TC 11 Briefing PapersStep & turn—A novel bimodal behavioral biometric-based user verification scheme for physical access control
Introduction
Cyber technology transformations are not confined only to electronic or computing devices but they permeate across traditional physical spaces. The introduction of computing and communication capabilities in many physical spaces further synergized with machine intelligence is making them “smarter” (Tavčar and Horváth, 2018). In this context, this paper focuses on controlling access to smart homes and smart buildings. These emerging smart spaces require some form of physical access control (i.e., locks, doors, barriers, etc.) that must be both reliable and usable for the users (Krašovec et al., 2020). Consequently, physical access control systems are undergoing a swift technological evolution related to the underlying user verification mechanisms.
All major lock manufacturers (Schlage, Yale) offer modern locks leveraging knowledge-based schemes (e.g., PIN/Password), device-pairing (e.g., smart cards, smartphones), and physiological biometrics (e.g., face, fingerprints), illustrated in Fig. 1(a). However, existing solutions are still prone to many attacks like insider-, replay-, and spoofing attacks (Gupta, Buriro, Crispo, 2019, Ho, Leung, Mishra, Hosseini, Song, Wagner, 2016). They have also shown usability issues, e.g., add cognitive load on users, ergonomically inefficient for new smart ecosystems (Katsini, Belk, Fidas, Avouris, Samaras, 2016, Ometov, Petrov, Bezzateev, Andreev, Koucheryavy, Gerla, 2019). A recent report (Yubico, 2021) based on inputs from 563 individual users, reports that 55% of users prefer password-less access, 62% of them do not prefer to use a second-factor verification, and 50% of users sometimes share passwords with a colleague. Furthermore, 65% of users believe that biometrics would increase security, but 30% of them are highly concerned about their privacy when providing biometric data.
Typically, physiological biometric-based access control systems are considered more secure than the other authentication schemes (Sabater, 2019, Sharma, Gupta, Khatri, 2019). In Baidya et al. (2017), a fingerprint-based door access system reported accuracy of more than 95% by exploiting basic patterns (arch, loop, and whorl) of fingerprint ridges. In Shi et al. (2019), a face recognition system for door locks achieved an accuracy of 98.3% and implemented an interactive face liveness detection method by monitoring the eye and mouth state. In Yu et al. (2020), an iris-based access control management system is proposed to fully realize automatic management of the personnel who attempt to pass the access control system. All these systems require users’ explicit interaction for their verification. Examples include placing a finger on a fingerprint scanner, standing in front of a camera, or closely looking at the iris scanner. Hence, their unobtrusiveness is limited (Vegas et al., 2020). Moreover, end-users have expressed privacy concerns in providing biometric modalities like a fingerprint, face, and iris (Carpenter, McLeod, Hicks, Maasberg, 2018, Chan, 2016, North-Samardzic, 2019). In Rui and Yan (2018), potential attacks and security risks assessment for popular biometric-based authentication schemes are discussed. These limitations motivate the design of physical access control systems based on a new approach using behavioral biometrics.
Step & Turn is the first bimodal scheme to exploit users’ single footstep and hand-movement behavior while they seek an entry to physical space illustrated in Fig. 1(b). The left- and right footstep pressure-data is sensed from 88 pressure sensors arrays embedded in the doormats, and the hand-movement is modeled as 3-dimensional signature by acquiring the raw data from 3-axis motion sensors. We design, prototype, and evaluate user verification models by employing random forest (RF), support vector machine (SVM), and Fisher linear discriminant (FISHERC) classifiers. We also perform Step & Turn’s usability analysis to establish efficiency, effectiveness, and satisfaction. The key contributions of the paper are thus the following:
- •
We propose a novel multi-class user verification scheme that exploits users’ single footstep and hand-movement for securing physical access. The combination of footstep and hand-movement does not require explicit users’ cooperation and both modalities can be collected unobtrusively, which can address usability aspects.
- •
We collect a new dataset for hand-movement from 40 volunteers. We design a hardware prototype using Adafruit9-DOFAccel/Mag/Gyro breakout board to acquire users’ hand-movement while they interact with the door handle. A smart office scenario was replicated in our lab by fixing the prototype to the door handle and placing two doormats in front of the door to give a real experience to the volunteers.
- •
A chimerical dataset containing 1,600 samples (40 per participant) is generated by combining our collected hand-movement dataset and the Swansea University Speech and Image Research Group footstep data having an equal number of participants. The main reason for relying on the existing footstep dataset is because hand-movement and footstep are two independent behavior, thus, it can be assumed that the classification decision will not be affected for designing a proof-of-concept, even if the two modalities are acquired from two different subjects. Also, the fusion of datasets collected from different subjects self-anonymizes the dataset for experimentation purposes, which may prevent dataset misuse.
