spectrum density (ASD) and Euclidean dis-
+ 2ξwn + wn2 x(t) = sin ωi t. (3)
dt2 dt m tance.
k
where wn2 = m , ξ = √c . The solution of this equation is
2 mk
as follows:
2.2 Feasibility Analysis
xi (t)
In this section, we conduct a feasibility study to corroborate
 
ξwn sin ψ − ωi cos ψ
= X0 e−ξwn t sin ωd t + sin ψ cos ωd t the theoretical analysis presented in the previous section.
ωd
 v0  and explore the feasibility of using FIV-based implicit bio-
−ξwn t
+e xi cos ωd t + sin ωd t metrics for user identification.
u
+ X0 sin (ωi t − ψ) . Experimental setup. We designed a prototype of KES that
(4) integrates with a fingerprint scanner, touch-based password
where ψ = arctan 1−λ 2ξλ
2 , X 0 = √ Fi /k
, and λ = entry panel, processing unit, and a vibration collector mod-
2 2 2
(1−λ ) +(2ξλ)
ωi ule, to evaluate the feasibility studies and the performance
wn . of Fingerbeat in Sec. 4. The FIV signals is acquired by
According to the expression, we can find that the vi- a builtin accelerometer sensor in model AKF392-T-68. We
bration wave generation (i.e., vertical displacement xi (t)) is instructed 15 volunteers to operate the KES. Without loss of
affected by m, c, k , Fi and ωi . From this result, we infer generality, we select the collected FIV signals of two random
that x(t) is affected by three factors. (1)The m, c and k volunteers (denoted as S1 and S2 ) to represent the analysis
parameters of the finger-KES oscillator, depending on the results. The detail experimental results of all volunteers are
structure of the finger and KES; (2)The amplitude of each given in Sec. 4. We use Euclidean distance to denote the
sinusoidal component, F = {F1 , F2 , . . . , Fn }, is related to dissimilarity of two vectors, which can be calculated by
tapping force; (3)The frequency composition ω of f (t). Due Dynamic Time Warping (DTW) [22]. The Euclidean distance
to the differences in bone structure, muscle, and size among is 0 if two vectors are the same; the greater the difference
fingers/users, the structure of each finger-KES oscillator and between the two vectors, the larger the distance.
the pattern of forces exerted by the fingers are unique. More
Uniqueness. For each finger-KES interaction, i.e., finger-
importantly, the finger is a nonlinear response medium due
print scanning or passcode entry, the frequency distribu-
to its complex physiological structure [20], which means that
tions and harmonics of the produced FIV are dependent
the frequency composition of the vibration response x(t)
on the internal composition of vibrating source. Such traits
cannot be predicted.
can be characterized by the amplitude spectrum density
After the vibration signal x(t) is generated in the force-
(ASD) of the FIV signals. Therefore, we can use the fea-
bearing area, it will spread outward through the finger-device
ture of ASD profiles to distinguish FIV signals generated
oscillator, which finally can be sensed by the accelerom-
from different fingers. To verify the uniqueness of FIV, we
eter installed in the KES, as shown in Fig. 2(b). During
instruct two volunteers to repeatedly operate the KES on
this process, vibration amplitude continuously attenuates,
the same position with an identical finger for more than
which is characterized by the following vibration attenua-
10 times. Fig. 3(a) shows the ASD of collected FIV signals,
tion model [21]:
which indicates the ASD of FIV signals generated from the
y(t) = x(t)e−αd , (5)
same finger are with similar outline, and the ASD of FIV
where y(t) is the propagation vibration signal at the ac- from different fingers are significantly different. Fig. 3(b)
celerometer, α is the attenuation coefficient related to the shows the cumulative distribution function (CDF) of the
propagation medium, and d is the propagation distance Euclidean distance between the FIV signals from the same
between the press point and accelerometer. Note that dif- finger (Case1) and the Euclidean distance between differ-
ferent device materials and press points can lead to distinct ent fingers (Case2). The distance between FIV signals of
values of the coefficient α and d, which in turn affect the the same finger is significantly smaller than the distance
attenuation of x(t) during propagating. between FIV signals generated from different fingers. More
According to the above theoretical model, the captured than 79% of the distances in Case1 are less than 7, while
FIV feature is mainly composed of the relevant parameters more than 80% of the distances in Case2 are larger than 7,
m, k and c of the finger-KES oscillator, the tapping force which sheds light on the feasibility of exploiting FIV signal
related to the structure of finger, and the parameters α and for finger identification. Moreover, there is an overlapping
d affected by different tapping locations. area between Case1 and Case2, which means that we cannot

