Authentication by Gesture Recognition: a Dynamic Biometric Application

Benoit Ducray

Authentication by Gesture Recognition: a Dynamic Biometric Application

Benoit Ducray

Department of Information Security

Research output: Thesis › Doctoral Thesis

402 Downloads (Pure)

Abstract

With the expansion of digital information and the number of people potentially able to access it, there are increasing demands for efficient, secure systems which authenticate users effectively. At the end of the 1960’s, IBM defined three authentication factors: knowledge factor, which relates to ``something the entity knows''; ownership factor, relating to ``something the entity has/possesses''; inherent factor, which can be summarised as ``something the entity is or does''.

Each of these factors possesses its own limitations: knowledge factors can be forgotten or discovered by a fraudster; ownership factors can be lost, stolen or counterfeited. These nuisances have led to increased use of biometric authentication as a means of increasing security. However, conventional biometrics are static, so if compromised cannot be changed by the user. This has led to interest in techniques that authenticate using changeable multi-factor authentication measures that are influenced by biometrics, rather than being completely reliant on them. Investigating the practicality and security of such techniques provided the motivation for this research.

First we needed to identify these ``easily changeable biometrics'' and it led us to define a new biometric family, which we called the dynamic biometrics. We then studied the security characteristics of this new family.

Out of the dynamic biometrics, we chose to focus on one of these elements, authentication based on gesture recognition. We conducted several experiments to assess the ability of this authentication technique to authenticate the genuine user and reject any impostors, either if these impostors do not know the gesture or do random movements.

We continued by looking for a secure place to store the gesture recognition's template and run the application. We evaluated the possibility of doing that on a personal limited device, such as a Smart Card.

Then we designed a protocol to use a gesture recognition application which we analysed with respect to several threat vectors.

Original language	English
Qualification	Ph.D.
Awarding Institution	Royal Holloway, University of London
Supervisors/Advisors	Mayes, Keith, Supervisor Price, Geraint, Advisor
Award date	1 Dec 2017
Publication status	Unpublished - 2017

Keywords

Biometrics
smart card
Dynamic biometrics
Gesture Recognition
Gesture authentication
Host Card Emulation
Dynamic Time Warping
Kinect
Leap Motion
Biometric
Dynamic biometric
microsoft kinect
passthoughts
fingerprint
Face recognition
voice recognition
biometric criteria

Access to Document

Benoit Ducray PhD thesisOther version, 1.74 MB

Cite this

@phdthesis{0b9c684fad2649e7bc83d9e4ef41abc7,

title = "Authentication by Gesture Recognition: a Dynamic Biometric Application",

abstract = "With the expansion of digital information and the number of people potentially able to access it, there are increasing demands for efficient, secure systems which authenticate users effectively. At the end of the 1960{\textquoteright}s, IBM defined three authentication factors: knowledge factor, which relates to ``something the entity knows''; ownership factor, relating to ``something the entity has/possesses''; inherent factor, which can be summarised as ``something the entity is or does''.Each of these factors possesses its own limitations: knowledge factors can be forgotten or discovered by a fraudster; ownership factors can be lost, stolen or counterfeited. These nuisances have led to increased use of biometric authentication as a means of increasing security. However, conventional biometrics are static, so if compromised cannot be changed by the user. This has led to interest in techniques that authenticate using changeable multi-factor authentication measures that are influenced by biometrics, rather than being completely reliant on them. Investigating the practicality and security of such techniques provided the motivation for this research.First we needed to identify these ``easily changeable biometrics'' and it led us to define a new biometric family, which we called the dynamic biometrics. We then studied the security characteristics of this new family.Out of the dynamic biometrics, we chose to focus on one of these elements, authentication based on gesture recognition. We conducted several experiments to assess the ability of this authentication technique to authenticate the genuine user and reject any impostors, either if these impostors do not know the gesture or do random movements.We continued by looking for a secure place to store the gesture recognition's template and run the application. We evaluated the possibility of doing that on a personal limited device, such as a Smart Card.Then we designed a protocol to use a gesture recognition application which we analysed with respect to several threat vectors. ",