- •
Step & Turn achieves a TAR of 97.25% at FAR of 0.01% using RF classifier and obtains a score of 76.72 in the SUS survey. Moreover, a score-level fusion using F-ratio is implemented to improve the Step & Turn’s verification accuracy. Step & Turn achieves approximately of the TAR improvement after fusing hand-movement and footstep compared to SmartHandle that only rely on hand-movement behavior.
Paper Structure: Section 2 discusses the prior related work that employed hand-movement and footstep behavioral biometric traits for user recognition. Section 3 furnishes the prototyping of the Step & Turn user verification system together with the system setup and details of the hardware used. Section 4 provides the design methodology that includes the data collection, features extraction, features selection, and fusion. Section 5 describes the performance metrics, user verification model construction, evaluation results under different settings, score-level fusion, and a broad-level discussion on security goals. Section 6 presents usability analysis of Step & Turn system. Ultimately, Section 7 presents the conclusions and the outline for possible future works.
Section snippets
Related work
Smart locks are gradually replacing traditional locks in smart homes and smart buildings (Xin et al., 2020). Many researchers have worked on the security and reliability of smart locks based on physiological biometric, radio-frequency identification (RFID), smart card, PIN, or password (Nehete, Chaudhari, Pachpande, Rane, 2016, Yu, 2018, Zhang, Tian, Zhang, 2018). This section reviews the prior work that exploited hand-movement and footstep behavioral biometric traits for user recognition.
Step & turn: System setup
This section provides an overview of Step & Turn setup and the software and hardware details of our proposed user verification method for physical access control.
Design methodology
In this section, we present the methodology to design Step & Turn verification scheme using hand-movements and footsteps biometric that include the data collection, feature extraction, and feature selection process.
Evaluation
Step & Turn is designed for multi-users verification. Thus, we consider two different scenarios, i.e., a verifying legitimate user scenario, and an impostor scenario using a zero-effort attack, to evaluate the underlying verification models. Further, this section describes the performance metrics, user verification models, verification results, score-level fusion, and a discussion on security goals.
Usability analysis
This section presents the usability analysis of Step & Turn user verification system. Usability assessment becomes the strategic criteria to establish the efficiency, effectiveness, and satisfaction of the user verification methods (Blanco-Gonzalo et al., 2019).
We use the System Usability Scale (SUS) tool (Brooke, 2013) to perform usability assessments of Step & Turn system. Participants conducted the SUS survey after finishing the experiment. Participants can specify their decision on a
Conclusions and future work
Step & Turn offers a secure and usable user verification scheme for controlling access to physical space unlike conventional verification schemes, it does not require the active participation of the user. Step & Turn provides a multi-class classification solution for physical access control. Our proposed scheme attains the TAR of 97.25% (@FAR of 0.01%) using an RF classifier-based verification model on a chimerical dataset of 40 users. Some of the challenges and limitations in the mass
CRediT authorship contribution statement
Sandeep Gupta: Conceptualization, Methodology, Investigation, Software, Writing – original draft. Mouna Kacimi: Methodology, Validation, Writing – review & editing. Bruno Crispo: Conceptualization, Methodology, Supervision, Project administration, Writing – review & editing.
Declaration of Competing Interest
The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.
Sandeep Gupta received his Ph.D. degree in Information & Communication Technology from the University of Trento, Italy in 2020. He is a recipient of the prestigious Marie Sklodowska-Curie research fellowship. Since 2016, he is/was participated in EU H2020 projects - E-Corridor, NeCS, CyberSec4Europe. Previously, he worked with Samsung, Accenture, and Mentor Graphics (now Siemens) in cyber security field. His research interests include biometrics-based access control schemes, AI & machine
References (59)
An introduction to ROC analysis
Pattern Recognit Lett
(2006)The usability of security–revisited
Computer Fraud & Security
(2016)- et al.
Relief-based feature selection: introduction and review
J Biomed Inform
(2018) - et al.
I-am: implicitly authenticate meperson authentication on mobile devices through ear shape and arm gesture
IEEE Transactions on Systems, Man, and Cybernetics: Systems
(2017) - et al.
Deepauth: A framework for continuous user re-authentication in mobile apps
Proceedings of the 27th ACM International Conference on Information and Knowledge Management
(2018) - et al.
Person identification and imposter detection using footstep generated seismic signals
IEEE Trans Instrum Meas
(2020) - et al.