Authorized licensed use limited to: VTU Consortium. Downloaded on March 27,2024 at 05:54:55 UTC from IEEE Xplore. Restrictions apply.
© 2024 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.See https://www.ieee.org/publications/rights/index.html for more information.
 This article has been accepted for publication in IEEE Transactions on Mobile Computing. This is the author's version which has not been fully edited and
content may change prior to final publication. Citation information: DOI 10.1109/TMC.2024.3368331
IEEE TRANSACTIONS ON MOBILE COMPUTING, VOL. X, NO. X, 2023
1 1
FF
Case3
FS
0.8 Case4
FT 0.8
Case5
0.6 0.6
CDF
CDF
0.4 0.4
0.2 0.2
0 0
0 4
4 6 8 10 12
Distance Distance
(a) Time persistence (b) Impact of force
Fig. 4: Exploring the impact of inconsistent interaction behaviors and position on FIV, (a) distance between FIV signals
under different time; (b) distance between FIV signals under different forces; (c) ASD of FIV signals at two differennt
positions; and (d) ASD of FIV signals at the same position.
directly leverage raw FIV signals to fully distinguish users.
Therefore, we need to further extract fine-grained features
to amplify the differences across fingers (users).
Time persistence. To verify the time persistence of FIV
signals, we recruited volunteers to use the same finger
operating on the same position of KES panel 10 times every
other month. By using the 10 samples collected in the first
month as the benchmark, we calculate the distance in the
following two cases: only among the benchmark samples;
between benchmark samples and other ones collected at
different times. For simplicity, we use “FF”, “FS”, “FT” to
respectively denote the distance between the samples of the
first month, between the samples of the first and the second
months, and between the samples of the first and the third
months. As shown in Fig. 4(a), the results show that for the
same finger, the FIV signals collected from different time
are very similar, which indicates the implicit biometrics of
finger in form of FIV signals is with good time persistence
and also verifies that the parameter m, k and c in the mass-
spring-damper model are constant.
Impact of inconsistent interaction behavior and position.
To evaluate the impact of inconsistent interaction behaviors
and positions on FIV-based user identification, we first ask
two volunteers to tap the same position on entry panel for
10 times with gentle forces and heavy forces, respectively.
We calculate the distance between the samples of the same
finger with the same force (Case3), the distance between
the samples of the same user with different force (Case4),
and the distance between the samples of different users
with the same force (Case5), respectively, and plot them in
Fig. 4(b). As shown, the average distance of the same user
with the same force is smallest and the distance of samples
generated with different forces is significantly larger, which
demonstrates the interaction force has an impact on the
generated FIV signals. Then, we let volunteer S1 tap on
different positions of the entry panel and plot the distance
in Fig. 4(c). As shown, due to the impact of parameter d
in Eqn. 5 on signal propagation, the FIV signals generated
from different locations are distinguishing. However, when
we tap the fingerprint scanner or a number, the position
change is weak. Fig. 4(d) shows the spectrum of the same
user tapping the same number twice. It can be seen that the
effect of slight changes in position on FIV is not obvious.
Therefore, in the security-code KES, we train the classifica-
tion model for each number to eliminate the influence of the
Authorized licensed use limited to: VTU Consortium. Downloaded on March 27,2024 at 05:54:55 UTC from IEEE Xplore. Restrictions apply.
© 2024 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.See https://www.ieee.org/publications/rights/index.html for more information.
4
0.03 0.03
Position1 Time1
Time2
Position2
Amplitude
Amplitude
0.02 0.02
0.01 0.01
0 0
8 12 0 50 100 150 200 250 0 50 100 150 200 250
Frequency(Hz) Frequency(Hz)
(c) Different position (d) The same position
tap position.
Summaries and insights. In summary, The FIV contains
the user’s unique finger structure information and changes
little over time, has the potential to be used as a credential
for identity authentication. Although different interaction
forces and inconsistent operating positions have an impact
on FIV signals, we can still find partial signal components
that is less affected and highly relevant to the finger identity,
such as the interval with a large correlation in the frequency
domain sequence, statistical features such as frequency of
peak, smoothness, etc. Moreover, we use the method intro-
duced in Sec. 3.3 to extract features and use some intelligent
algorithms to try to eliminate the impact of different forces
on FIV authentication.
2.3 Threat Model
Assuming that an attacker attempting to gain illegal access
to a victim’s private space by spoofing the Fingerbeat sys-
tem, there are four potential types of attacks that can be
carried out on both fingerprint-based and passcode-based
KES.
Blind attack. An attacker does not have any prior knowl-
edge of the user’s fingerprint, password, or FIV information.
In the case of a fingerprint-based KES, an attacker tries
unlocking the system with different fingers. In the case of
security-code KES, the attacker repeatedly inputs different
patterns of six-digit passcodes.
Premeditated attack. An attacker has premeditated to ob-
tain the user’s fingerprint or security code. However, he/she
does not have any information on the victim’s FIV signals.
On the premise of successfully passing the fingerprint or
password authentication, an attacker randomly presses the
fingerprint scanner or password interactive panel. At the
same time, the operation will generate an FIV signal to
emulate a legitimate user and try to trick the Fingerbeat
system.
Deliberate attack. An attacker not only successfully obtains
the victim’s fingerprint or security code, but also deliber-
ately eavesdrops on the victim’s FIV signal through an ac-
celerometer sensor deployed 50cm away from the door lock.
However, in practice, the eavesdropping device must be
placed in a more inconspicuous location to avoid detection.
The technical difficulty of reproducing the signal and the
asynchronous problem of two-factor authentication during
the attack are ignored.
 This article has been accepted for publication in IEEE Transactions on Mobile Computing. This is the author's version which has not been fully edited and
content may change prior to final publication. Citation information: DOI 10.1109/TMC.2024.3368331
IEEE TRANSACTIONS ON MOBILE COMPUTING, VOL. X, NO. X, 2023
Fingerprint/Password Original Certification Module
+Vibration Signal
||
Preprocessing
Segment
Signal Collection and Detection
Signal Processing
and FIV Detection
Fig. 5: System overview of Fingerbeat, consisting of Origial Certification module, Signal Processing and FIV Detection model,
FIV-based User Identification module, and Two-Factor Authentication Model.
Flood attack. Attacker has ample time and patience to con-
tinuously execute the premeditated attack until the desired
outcome is achieved.
3 S YSTEM D ESIGN
In this section, we first present the system overview of
Fingerbeat and then introduce the technical details of each
component.
3.1 System Overview
Fig. 5 illustrates the system overview of Fingerbeat. The col-
lected fingerprint/password and FIV signals are processed
in separate modules. The fingerprint/password signals are
sent to the Original Certification module for one factor au-
thentication, while the FIV signals are first sent to the Signal
Processing and FIV Detection module (detailed in Sec. 3.2)
where the FIV signals is extracted after preprocessing. The
FIV-based User Profile module (see Sec. 3.3) extracts the criti-
cal features from FIV signals, which are then used to classify
the user identity, i.e., the other factor authentication. Finally,
the results of both fingerprint/password authentication and
FIV-based authentication are combined in the Two-Factor
Authentication Model (see Sec. 3.4) to jointly determine the
user’s identity. The Original Certification Module is imple-
mented using existing technologies [23] [24], and we briefly
describe it in this paper.
3.2 Signal Processing and FIV Detection
3.2.1 Preprocessing
We first conduct signal preprocessing to normalize the cap-
tured FIV signals.
Unification of sampling rate. The sampling rates of ac-
celerometers of different equipment are not uniform, which
is difficult to carry out a unified time-frequency analysis.
Therefore, we first use sinc interpolation to unify the sam-
pling rate to 1000Hz [25].
Denoising. External vibration signals generated by hu-
man activities such as walking, going up/down stairs, and
running vehicles can affect the user authentication, which
need to be denoised. Most of the noise generated by hu-
man behaviors and running vehicles is concentrated within
15Hz, however the information of FIV is concentrated above
15Hz, so we use Butterworth high-pass filter with cut-off
Authorized licensed use limited to: VTU Consortium. Downloaded on March 27,2024 at 05:54:55 UTC from IEEE Xplore. Restrictions apply.
© 2024 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.See https://www.ieee.org/publications/rights/index.html for more information.
5
123456
Feature Extraction Mathch? & Match?
Feature Selection
FIV-based Authentication
Finger Profile Result
FIV-based Two-Factor
User Profile Authentication Model
frequency of 15Hz to eliminate the interference of human
motion.
Normalization. Accordig to the theoretical FIV model, it
is difficult to ensure that the user’s operating behaviors,
such as tapping force ft=0 , always keep identical. Therefore,
we use a lightweight normalization method to solve these
problems. Specifically, the mean and variance of FIV signal
in the time domain are normalized to 0 and 1, respectively.
3.2.2 Segmentation and Detection.
To detect the finger operation event from the acceleration
signal, we further conduct two rounds of segmentation.
Firstly, we cut out the vibration events in coarse granularity
based on the energy threshold (ET). Secondly, we use the
finger operation event detection method presented below to
screen out the real FIV signal.
Event Segmentation. Fingerbeat first used a sliding win-
dow algorithm based on adaptive energy thresholds to
segment the vibration events from the acceleration signal.
For more accurate segmentation, the ET should be related
to the noise level. Assuming that the noise conforms to the
Gaussian distribution, the mean and standard deviation of
the noise energy are calculated in the non-vibration period.
The sliding window is used to calculate the energy of the
acceleration signal and compare it with ET to determine the
position of the cutting point.
FIV Detection. The signals obtained by the above steps are
segmented into various events, including those generated
by door-related actions such as knocking, ringing, opening,
etc. Thus, we need a method to determine whether it is a FIV
event. Fig. 6 shows the time-domain and frequency-domain
diagrams of these signals. By closely examining both the
time and frequency traits, it is possible to differentiate the
signals. Our analysis reveals that the duration of FIV sig-
nals is between 0.4-0.6 seconds and distinct from the other
signals. The frequency spectrum of FIV signals displays
distinct symmetry and trailing patterns when compared to
the other three ones. To accurately identify FIV signals, the
time-domain signal duration, as well as the skewness and
kurtosis in the frequency domain, have been selected as
relevant features.
3.3 FIV-based User Profile
We have verified that tapping devices by different users will
produce FIV signal unique to users in Sec. 2.1. Next, we
analyze the critical features that can be used to identify user.
 This article has been accepted for publication in IEEE Transactions on Mobile Computing. This is the author's version which has not been fully edited and
content may change prior to final publication. Citation information: DOI 10.1109/TMC.2024.3368331

