Abstract
The Internet of Things (IoT) is a new manifestation of data science. To ensure the credibility of data about IoT devices, authentication has gradually become an important research topic in the IoT ecosystem. However, traditional graphical passwords and text passwords can cause user’s serious memory burdens. Therefore, a convenient method for determining user identity is needed. In this article, we propose a handwriting recognition authentication scheme named HandiText based on behavior and biometrics features. When people write a word by hand, HandiText captures their static biological features and dynamic behavior features during the writing process (writing speed, pressure, etc.). The features are related to habits, which make it difficult for attackers to imitate. We also carry out algorithms comparisons and experiments evaluation to prove the reliability of our scheme. The experiment results show that the Long Short-Term Memory has the best classification accuracy, reaching 99% while keeping relatively low false-positive rate and false-negative rate. We also test other datasets, the average accuracy of HandiText reach 98%, with strong generalization ability. Besides, the 324 users we investigated indicated that they are willing to use this scheme on IoT devices.
- almosthuman2017. 2018. AI Era No Absolute Security: Baidu Mystery Lab Minutes to Crack Iris Recognition and Vein Recognition Hardware. Retrieved from https://36kr.com/p/5116996.Google Scholar
- Amusi. 2019. Biometric Authentication Under Threat: Liveness Detection Hacking. Retrieved from https://cloud.tencent.com/developer/article/1484902/.Google Scholar
- D. Bertolini, L. Oliveira, E. Justino, and R. Sabourin. 2008. Ensemble of classifiers for off-line signature verification. In Proceedings of the IEEE International Conference on Systems.Google Scholar
- Zhen Li Danyan Han, Jingwen Wang and Hao Li. 2007. Comparative studies on handwriting features of Chinese and English scripts. Crim. Techn. 4 (2007), 16--18. DOI:10.16467/1008-3650.2007.04.006Google Scholar
- Anupam Das, Joseph Bonneau, Matthew Caesar, Nikita Borisov, and XiaoFeng Wang. 2014. The tangled web of password reuse. In Proceedings of the Network and Distributed System Security Conference (NDSS’14), Vol. 14. 23--26.Google Scholar
- Li Deng. 2012. The MNIST database of handwritten digit images for machine learning research [best of the web]. IEEE Sign. Process. Mag. 29, 6 (2012), 141--142.Google Scholar
Cross Ref
- S. Dreiseitl and L. Ohnomachado. 2002. Logistic regression and artificial neural network classification models: A methodology review.J. Biomed. Inf. 35, 5 (2002), 352--359.Google Scholar
Digital Library
- Nitin Garg, Raghav Kukreja, and Pitambar Sharma. 2013. Revisiting defences against large scale online password guessing attacks. Int. J. Sci. Res. Publ. 3, 4 (2013).Google Scholar
- Felix Gers and Douglas Eck. 2001. Applying LSTM to time series predictable through time-window approaches. In Proceedings of the International Conference on Artificial Neural Networks.Google Scholar
Digital Library
- Golnaz Ghiasi and Reza Safabakhsh. 2013. Offline text-independent writer identification using codebook and efficient code extraction methods. Image Vis. Comput. 31, 5 (2013), 379--391.Google Scholar
Digital Library
- Youn Hee Gil, Yongwha Chung, Dosung Ahn, Jihyun Moon, and Hakil Kim. 2001. Performance analysis of smart card-based fingerprint recognition for secure user authentication. In Proceedings of the IFIP Conference on Towards the E-society: E-commerce.Google Scholar
- Grant Ho, Derek Leung, Pratyush Mishra, Ashkan Hosseini, Dawn Song, and David Wagner. 2016. Smart locks: Lessons for securing commodity internet of things devices. In Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security. ACM, 461--472.Google Scholar
Digital Library
- Hennebert Jean Ingold Rolf Humm, Andreas. 2008. Combined handwriting and speech modalities for user authentication. IEEE Trans. Syst. 39, 1 (2008), 25--35. DOI:10.1109/TSMCA.2008.2007978Google Scholar
Digital Library
- IT168. 2018. iPhone Has Taken the Fight to 3D Printing by Easily Cracking Android’s Face Recognition Feature. Retrieved from https://baijiahao.baidu.com/s?id=16202437945059912238wfr=spider8for=pc.Google Scholar
- Vinoj Jayasundara, Sandaru Jayasekara, Hirunima Jayasekara, Jathushan Rajasegaran, Suranga Seneviratne, and Ranga Rodrigo. 2019. TextCaps: Handwritten character recognition with very small datasets. In Proceedings of the 2019 IEEE Winter Conference on Applications of Computer Vision (WACV’19).Google Scholar
- Xiaoguang Jia. 2006. A comparative study on the identification of chinese and english signatures. J. Chin. People’s Publ. Secur. Univ. Sci. Technol. 12, 3 (2006). DOI:10.3969/j.issn.1007-1784.2006.03.004Google Scholar
- Taekyoung Kwon and Sarang Na. 2014. TinyLock: Affordable defense against smudge attacks on smartphone pattern lock systems. Comput. Secur. 42, 4 (2014), 137--150.Google Scholar
Cross Ref
- Taekyoung Kwon, Sooyeon Shin, and Sarang Na. 2017. Covert attentional shoulder surfing: Human adversaries are more powerful than expected. IEEE Trans. Syst. Man Cybernet. Syst. 44, 6 (2017), 716--727.Google Scholar