keywords = "Biometrics, smart card, Dynamic biometrics, Gesture Recognition, Gesture authentication, Host Card Emulation, Dynamic Time Warping, Kinect, Leap Motion, Biometric, Dynamic biometric, microsoft kinect, passthoughts, fingerprint, Face recognition, voice recognition, biometric criteria",

author = "Benoit Ducray",

year = "2017",

language = "English",

school = "Royal Holloway, University of London",

}

TY - BOOK

T1 - Authentication by Gesture Recognition: a Dynamic Biometric Application

AU - Ducray, Benoit

PY - 2017

Y1 - 2017

N2 - With the expansion of digital information and the number of people potentially able to access it, there are increasing demands for efficient, secure systems which authenticate users effectively. At the end of the 1960’s, IBM defined three authentication factors: knowledge factor, which relates to ``something the entity knows''; ownership factor, relating to ``something the entity has/possesses''; inherent factor, which can be summarised as ``something the entity is or does''.Each of these factors possesses its own limitations: knowledge factors can be forgotten or discovered by a fraudster; ownership factors can be lost, stolen or counterfeited. These nuisances have led to increased use of biometric authentication as a means of increasing security. However, conventional biometrics are static, so if compromised cannot be changed by the user. This has led to interest in techniques that authenticate using changeable multi-factor authentication measures that are influenced by biometrics, rather than being completely reliant on them. Investigating the practicality and security of such techniques provided the motivation for this research.First we needed to identify these ``easily changeable biometrics'' and it led us to define a new biometric family, which we called the dynamic biometrics. We then studied the security characteristics of this new family.Out of the dynamic biometrics, we chose to focus on one of these elements, authentication based on gesture recognition. We conducted several experiments to assess the ability of this authentication technique to authenticate the genuine user and reject any impostors, either if these impostors do not know the gesture or do random movements.We continued by looking for a secure place to store the gesture recognition's template and run the application. We evaluated the possibility of doing that on a personal limited device, such as a Smart Card.Then we designed a protocol to use a gesture recognition application which we analysed with respect to several threat vectors.

AB - With the expansion of digital information and the number of people potentially able to access it, there are increasing demands for efficient, secure systems which authenticate users effectively. At the end of the 1960’s, IBM defined three authentication factors: knowledge factor, which relates to ``something the entity knows''; ownership factor, relating to ``something the entity has/possesses''; inherent factor, which can be summarised as ``something the entity is or does''.Each of these factors possesses its own limitations: knowledge factors can be forgotten or discovered by a fraudster; ownership factors can be lost, stolen or counterfeited. These nuisances have led to increased use of biometric authentication as a means of increasing security. However, conventional biometrics are static, so if compromised cannot be changed by the user. This has led to interest in techniques that authenticate using changeable multi-factor authentication measures that are influenced by biometrics, rather than being completely reliant on them. Investigating the practicality and security of such techniques provided the motivation for this research.First we needed to identify these ``easily changeable biometrics'' and it led us to define a new biometric family, which we called the dynamic biometrics. We then studied the security characteristics of this new family.Out of the dynamic biometrics, we chose to focus on one of these elements, authentication based on gesture recognition. We conducted several experiments to assess the ability of this authentication technique to authenticate the genuine user and reject any impostors, either if these impostors do not know the gesture or do random movements.We continued by looking for a secure place to store the gesture recognition's template and run the application. We evaluated the possibility of doing that on a personal limited device, such as a Smart Card.Then we designed a protocol to use a gesture recognition application which we analysed with respect to several threat vectors.

KW - Biometrics

KW - smart card

KW - Dynamic biometrics

KW - Gesture Recognition

KW - Gesture authentication

KW - Host Card Emulation

KW - Dynamic Time Warping

KW - Kinect

KW - Leap Motion

KW - Biometric

KW - Dynamic biometric

KW - microsoft kinect

KW - passthoughts

KW - fingerprint

KW - Face recognition

KW - voice recognition

KW - biometric criteria

M3 - Doctoral Thesis

ER -