IEEE TRANSACTIONS ON MOBILE COMPUTING, VOL. X, NO. X, 2023 6

0.0 0.02 0.5

0.45s 0.2 0.15s 0.01 2.7s 1.5S

Amplitude

Amplitude
Amplitude
Amplitude
-0.5 0.0 0.00 0.0

-0.2 -0.01

-1.0 -0.4 -0.02 -0.5

0 0.5 1 1.5 0 1 2 0 2 4 0 1 2 3
Time(s) Time(s) Time(s) Time(s)

(a) Finger-KES interaction (b) Knocking door (c) Doorbell ringing (d) Opening door
0.01 0.02 0.01
0.01

Amplitude

Amplitude
Amplitude
Amplitude

0.01

0 0 0 0
0 100 200 300 0 100 200 300 0 100 200 300 0 100 200 300
Frequency(Hz) Frequency(Hz) Frequency(Hz) Frequency(Hz)

(e) Finger-KES interaction (f) Knocking door (g) Doorbell ringing (h) Opening door
Fig. 6: Vibration signals generated from different daily activities in both time and frequency domains: (a)-(e) finger-KES
interaction, (b)-(f) knocking the door, (c)-(g) doorbell ringing, and (d)-(h) opening the door, where subfigures (a-d) show
the vibration signal in time domain, and (e-h) show their spectrogram respectively.

3.3.1 Feature Extraction search ability of the improved particle swarm optimiza-
According to empirical studies, the features of FIV signals in tion(BBPSO) [29] and the local search ability of the filtering
both time and frequency domain contain the characteristics method. In BBPSO algorithm, each particle contains a vari-
of users. Hence, we can extract some overall statistical able number of features, which is the candidate solution of
features of two domain signals. the optimization problem. A particle updates its position in
Statistical features. Through the study of signal process- the following ways:
ing, statistical features can be used to represent multiple

N (µij , |δij |) , r < prob
attributes of the FIV signal [26]. Therefore, we use the xt+1
ij = t
P bij ,
(6)
otherwise
LibXtract tool to capture scalar statistical features for each
FIV signal in the time and frequency domain. where xt+1ij = 1 indicates that j
th
feature is selected into ith
th
Amplitude spectral density (ASD). We perform Fast feature subset in the (t + 1) interaction; otherwise, it is not
Fourier Transform (FFT) on FIV signals to obtain the corre- selected. N (µij , |δij |) is Gaussian distribution, where
µij is
sponding amplitude spectral density. As mentioned above, mean, which is calculated by µij = 0.5 P btij + Gbtj ; |δij | is
we fix the sampling rate of accelerometer at 1000Hz. Ac- variance, which is calculated by |δij | = P btij − Gbtj + ∆,
cording to Nyquist Sampling Theorem [27], the value range where ∆ = r3 × P btmj − P btnj × exp (f (Gbt ) − f (Xit )),
of amplitude spectral density is between 0 and 500Hz. r3 is random value between 0 and 1, P bi and Gb present
Therefore, by taking the amplitude at each frequency as the personal and global leaders respectively. The local search al-
feature, we can get a fixed length feature vector. gorithm uses mutual information to calculate the similarity
Through Sec 2.1, we can know that since the FIV signal between features and the correlation between features and
is tightly sealed in fingertip’s physical structure and is tags, so as to improve the local search ability.
only activated by the finger-KES interaction, how to extract The feature set obtained by F S method deletes the fea-
features highly related to user identity from the signal mixed tures sensitive to tapping position, equipment, and similar
in mechanical vibrations is needed. Here, we choose the features, and retains the features that effectively represent
statistical features and amplitude spectral density(ASD) as the uniqueness of fingers/users, which further ensures the
the basic features, and filter out some key traits. reliability of authentication and reduces data redundancy.

3.3.2 Feature Selection 3.3.3 FIV-based Finger Profile

However, not all features are conducive to correct classifica-
tion. For example, Fingerbeat should eliminate the features
that are sensitive to user behavior and environment. We first
calculate the basic features of all FIV signals, and put them
into the particle swarm optimization algorithm for training,
where the label is the user. Therefore, the feature selection
problem is to select a feature subset X , which contains n
features, so that the accuracy of user classification is the
highest.
In order to solve this optimization problem, we borrow
the MIBBPSO algorithm [28], which combines the global
Fingerbeat adopts binary classification model for identity
decision. The Fingerbeat stores the collected FIV signals
(labeled as an invalid class) of illegal users in the database.
In the registration phase, the FIV signals generated by
legal user is labeled as a valid class, which together with
the invalid class data constitutes training data. Then, this
data is used to train a binary classification model for the
user. In the finger identification phase, the generated FIV
signal is fed into the model for classification, and then the
user identity is determined according to the classification
result. The training data is composed of the data of one