- Cheng Lin Liu, Fei Yin, Da Han Wang, and Qiu Feng Wang. 2011. CASIA online and offline chinese handwriting databases. In 2011 International Conference on Document Analysis and Recognition, Vol. 1. 37--41. DOI:10.1109/ICDAR.2011.17Google Scholar
Digital Library
- Johnny Long. 2011. No Tech Hacking: A Guide to Social Engineering, Dumpster Diving, and Shoulder Surfing. Syngress.Google Scholar
- U. V. Marti and H. Bunke. 2002. The IAM-database: An english sentence database for offline handwriting recognition. Int. J. Doc. Anal. Recogn. 5, 1 (2002), 39--46.Google Scholar
Cross Ref
- Kenrick Mock, Bogdan Hoanca, Justin Weaver, and Mikal Milton. 2012. Real-time continuous iris recognition for authentication using an eye tracker. In Proceedings of the ACM Conference on Computer 8 Communications Security.Google Scholar
- Hyeonjoon Moon. 2004. Biometrics person authentication using projection-based face recognition system in verification scenario. In Proceedings of the 1st International Conference on Biometric Authentication (ICBA’04).Google Scholar
- Gang Pan, Zhaohui Wu, and Lin Sun. 2008. Liveness detection for face recognition. In Recent Advances in Face Recognition. IntechOpen.Google Scholar
- P. J. Phillips, K. W. Bowyer, and P. J. Flynn. 2007. Comments on the CASIA version 1.0 iris data set. IEEE Trans. Pattern Anal. Mach. Intell. 29, 10 (2007), 1869.Google Scholar
Digital Library
- Alain Rakotomamonjy. 2003. Variable selection using svm based criteria. J. Mach. Learn. Res. 3, 7--8 (2003), 1357--1370.Google Scholar
- Runye. 2018. Fingerprint Unlock Can Also Be Broken. Retrieved from http://baijiahao.baidu.com/s?id=16017807066433201158wfr=spider8for=pc.Google Scholar
- Stefan Schneegass, Frank Steimle, Andreas Bulling, Florian Alt, and Albrecht Schmidt. 2014. Smudgesafe: Geometric image transformations for smudge-resistant user authentication. In Proceedings of the 2014 ACM International Joint Conference on Pervasive and Ubiquitous Computing. ACM, 775--786.Google Scholar
Digital Library
- Sandeep K. Sood, Anil K. Sarje, and Kuldip Singh. 2009. Cryptanalysis of password authentication schemes: Current status and key issues. In Proceedings of the 2009 Proceeding of International Conference on Methods and Models in Computer Science (ICM2CS’09). IEEE, 1--7.Google Scholar
- Sandeep K. Sood, Anil K. Sarje, and Kuldip Singh. 2010. Cryptanalysis of password authentication schemes: Current status and key issues. In Proceeding of the International Conference on Methods 8 Models in Computer Science.Google Scholar
- JC Torres. 2019. Android Q Gets “3D Touch” Pressure-Sensitivity Support. Retrieved from https://www.slashgear.com/android-q-gets-3d-touch-pressure-sensitivity-support-08572355/.Google Scholar
- Liam Tung. 2017. IoT Devices Will Outnumber the World’s Population This Year for the First Time. Retrieved from https://www.zdnet.com/article/iot-devices-will-outnumber-the-worlds-population-this-year-for-the-first-time/.Google Scholar
- Ding Wang and Ping Wang. 2015. Offline dictionary attack on password authentication schemes using smart cards. In Information Security. Springer, 221--237.Google Scholar
- Rick Wash, Emilee Rader, Ruthie Berman, and Zac Wellmer. 2016. Understanding password choices: How frequently entered passwords are re-used across websites. In Proceedings of the 12th Symposium on Usable Privacy and Security (SOUPS’16). 175--188.Google Scholar
- G. O. Williams. 2002. Iris recognition technology. IEEE Aerosp. Electr. Syst. Mag. 12, 4 (2002), 23--29.Google Scholar
- Ying Xin. 2018. Research and implementation of handwriting recognition system based on kNN. Electronic Design Engineering 26, 7 (2018), 27--30. DOI:10.14022/j.cnki.dzsjgc.2018.07.007Google Scholar
- Y. Song, Z. Cai, and Z. Zhang. 2017. Multi-touch authentication using hand geometry and behavioral information. In 2017 IEEE Symposium on Security and Privacy (SP'17), San Jose, CA, 2017. 357--372. DOI:10.1109/SP.2017.54Google Scholar
Index Terms
HandiText: Handwriting Recognition Based on Dynamic Characteristics with Incremental LSTM
Recommendations
Cyberentity Security in the Internet of Things
A proposed Internet of Things system architecture offers a solution to the broad array of challenges researchers face in terms of general system security, network security, and application security.
SecIoT: a security framework for the Internet of Things
The 5th generation wireless system 5G will support Internet of Things IoT by increasing the interconnectivity of electronic devices to support a variety of new and promising networked applications such as the home of the future, environmental monitoring ...
Authentication and Access Control in the Internet of Things
ICDCSW '12: Proceedings of the 2012 32nd International Conference on Distributed Computing Systems WorkshopsDue to the inherent vulnerabilities of the Internet, security and privacy issues should be considered and addressed before the Internet of Things is widely deployed. This paper mainly analyzes existing authentication and access control methods, and then,...






Comments