CONTINUOUS AUTHENTICATION OF MOBILE USERS: FUSION OF FACE AND INERTIAL MEASUREMENT UNIT DATA
David Crouse1, Hu Han1, Deepak Chandra2, Brandon Barbello2, and Anil K. Jain1
1Michigan State University 2Google, Inc. Outline
Device Locked • Background Log in to Device • Proposed approach
Update • Face uprightness correction Enrollment • COTS and component based face matching Wait
• Confidence function Capture Images • Prototype system on Android Apply Uprightness Correction • Experimental results • Summary Match Faces Above Below Threshold Update and Threshold Check Confidence Background
1973 - Motorola DynaTAC Prototype 1992 – Motorola 3200 1993 –IBM Simon 1999 – Kyocera VP-210 2007 – Apple iPhone First mobile phone First mobile digital phone First smartphone First camera phone First iOS phone
2008 – HTC Dream 2011 – Samsung Galaxy Nexus 2013 – LG Nexus 5 2013 – iPhone 5S 2014 – iPhone 6 First Android phone Introduced Face Unlock Used for data collection TouchID Apple Pay
www.businessinsider.com/complete-visual-history-of-cell-phones-2011-5?op=1 wikipedia.com Background
• Security concerns • Mobile devices contain personal information, such as e-mail, photos & videos, and financial information
• 67% of users do not password protect their devices [1]
• Many users are using too simple passwords, such as ‘1234’, ‘0000’, ‘2580’, ‘1111’, etc. [2] Users believe it is too complicated to enter a password/PIN! [1] http://sophos.com [2] http://techland.time.com/2011/06/13/the-10-most-popular-iphone-passwords-starring-1234/
Background
• Computer passwords were originally intended for mainframes/desktop computers • Desktops are stationary and the user is constantly engaged while logged in • Mobile phones adopted the paradigm • Mobile devices are small and easy to steal while unlocked • Complexity requirements make passwords hard to remember • This produces a stigma against password use, they are just “a hassle” We need a security solution built around mobile! Proposed Approach
Device Locked • Unobtrusive continuous authentication using face Log in to Device
• Unobtrusive: Update Enrollment uncooperative subjects; unconstrained sensing, no Wait change to user workflow Capture Images • Continuous: verify user
identity periodically Apply Uprightness Correction
Match Faces Above Below Threshold Update and Threshold Check Confidence Face Uprightness Correction
Device Locked
Log in to Device
Update Enrollment
Wait
Capture Images
Apply Uprightness Correction
Match Faces Above Below Threshold Update and Threshold Check Confidence Face Uprightness Correction
• IMU is used to correct for device rotation • Correction uses temporal interpolation Face Uprightness Correction COTS and Component-Based Face Matching
Device Locked
Log in to Device
Update Enrollment
Wait
Capture Images
Apply Uprightness Correction
Match Faces Above Below Threshold Update and Threshold Check Confidence COTS and Component-Based Face Matching
• COTS matchers • PittPatt SDK in client-server mode • Qualcomm SDK in smartphone-only mode • Component-based matcher (Person-Specific) [1]
COTS matching
Component-based matching
Fusion [1] H. Han, et al., "Matching Composite Sketches to Face Photos: A Component-Based Approach,” IEEE T-IFS, 2013. Confidence Function
Device Locked
Log in to Device
Update Enrollment
Wait
Capture Images
Apply Uprightness Correction
Match Faces Above Below Threshold Update and Threshold Check Confidence Confidence Function
Confidence In Identity of User • Initial confidence value in
user’s identity = 1.0; 1 decays over time • If confidence < T (0.6 in our 0.8 trials), lock the phone 0.6 • Raise confidence if the Confidence Confidence genuine face is recognized; 0.4 Threshold lower the confidence for Genuine Face 0.2 Impostor Face impostor face No Face
0 0 2 4 6 8 10 12 Minutes since login Prototype System on Android
• Android has 81% market share [1]
• Google Nexus 5 smartphone
• Uprightness correction was performed on the device GPU
• Both client-server mode (ICB paper) and smartphone-only mode (ongoing work) have been implemented
[1] http://www.idc.com/getdoc.jsp?containerId=prUS25450615 Experimental Results
• Face verification • Using customized application, we collected images of 10 subjects for 1-6 weeks
• 250,000 images in 3,600 sessions were collected
• Roughly 50% of these images contained a face Experimental Results
• Face verification (in client-server mode) Experimental Results
• Face verification (in smartphone-only mode)
1
0.95
0.9
0.85
0.8
0.75 Fused TAR 0.7 Qualcomm 0.65 Component 0.6
0.55
0.5 0 0.05 0.1 0.15 0.2 0.25 0.3 0.35 0.4 FAR Experimental Results
• Face verification examples
False reject by COTS, correct accept False accept by COTS, correct reject by our system by our system Experimental Results
• User testing 96% • 24 subjects used an Android device equipped with the system for multiple sessions • For 3 to 5 sessions, subjects operated the device for up to 15 minutes or until they were logged out 89% • For an additional 3 to 5 55% sessions, subjects operated the device for 1 minute, then handed the device to an impostor Experimental Results
• Genuine user 1.2
1
0.8 Logged In 0.6
Score Locked 0.4
0.2 Scaled Match Score Genuine Confidence 0 0 5 10 15 20 Impostor 25 No Face -0.2 Image Group Experimental Results
• Impostor user
Logged In
Locked
Genuine
Impostor
Image Group Summary Device Locked • We have presented a robust continuous authentication Log in to Device system for mobile devices Update Enrollment • Fusion of camera with the device’s IMU allows for Wait enhanced face matching performance Capture Images
Apply Uprightness • Experiments show significant Correction reduction in the time impostors have access to a device while Match Faces maintaining usability for genuine Above Below Threshold Update and Threshold users Check Confidence YOU ARE YOUR SMARTPHONE’S PASSWORD!
Questions?