Authorized licensed use limited to: VTU Consortium. Downloaded on March 27,2024 at 05:54:55 UTC from IEEE Xplore. Restrictions apply.
© 2024 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.See https://www.ieee.org/publications/rights/index.html for more information.
 This article has been accepted for publication in IEEE Transactions on Mobile Computing. This is the author's version which has not been fully edited and
content may change prior to final publication. Citation information: DOI 10.1109/TMC.2024.3368331
IEEE TRANSACTIONS ON MOBILE COMPUTING, VOL. X, NO. X, 2023
Fig. 7: Experiment settings.
legal user and the data of multiple illegal users, is not
balanced. Compared with other classifiers, Support Vector
Machine(SVM) have been proven to have better processing
performance on unbalanced data sets( [30], [31]). Therefore,
Fingerbeat chooses SVM as the classifier. Hyperparameters
such as the kernel function and kernel scale of the SVM are
adjusted to optimize the performance of the SVM.
3.4 Two-Factor Authentication Model
3.4.1 Two-factor authentication logic
Fingerbeat includes fingerprint/password (the first factor)
authentication and FIV-based vibration (the second factor)
authentication. If both authentication results are successful,
the user passes the authentication. Otherwise, the user is
denied to access. Fingerbeat can be deployed on fingerprint-
based KES and security-code KES, but the second authen-
tication strategies of the two locks are different. The for-
mer is single vibration authentication while the latter is
multi-vibration authentication. Multi-vibration authentica-
tion consists of six FIV-based authentications. In order to
take into account both security and convenience of KES, we
stipulate that if three or more of the six results pass, it is
deemed to have passed the multi-vibration authentication.
3.4.2 Deadlock Mechanism
Fingerbeat introduces a deadlock mechanism to project
against Flood Attack(mentioned in Sec. 2.3. When the sys-
tem falls into a deadlock state, it will block external authen-
tication requests. The condition for triggering the deadlock
mechanism is that five consecutive authentication failures
are caused by successful fingerprint/password authenti-
cation but failure of vibration authentication. This trigger
condition can improve the security of Fingerbeat. Attackers
can easily pass fingerprint authentication using fingerprint
film. Numerous attacks may cheat vibration authentication,
but the probability of success within three times can be
negligible due to lacking practicality. Moreover, The trig-
ger condition prevents the inconvenience of overprotection.
Some non-threatening behaviors (such as children’s pranks,
Blind Attack) cannot be authenticated by fingerprint. There-
fore, the deadlock mechanism will never be triggered in this
case. A legitimate can use a physical key or an electronic
key(installed on mobile phone) to unlock the deadlock state.
Authorized licensed use limited to: VTU Consortium. Downloaded on March 27,2024 at 05:54:55 UTC from IEEE Xplore. Restrictions apply.
© 2024 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.See https://www.ieee.org/publications/rights/index.html for more information.
7
4 E VALUATION
4.1 Experimental Setup
We have developed a prototype of the KES system that
incorporates a fingerprint scanner, a touch-based password
entry panel, a processing unit, and a vibration collector
module. The purpose of this prototype is to evaluate the
performance of Fingerbeat. The FIV signals are captured
using a built-in accelerometer (AKF392-T-68) as shown in
Fig. 7. The algorithm for the system has been implemented
using Matlab R2020a. In addition, we calculate the average
time cost of conducting one thousand authentications is 0.54
seconds and the CPU ratio is only 0.7%.
During the experiment, a total of 15 volunteers (6 males
and 9 females) aged from 22 to 48, participated in the
data collection process. Before starting the experiment, the
volunteers were informed about the purpose and nature
of the experiment and were asked for their consent. The
participants used their dominant hand’s index finger to
collect the data. They were not instructed to apply specific
forces or angles, but were asked to maintain an interval
of more than 0.6 seconds between recordings. The data
collection process took place over a period of three months.
In each experiment, 70% of the collected data was used as
the training set, and the remaining 30% was used as the test
set.
4.2 Evaluation Metrics
The binary classification system has four possible outcomes:
True Positive (TP), where positive samples are correctly
classified as positive; True Negative (TN), where negative
samples are correctly classified as negative; False Positive
(FP), where negative samples are wrongly classified as pos-
itive; and False Negative (FN), where positive samples are
wrongly classified as negative. To evaluate the performance
of the system, we use commonly used performance metrics
such as true positive rate, false positive rate, and balanced
accuracy.
True Positive Rate (TPR). TPR is the ratio of the number of
true positive samples that are correctly classified to the total
number of positive sample, defined as T P R = T PT+F P
N . It
reflects the probability of a legitimate user passing through
the system, and is closely related to the user’s experience.
False Positive Rate (FPR). FPR is the ratio of the number
of negative samples that are incorrectly classified to the
total number of the negative samples, defined as F P R =
FP
F P +T N . It represents the rate of illegal users passing
through the system, which can be considered as the attack
success rate.
Balanced Accuracy (BAC). BAC is the average of the
classification accuracy of positive samples (TPR) and neg-
ative samples (T N R = T NT+F N
P ), defined as BAC =
1
2 (T P R + T N R). A good verification system has high
TPR and extremely low FPR. However, choosing different
thresholds in the classifier will increase/decrease TPR and
increase/decrease FPR at the same time. Therefore, BAC
metric is needed to describe the overall performance of the
system.
 This article has been accepted for publication in IEEE Transactions on Mobile Computing. This is the author's version which has not been fully edited and
content may change prior to final publication. Citation information: DOI 10.1109/TMC.2024.3368331

IEEE TRANSACTIONS ON MOBILE COMPUTING, VOL. X, NO. X, 2023 8

1 .0 T P R B A C F P R evaluate the performance of multi-vibration authentication

0 .8
0 .6
0 .4
0 .2
0 .0
U 1 U 2 U 3 U 4 U 5 U 6 U 7 U 8 U 9 U 1 0 U 1 1 U 1 2 U 1 3 U 1 4 U 1 5
U s e rs
Fig. 8: Authentication results of 15 users.
1 is better than that on fingerprint-based KES. The reason for
0.8
0.6
0.4
0.2
0 of 92.97%, FPR of 3.81%, BAC of 94.58%) still meets the
TPR BAC
Fig. 9: Overall authentication results.
4.3 Experimental Result
In this part, we evaluate the performance of vibration
authentication in fingerprint-based KES and security-code
KES.
4.3.1 Authentication Accuracy
We first evaluate the performance of the single vibration
authentication method in the fingerprint-based KES system
and the multi-vibration authentication method in the secu-
rity code system, respectively.
Single Vibration Authentication. In this experiment, we
collected vibration data from 15 volunteers. Each volunteer
served as a legal user in their own classification model and
as an unauthorized user in the classification models of oth-
ers. When acting as a legal user, each volunteer was required
to collect 30 sets of data. When acting as an unauthorized
user, they wore fake fingerprints to deceive the fingerprint
lock and collected vibration data 10 times. In total, each
volunteer collected 40 sets of data, resulting in a total of
600 data points (15 x (30 + 10)).
Fig. 8 displays the classification results for the 15 user
models, and Fig. 9 provides a statistical analysis of these
results. It can be observed that the average TPR is 93.31%,
the average FPR is 3.06%, and the average BAC is 95.13%.
Although these results may not be considered outstand-
ing, Fingerbeat uses single vibration authentication as an
additional layer of security in conjunction with fingerprint
locks, which significantly enhances the overall security of
the fingerprint lock system.
Multi-vibration Authentication. In the previous experi-
ment, we have verified the vibration authentication re-
sults corresponding to the single digit. To comprehensively
under the security-code KES, we evenly selected positions
1, 3, 5, 7, and 9 to verify. Each volunteer collects 30 sets of
data at each location and finally obtains 1500(10 × 5 × 30)
samples. There are ten classification models trained by the
above data at each location. Fig. 10(a) shows the TPR at five
positions, Fig. 10(b) shows the BAC and Fig. 10(c) shows
the FPR. The average TPR, FPR and BAC for position 1
were 93.44% ,2.9%, and 95.27%, respectively. The average of
position 3 is 95.58%, 1.86%, 96.86%. The average of position
5 is 95.7%, 1.39%, 97.16%. The average of position 7 is
92.97%, 3.81%, 94.58%. The average of position 9 is 93.51%,
2.57%, 95.47%. Based on this result, we observe two key
points: One is that the performance under security-code KES
this performance difference is that the tapping position in
security-code KES are relatively concentrated (for the same
number). The sensing range of the fingerprint scanner is
larger than that covered by each digit, so the positional
deviation of multiple tapes will be larger. Another one is
that the results across five positions are different. This is
because the propagation paths to the accelerometer from
five positions are different. However, the worst result (TPR
FPR requirements for authentication accuracy.
For common 6-digit passwords, the security-code KES
corresponds to multi-vibration authentication consisting of
six continuous vibrations. We leverage the results of single
vibration authentication (in position 7) to evaluate the per-
formance of multi-vibration authentication under different
strategies, while showing the result in Fig. 11. In a single
vibration, the probability of a legitimate user passing the
authentication is P1 = 92.97%, and the probability of failing
is q1 = 7.03%. The probability of attacker passing single vi-
bration authentication is P2 = 3.81%, the probability of fail-
ing is q2 = 96.19%. We use permutation and combination
theory to calculate the results when different thresholds are
set, as shown in Fig. 11. In multi-vibration authentication,
the threshold is set as 3. Under this strategy, TPR is 99.97%
indicating a high probability of successful identification of
legitimate users, and FPR is 0.1%, indicating a low prob-
ability of successful attack. Therefore, the multi-vibration
authentication strategy proposed in the Sec. 3.4 takes into
account both security and convenience.
4.3.2 Performance of Vibration Detection Algorithms.
In the experiment, we collected the interference vibration
generated by knocking on the door (”knocking”), ringing
the doorbell (”ringing”), opening the door (”opening”),
and FIV signals to verify the performance of the detection
algorithm. 30 groups of each type of the above signals are
collected. The experiment results in Table 1 are obtained.
The vibration signals generated by ”tapping”, ”opening”,
and ”ringing” are all correctly classified, while a small
amount of vibration signals generated by ”knocking” are
wrongly classified as FIV. The reason for this result is that
the duration of the vibration signal generated by knocking
is the closest to that of the FIV signal. Moreover, compared
with missing FIV signals, the cost of misdiagnosing FIV
signals is almost negligible.