Localization of humans, objects, and robots interacting on load-sensing floors
IEEE Sens J
(2016) - et al.
Design and implementation of a fingerprint based lock system for shared access
Proceedings of the 7thAnnual Computing and Communication Workshop and Conference (CCWC)
(2017) - et al.
Biometric systems interaction assessment: the state of the art
IEEE Trans Hum Mach Syst
(2019) Sus: a retrospective
J Usability Stud
(2013)
Risk-driven behavioral biometric-based one-shot-cum-continuous user authentication scheme
J Signal Process Syst
Privacy and biometrics: an empirical examination of employee concerns
Information Systems Frontiers
Smartphone continuous authentication using deep learning autoencoders
Proceedings of the 15thAnnual Conference on Privacy, Security and Trust (PST)
Privacy perceptions in biometrics operations
Proceedings of the International Conference on e-Learning, e-Business, Enterprise Information Systems, and e-Government (EEE)
Analysis of spatio-temporal representations for robust footstep recognition with deep residual neural networks
Transactions on pattern analysis and machine intelligence
Footstep pressure signal analysis for human identification
Proceedings of the 7thInternational Conference on Biomedical Engineering and Informatics
Next-generation user authentication schemes for IoT applications
A risk-driven model to minimize the effects of human factors on smart devices
Proceedings of the International Workshop on Emerging Technologies for Authorization and Authentication
Smarthandle: A novel behavioral biometric-based authentication scheme for smart lock systems
Proceedings of the 3rdInternational Conference on Biometric Engineering and Applications
A perspective study towards biometric-based rider authentication schemes for driverless taxis
Proceedings of the International Conference On Innovation And Intelligence For Informatics, Computing, And Technologies
Smart locks: Lessons for securing commodity internet of things devices
Proceedings of the 11th ACM on Asia conference on computer and communications security
Au-id: automatic user identification and authentication through the motions captured from sequential human activities using rfid
Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies
Security and usability in knowledge-based user authentication: A review
Proceedings of the 20thPan-Hellenic Conference on Informatics
Not quite yourself today: behaviour-based continuous authentication in iot environments
Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies
Toward unconstrained fingerprint recognition: a fully touchless 3-d system based on two views on the move
IEEE transactions on systems, Man, and cybernetics: systems
Item benchmarks for the system usability scale
J Usability Stud
Cited by (7)
SHRIMPS: A framework for evaluating multi-user, multi-modal implicit authentication systems
2024, Computers and SecurityImpact of Biometric Sensors on Physical Activity
2024, Communications in Computer and Information ScienceIntroduction
2023, Artificial Intelligence for Biometrics and Cybersecurity: Technology and applicationsUsable Identity and Access Management Schemes for Smart Cities
2023, Advanced Sciences and Technologies for Security Applications
Sandeep Gupta received his Ph.D. degree in Information & Communication Technology from the University of Trento, Italy in 2020. He is a recipient of the prestigious Marie Sklodowska-Curie research fellowship. Since 2016, he is/was participated in EU H2020 projects - E-Corridor, NeCS, CyberSec4Europe. Previously, he worked with Samsung, Accenture, and Mentor Graphics (now Siemens) in cyber security field. His research interests include biometrics-based access control schemes, AI & machine learning, usable security & privacy for IoT, and cyber-physical systems.
Mouna Kacimi received her Ph.D. degree in computer science from the University of Bourgogne, France, in 2007. She is an assistant professor at the KRDB Research Centre for Knowledge and Data, Faculty of Computer Science, Free University of Bolzano. Before that, she spent three years as postdoc at the Max-Panck Institute for Informatics in Saarbrucken, Germany. She has expertise on entity search, ranking models, and query processing. Her current research interests focus on information extraction and machine learning where the goal is to develop fine-grained information extraction from unstructured text to enhance search, summarization, and predictive models.
Bruno Crispo received his Ph.D. degree in computer science from the University of Cambridge, UK. in 1999, having received the M.Sc. degree in computer science from the University of Turin, Italy, in 1993. He is a full professor at the University of Trento since September 2005. Before that, he was an associate professor at Vrije Universiteit in Amsterdam. He is the co-editor of the Security Protocol International Workshop proceedings since 1997. He is a member of ACM. His main interests span the field of security and privacy. In particular, his recent work focuses on the topic of security protocols, access control in very large distributed systems, distributed policy enforcement, embedded devices, and smartphone security and privacy, and privacy-breaching malware detection. He has published more than 100 papers in international journals and conferences on security-related topics.