Authorized licensed use limited to: VTU Consortium. Downloaded on March 27,2024 at 05:54:55 UTC from IEEE Xplore. Restrictions apply.
© 2024 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.See https://www.ieee.org/publications/rights/index.html for more information.
 This article has been accepted for publication in IEEE Transactions on Mobile Computing. This is the author's version which has not been fully edited and
content may change prior to final publication. Citation information: DOI 10.1109/TMC.2024.3368331

IEEE TRANSACTIONS ON MOBILE COMPUTING, VOL. X, NO. X, 2023 9

1.0 1.0 0.15

0.12
0.9 0.9
0.09
TPR

BAC

FPR
0.06
0.8 0.8
0.03

0.7 0.7 0.00

L1 L3 L5 L7 L9 L1 L3 L5 L7 L9 L1 L3 L5 L7 L9
Position Position Position
(a) TPR values of 10 users at 5 locations. (b) BAC values of 10 users at 5 locations. (c) FPR values of 10 users at 5 locations.
Fig. 10: Classification results of 10 positions in password unlocking

1 0 0
1 0 0 .0 0 1 0 0 .0 0 9 9 .9 7
8 0
6 0
4 0
2 0 .7 9
2 0
1 .9 7
0 no walking
S 1 S 2 S 3
T h r e s h o ld V a lu e
Fig. 11: Multi-vibration authentication strategy selection.
TABLE 1: Vibration signal detection result.
Vibration Type/Detection Result
FIV (30 times)
Knocking (30 times)
Ringing (30 times)
Opening (30 times)
4.3.3 Performance of Different Classification Models
To choose the most appropriate classifier, we compare
the performance of common classifiers using the data in
Sec 4.3.1. The experiment compares the performance of
five classifiers, Support Vector Machine (SVM), K-Nearest
Neighbor (KNN), Decision Tree (DT), Naive Bayes (NB) and
Logistic Rregression (LR) [32]. The training set and test set
of each classifier are exactly the same. Fig. 12(a), Fig. 12(b)
and Fig. 12(c) respectively show the TPR, FPR and BAC
value of the classification results of different classifiers. It
can be seen that the performance of SVM classification is
better than other classifiers.
4.3.4 Performance of Panel Materials.
In addition to fingers, the panel material can also affect
the structure of the whole vibration body and hence FIVs.
Therefore, in this section, volunteers are asked to click
on three types of materials (i.e., wood, plastic, iron) 100
times each time. Subsequently, we calculate the average
performance variation across distinct materials, i.e., 0.14%
TPR and 0.09% BAC. The result states that the door mate-
rial imposes an insignificant impact on the authentication
performance, hence it is a neglected factor.
4.4 Robustness Verification
4.4.1 Robustness of Walking
When we are unlocking, there may be neighbors walking
in the corridor, so it is necessary to discuss the impact of
9 9 .4 1
9 3 .8 7
T P R walking on Fingerbeat. We conducted comparative experi-
F P R ments in three environments: (1) no walking, (2) one people
walking and (3) two people walking. The results in Table 2
6 4 .5 7
show that the performance difference in the three scenarios
is very small.
TABLE 2: TPR in different environments.
Environment TPR
0 .1 0 0 .0 0 0 .0 0 0 .0 0
93.31%
S 4 S 5 S 6 one people walking 93.26%
two people walking 92.8%
FIV Interference
4.4.2 Robustness of Attack
30 0 In this part, we evaluate the security of the KES de-
2 28 ployed with Fingerbeat under the four attacks mentioned
0 30 in Sec. 2.3.
0 30
Defend Against Blind Attack. In this case, the at-
tacker does not know the user’s fingerprint information
and password. Without knowing the user’s fingerprint, it
is almost impossible for the attacker to pass fingerprint
authentication. In the security-code KES, the probability of
an attacker guessing the 6-digit password is 1016 , which is
approximately 0. Therefore, in the blind attacker scenario,
whether or not Fingerbeat is deployed, the probability of
successful is approximately 0.
Defend Against Premeditated Attack. In this case, it is
assumed that the attacker can successfully deceive finger-
print/password authentication. Thus, the probability of an
attacker passing a KES (no Fingerbeat) is 100%. Fingerbeat
adds single vibration authentication for fingerprint-based
KES and multi-vibration authentication for security-code
KES. According to Sec 4.3.1, the attack success rates of single
vibration authentication and multi-vibration authentication
are 3.06% and 0.1%.
Defend Against Deliberate Attack. In this case, it is as-
sumed that the attacker can pass fingerprint/password au-
thentication and attempt to attack vibration authentication
with eavesdropped FIV signals. We designed an experiment
to test the ability of Fingerbeat to resist the attack. We let
legitimate users perform the unlocking operation normally,
and the acceleration sensor is placed 50cm away from the
lock body. This signal is directly used as an attack signal and
put into our trained model for classification. We collected 80
attack signals and none of them were successful. This result
is not surprising. The model in Section 2.1 mentions that
the propagation distance affects the vibration signal. The
eavesdropped signal propagated for a certain distance and

Authorized licensed use limited to: VTU Consortium. Downloaded on March 27,2024 at 05:54:55 UTC from IEEE Xplore. Restrictions apply.
© 2024 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.See https://www.ieee.org/publications/rights/index.html for more information.
 This article has been accepted for publication in IEEE Transactions on Mobile Computing. This is the author's version which has not been fully edited and
content may change prior to final publication. Citation information: DOI 10.1109/TMC.2024.3368331

IEEE TRANSACTIONS ON MOBILE COMPUTING, VOL. X, NO. X, 2023 10

1.0 0.3 1.0

0.9 0.9
0.2
0.8 0.8
TPR

FPR

BAC
0.7 0.7
0.1
0.6 0.6

0.5 0 0.5
SVM KNN DT NB LR SVM KNN DT NB LR SVM KNN DT NB LR
Classifier Classifier Classifier
(a) TPR of different classification models. (b) FPR of different classification models. (c) BAC of different classification models.
Fig. 12: Performance of different classification models.

the medium changed from the lock body to the door panel, new scenarios, such as the impact of pedestrian walking,
which was obviously deformed and distorted. Therefore, it hand tremors, and vehicle bumps on authentication. In
is difficult to be identified. future work, we also need to explore the performance varia-
Defend against Flood Attack. In this case, the attacker tion of the authentication mechanism when the user’s finger
repeats premeditated attacks countless times. Although the structure is damaged, while proposing the corresponding
success rate of a single attack is very low, repeated many fault tolerance method.
times is bound to succeed. Fortunately, the deadlock mecha- Advanced network. As shown in Sec. 4, Fingerbeat has a
nism of Fingerbeat only allows three unsuccessful attempts good performance using simple classifiers for identity de-
in a short period of time. Therefore, the attack success rate cisions. However, a well-designed learning-based network
of Fingerbeat deployed in the fingerprint lock is 8.9% and can further improve authentication performance described
security-code lock is 0.3%. in TouchPass [33], HandKey [15]. In future work, we will
Fig. 13(a) and Fig. 13(b) show the success rates of try to design an effective network such as contrastive learn-
fingerprint-based KES (with and without Fingerbeat) and ing for Fingerbeat to further improve its robustness facing
security-code KES under four attacks, respectively. It can cross-domain applications. In addition, we need to explore
be seen that Fingerbeat can effectively resist the above four a unified metric [34]–[38] to measure the superiority and
attacks, which greatly improves the security of fingerprint- uniqueness of the biological features themselves.
based KES and security-code KES.

1 0 0 1 0 0
1 0 0 1 0 0 1 0 0 1 0 0 1 0 0 1 0 0 6 R ELATED W ORK
8 0 8 0
O n e -fa c to r O n e -fa c to r
T w o -fa c to r T w o -fa c to r
F P R (% )

6 0 6.1 Keyless Entry Systems

F P R (% )

4 0
2 0
8 .9 0
0 0 .0 0 3 .0 6 0 .0 0
a te d
0 0
a te lo o d
B lin dP r e m e d it D e lib e r F B lin dP r e m e d it D e lib e r
(a) The success rate of fingerprint(b) The success rate of fingerprint
lock attacks in the three scenarios. lock attacks in the three scenarios.
Fig. 13: Performance of defending potential attacks.
5 D ISCUSSION AND F UTURE W ORK
The current version of Fingerbeat has some limitations. In
this section, we will discuss these limitations and explore
where we can improve in the future.
Potential advanced attacks. The unique propagation char-
acteristics of vibration signals make it difficult for attackers
to steal. However, advanced attackers may obtain the FIV
features of legitimate users from the operating system and
inject them into the login system. In our further work, we
should explore the security risks of this attack targeted at
the operation system.
Apply to more scenarios. To improve the security of the
widely used KES, Fingerbeat uses as a secondary authen-
tication factor. Finger tapping, as a natural and convenient
interactive action, has the potential ability to be applied in
more scenarios, such as mobile phones, computers and on-
board devices. Inevitably, there will be new challenges in
6 0
4 0
2 0 Keyless entry systems use the user’s own memory, portable
0 0 .0 0 0 .1 0 0 .0 0 0 .3 0 smart devices or unique biometrics to unlock the door and
a te d
a te lo o d
F completely get rid of the ”keychain”. In the early stages,
keyless entry system unlock credentials were user-defined
passwords [39], which relies heavily on the user’s memory
and increases the user’s burden. What’s more, passwords
are easily peeked by covert camera attacks or shoulder surf-
ing attacks, posing a privacy leakage risk that cannot be ig-
nored [5], [6]. Due to the higher security and convenience of
Fingerprint-based KES, it has become the choice of more and
more users. However, users will leave complete fingerprint
information on the items they have touched. Attackers can
use fingerprints left on items to create fingerprint films to
deceive fingerprint-based KES [11]. More advanced sensors
can solve this problem. Qualcomm Fingerprint Sensor [10]
uses sound waves to scan the sweat pores of the user’s
finger to obtain accurate 3D images. However, the high cost
and unknown risks make it difficult to apply it on a large
scale. SoundLock [35] leveraged the auditory-pupillary re-
sponse as biometrics to construct a novel user authentication
scheme for VR devices, but it is not suitable for the contact
human-computer interaction scenario. Fingerbeat combines
fingerprint/password authentication and vibration authen-
tication to realize two-factor authentication, which makes
up for the security loopholes in the above authentication
methods.

Authorized licensed use limited to: VTU Consortium. Downloaded on March 27,2024 at 05:54:55 UTC from IEEE Xplore. Restrictions apply.
© 2024 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.See https://www.ieee.org/publications/rights/index.html for more information.
 This article has been accepted for publication in IEEE Transactions on Mobile Computing. This is the author's version which has not been fully edited and
content may change prior to final publication. Citation information: DOI 10.1109/TMC.2024.3368331
IEEE TRANSACTIONS ON MOBILE COMPUTING, VOL. X, NO. X, 2023
6.2 Vibration-based User Identity
Existing vibration-based authentication mostly relies on ac-
tive sensing, such as the methods described in [16], [26],
[33], [40]. These methods generate vibrations using a motor
or other excitation source, then capture the vibration signals
transmitted by the human body for identity authentication.
VibID [26], [40] is deployed on smartwatches and uses the
vibration signal generated by an external motor to sense
the unique physical characteristics of the user’s arm. Touch-
Pass [33] employs a Siamese network to mine hidden fin-
ger structure features in the vibration signal. VibWrite [16]
senses the touch position of the finger to identify the legality
of the PIN/pattern/gesture entered by the user using the
vibration signal. It needs a motor as a signal source to
actively trigger vibration signals; while our work relies on
the vibration signal generated by passively clicking the
touch panel to complete the authentication. Velody [20]
senses the unique physical structure of the user’s palm
for authentication using vibration signals and includes a
“challenge-response” mechanism to prevent replay attacks.
VibSense [41] uses vibration signals of known frequencies
to identify items that vary in size and weight. Another
proposed method [42] utilizes user-generated involuntary
muscle movements under electrical impulse stimulation,
requiring a custom EMS sleeve for the user.
Previous research on passive sensing of vibration signals
has focused on exploring new ways of human-computer
interaction. Taprint [21] uses the hand as a virtual keyboard
for smartwatches by detecting the location of taps. Vib-
Sense [41] extends the input interface to any device surface
through tap positioning. Thumprint [43], AwareLESS [44],
KnockKnocking [45], KeyClick [46] and [47] rely on the
tap behavior factor for identity authentication. However,
behavior-based features can change over time, reducing the
robustness of the system. Fingerbeat proposes an authenti-
cation method using passively perceived vibration signals
that is based on the user’s hand structure rather than
behavior, providing a more robust solution.
6.3 Two-Factor Authentication
Two-factor authentication (2FA) provides an additional
layer of security to protect users’ privacy and assets. Cur-
rently, some online banking services and websites offer
2FA to enhance account security [48]. However, a study
by [49] found that the adoption rate of 2FA was lower than
6.4% among over 100,000 Google accounts. Similarly, [50]
estimated the coverage of 2FA to be between 2% and 5%.
This low adoption rate may be due to the complexity of the
2FA process. Compared to single-factor authentication, the
completion of 2FA takes an additional 20 seconds [51]. Most
users prioritize usability over security [52]. It is also believed
that 2FA is not completely immune to active threats such as
phishing [53] and Trojan horses during remote login [54].
Despite these limitations, 2FA is still effective against eaves-
dropping and offline password attacks, making it more
suitable for local login. EchoPrint [55] implements a secure
and convenient 2FA system that uses acoustics and vision.
However, it can only be used on platforms with speakers,
microphones, and cameras, and is not suitable for door
lock scenarios. Fingerbeat, on the other hand, proposes
Authorized licensed use limited to: VTU Consortium. Downloaded on March 27,2024 at 05:54:55 UTC from IEEE Xplore. Restrictions apply.
© 2024 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.See https://www.ieee.org/publications/rights/index.html for more information.
11
the use of FIV-based authentication to address the security
shortcomings of fingerprint-based and security code KES
systems. Additionally, the operation of Fingerbeat is simple
and avoids the major drawback of two-factor authentica-
tion, which is its complicated operation.
7 C ONCLUSION
This paper presents Fingerbeat, a two-factor authentication
model for Keyless Entry Systems (KES) that combines both
fingerprint and security code recognition. The unique phys-
ical structure of each finger results in distinctive, constant
vibrations, known as finger-induced vibrations (FIV), dur-
ing unlocking interactions such as fingerprint scanning or
code inputting. By utilizing these FIV patterns, we can dis-
tinguish users for authentication purposes. Our implemen-
tation of the KES prototype integrates a fingerprint scanner,
touch-based password entry panel, processing unit, and a
vibration collector module. The results of our experiments
demonstrate that Fingerbeat accurately authenticates users
and effectively defends against various attacks.
R EFERENCES
[1] Smart door lock market research report 2023. In
https://www.industryresearch.biz/global-smart-door-lock-market-
19951618, 2023.
[2] FBI.gov. Burglary. https://ucr.fbi.gov/crime-in-the-
u.s/2017/crime-in-the-u.s.-2017/topic-pages/burglary. 2017.
[3] safewise. 8 surprising home burglary facts and stats.
https://safeatlast.co/blog/burglary-statistics/gref. 2020.
[4] safeatlast. Burglars, fires, and break-ins – oh my!(infographic).
https://safeatlast.co/blog/burglary-statistics/gref. 2020.
[5] Guixin Ye, Zhanyong Tang, Dingyi Fang, Xiaojiang Chen, et al.
Cracking Android Pattern Lock in Five Attempts. ISOC NDSS,
2017.
[6] et al Malin Eiband, Mohamed Khamis. Understanding Shoulder
Surfing in the Wild: Stories from Users and Observers. ACM CHI,
2017.
[7] Apple. About Face ID advanced technology, 2018. [Online].
[8] K. Priya, A. N. Khan, and A. Kumari. Iris recognition : A biometric
authentication approach. INROADS- An International Journal of
Jaipur National University, 7(si):91, 2018.
[9] H. Feng, K. Fawaz, and K. G. Shin. Continuous authentication for
voice assistants. arXiv e-prints, 2017.
[10] Qualcomm. Fingerprint Sensors, 2018. [Online].
[11] None. Researchers publish method of hacking fingerprint authen-
tication on smartphones. Biometric Technology Today, 2016(4).
[12] F. Tari, A. A. Ozok, and S. H. Holden. A comparison of per-
ceived and real shoulder-surfing risks between alphanumeric and
graphical passwords. In Proceedings of the 2nd Symposium on Usable
Privacy and Security, SOUPS 2006, Pittsburgh, Pennsylvania, USA,
July 12-14, 2006, 2006.
[13] Ho Grant, Leung Derek, Mishra Pratyush, Hosseini, et al. Smart
locks: Lessons for securing commodity internet of things devices.
pages 461–472, 2016.
[14] Ziff Davis. The best smart locks for 2020, 2020. [Online].
[15] Hangcheng Cao, Daibo Liu, Hongbo Jiang, Chao Cai, Tianyue
Zheng, John C. S. Lui, and Jun Luo. Handkey: Knocking-triggered
robust vibration signature for keyless unlocking. IEEE Transactions
on Mobile Computing, pages 1–15, 2022.
[16] Jian Liu, Chen Wang, Yingying Chen, and Nitesh Saxena. Vib-
Write: Towards Finger-input Authentication on Ubiquitous Sur-
faces via Physical Vibration. ACM CCS, pages 73–87, 2017.
[17] Peter Christian Muller and Werner Schiehlen. Linear vibrations:
a theoretical treatment of multi-degree-of-freedom vibrating systems,
volume 7. Springer Science & Business Media, 2012.
[18] Lydik S Jacobsen. Steady forced vibration as influenced by damp-
ing: an approximate solution of the steady forced vibration of a
system of one degree of freedom under the influence of various
types of damping. Transactions of the American Society of Mechanical
Engineers, 52(2):169–178, 1930.
 This article has been accepted for publication in IEEE Transactions on Mobile Computing. This is the author's version which has not been fully edited and
content may change prior to final publication. Citation information: DOI 10.1109/TMC.2024.3368331
IEEE TRANSACTIONS ON MOBILE COMPUTING, VOL. X, NO. X, 2023
[19] D. Childers, R. Varga, and N. Perry. Composite signal decomposi-
tion. IEEE Transactions on Audio and Electroacoustics, 18(4):471–477,
1970.
[20] Jingjie Li, Kassem Fawaz, and Younghyun Kim. Velody: Nonlinear
vibration challenge-response for resilient user authentication. In
the 2019 ACM SIGSAC Conference, 2019.
[21] Wenqiang Chen, Lin Chen, Yandao Huang, Xinyu Zhang, Lu
Wang, et al. Taprint: Secure Text Input for Commodity Smart
Wristbands. ACM MobiCom, pages 17:1–17:16, 2019.
[22] Donald J. Berndt and James Clifford. Using dynamic time warping
to find patterns in time series. In Proceedings of the 3rd International
Conference on Knowledge Discovery and Data Mining, AAAIWS’94,
page 359–370. AAAI Press, 1994.
[23] M. G. Vargas, F. E. Hoyos, and J. E. Candelo. Portable and efficient
fingerprint authentication system based on a microcontroller. In-
ternational Journal of Electrical and Computer Engineering, 9(4):2346,
2019.
[24] J. Syed. Method and system for one time password based authen-
tication and integrated remote access. 2008.
[25] Shay Maymon and Alan V Oppenheim. Sinc interpolation of
nonuniform samples. IEEE Transactions on Signal Processing,
59(10):4745–4758, 2011.
[26] Sunwoo Lee, Wonsuk Choi, and Dong Hoon Lee. Usable user
authentication on a smartwatch using vibration. CCS ’21, 2021.
[27] Christopher L Farrow, Margaret Shaw, Hyunjeong Kim, Pavol
Juhás, and Simon JL Billinge. Nyquist-shannon sampling theorem
applied to refinements of the atomic pair distribution function.
Physical Review B, 84(13):134105, 2011.
[28] A Xfs, Z. A. Yong, B Dwga, and A Xys. Feature selection using
bare-bones particle swarm optimization with mutual information
- sciencedirect. Pattern Recognition, 2020.
[29] G. Hao, H. Hu, B. Wang, and C. Li. Adaptive bare bones particle
swarm optimization for feature selection. In Control Decision
Conference, 2016.
[30] Rehan Akbani, Stephen Kwek, and Nathalie Japkowicz. Applying
support vector machines to imbalanced datasets. In Machine
Learning: ECML 2004, 15th European Conference on Machine Learning,
Pisa, Italy, September 20-24, 2004, Proceedings, 2004.
[31] V. Ganganwar. An overview of classification algorithms for imbal-
anced datasets. 2012.
[32] Le Wang, Meng Han, Xiaojuan Li, and Haodong Cheng. Review
of classification methods on unbalanced data sets. IEEE Access,
2021.
[33] Xiangyu Xu, Jiadi Yu, Yingying Chen, Qin Hua, et al. Touch-
Pass: towards behavior-irrelevant on-touch user authentication on
smartphones leveraging vibrations. ACM MobiCom, pages 24:1–
24:13, 2020.
[34] Ding Wang, Qianchen Gu, Xinyi Huang, and Ping Wang. Un-
derstanding human-chosen pins: characteristics, distribution and
security. In Proceedings of the 2017 ACM on Asia Conference on
Computer and Communications Security, pages 372–385, 2017.
[35] Huadi Zhu, Mingyan Xiao, Demoria Sherman, and et al. Sound-
lock: A novel user authentication scheme for vr devices using
auditory-pupillary response. In NDSS, 2023.
[36] Yi C Feng and Pong C Yuen. Binary discriminant analysis for
generating binary face template. IEEE Transactions on Information
Forensics and Security, 7(2):613–624, 2011.
[37] Qingxuan Wang and Ding Wang. Understanding failures in
security proofs of multi-factor authentication for mobile devices.
Authorized licensed use limited to: VTU Consortium. Downloaded on March 27,2024 at 05:54:55 UTC from IEEE Xplore. Restrictions apply.
© 2024 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.See https://www.ieee.org/publications/rights/index.html for more information.
12
IEEE Transactions on Information Forensics and Security, 18:597–612,
2022.
[38] Ding Wang and Ping Wang. Two birds with one stone: Two-factor
authentication with security beyond conventional bound. IEEE
transactions on dependable and secure computing, 15(4):708–722, 2016.
[39] Jeff Jianxin Yan, Alan F. Blackwell, Ross J. Anderson and Alasdair
Grant. Password memorability and security: Empirical results.
IEEE Security & Privacy, 2(5):25–31, 2004.
[40] Lin Yang, Wei Wang, and Qian Zhang. VibID: User Identification
through Bio-Vibrometry. ACM/IEEE ISPN, pages 11:1–11:12, 2016.
[41] L. Jian, Y. Chen, M. Gruteser, and W. Yan. Vibsense: Sensing
touches on ubiquitous surfaces through vibration. In 2017 14th
Annual IEEE International Conference on Sensing, Communication,
and Networking (SECON), 2017.
[42] Yuxin Chen, Zhuolin Yang, Ruben Abbou, Pedro Lopes, Ben Y.
Zhao, and Haitao Zheng. User authentication via electrical muscle
stimulation. CHI ’21, 2021.
[43] Sauvik Das, Gierad Laput, Chris Harrison, and Jason I. Hong
. Thumprint: Socially-Inclusive Local Group Authentication
Through Shared Secret Knocks. ACM CHI, pages 3764–3774, 2017.
[44] Hiroyuki Manabe and Masaaki Fukumoto. AwareLESS authen-
tication: insensible input based authentication. ACM CHI, pages
2561–2566, 2007.
[45] Marisa Lu, Gautam Bose, Austin S. Lee, and Peter Scupelli.
Knock Knock to Unlock: A Human-centered Novel Authentication
Method for Secure System Fluidity. ACM TEI, pages 729–732, 2017.
[46] HsiangYu Chen, Jaeyoung Park, Steve Dai and Hong Z. Tan .
Design and Evaluation of Identifiable KeyClick Signals for Mobile
Devices. IEEE Transactions on Haptics, pages 229–241, 2011.
[47] Nan Zheng, Kun Bai, Hai Huang, and Haining Wang. You are
how you touch: User verification on smartphones via tapping
behaviors. In 2014 IEEE 22nd International Conference on Network
Protocols, 2014.
[48] Two factor auth (2fa) – list of websites and whether or not they
support 2fa. https://twofactorauth.org/.
[49] Thanasis Petsas, Giorgos Tsirantonakis, Elias Athanasopoulos, and
Sotiris Ioannidis. Two-factor authentication: Is the world ready?
quantifying 2fa adoption. In the Eighth European Workshop, 2015.
[50] Paul Moore. Does two factor authentication actually weaken secu-
rity? https://ramblingrant.co.uk/does-two-factor-authentication-
actually-weaken-security/.
[51] Nancie, Gunson, , , Diarmid, Marshall, , , Hazel, Morton, , , and
Mervyn. User perceptions of security and usability of single-factor
and two-factor authentication in automated telephone banking.
Computers Security, 2011.
[52] Catherine S. Weir, Gary Douglas, Tim Richardson, and Mervyn A.
Jack. Usable security: User preferences for authentication methods
in ebanking and the effects of experience. Interact. Comput.
[53] Rachna Dhamija, J. D. Tygar, and Marti Hearst. Why phishing
works. In Proceedings of the SIGCHI Conference on Human Factors in
Computing Systems, page 581–590, 2006.
[54] Bruce Schneier. Two-factor authentication: Too little, too late.
Communications of the Acm, 48(4):136, 2005.
[55] Bing Zhou, Jay Lohokare, Ruipeng Gao, and Fan Ye. Echoprint:
Two-factor authentication using acoustics and vision on smart-
phones. In the 24th Annual International Conference, page 321–336,
2018.