Unobtrusive biometric authentication solutions
A group of researchers from the University of Buffalo, New York (Chen Song et al.) published a very interesting paper entitled “Cardiac Scan: A Non-Contact and Continuous Heart-Based User Authentication System”. It is about an authentication device that can detect a subject’s heart motion, and use this information to compare to a template stored for that subject to decide whether to grant authentication to a system. This article is a brief exploration on some of the main challenges and implication of biometrics in authentication, using the work these authors did in this innovative technology as a roadmap.
We intended to include a link to the aforementioned paper, but the authors decided to withhold it from publication until the final version is available, after the official presentation in MobiCom 2017, as indicated here.
Authorization in computer systems
The problem of resource authorization in computer systems is, until this day, an ongoing process. No method ever created is 100% effective in its purpose, and they frequently involve solutions that favor one element of the design, but are suboptimal in others. This is especially true in systems where authentication is not just required at a particular moment, or for a particular transaction, but throughout the interaction of the user and the system.
Generally speaking, an authentication mechanism should have, at least, the following characteristics:
- Intrinsic liveness
The authentication method should reassert itself again and again over time, to certify that the real user is still connected, and discern between a valid authentication and a malicious attempt to hijack the system using a previously valid identity (or “replay attack”).
- Unobtrusive authentication
The authentication method must be minimally invasive, requiring little or no concerted action from the user, and certainly no periodic or frequent action.
- Highly secure
The authentication method is highly secure if it is difficult or impossible to forge, pilfer, duplicate, or circumvent.
- Cost-effective and easy to use
The authentication method must involve minimal investment, or at least an investment level that is coherent with the criticality of the information to be protected. It should also be simple and transparent for all users, with zero or minimal probability of error due to lack of end-user training.
- Resilient to usage conditions
Finally, the best authentication method should work under all circumstances, and be unaffected by technological glitches, environmental conditions, user idiosyncrasies, and, to some extent at least, unorthodox or unforeseen conditions of use.
Biometrics as an authentication mechanism
For quite some time now, authentication solutions that are based on biometrics are becoming more popular than more traditional options for a lot of applications. Based on the five characteristics listed above, it is easy to see that a solution based on unique biometric measurements of some kind (fingerprint recognition, facial recognition, iris analysis, etc) performs better than “classic” alternatives (user/password credentials, magnetic badges, access codes, etc), especially in their security level, since they are more difficult to steal, hack, copy, or spoof. However, they don’t always move the chains when it comes to characteristics such as unobtrusiveness, and while some solutions may be geared towards a more robust liveliness (but not most of them), the results are still insufficient.
Following this line of thinking, one might consider that the two most important elements of this puzzle are security and liveliness. And the crux of the research is trying to answer the following question: How do you device an authentication system that is highly secure and implements intrinsic liveliness? And as an added bonus, how do you ensure the rest of the criteria are met? How do you make it unobtrusive, of reasonable cost and easy to use? How do you make sure usage conditions don’t factor into its effectiveness?
The creators of Cardian Scan believe they have an answer that covers each of those concerns better than most other solutions proposed. We will use their ideas as a reference to analyze this type of method.
The case of Cardiac Scan
Cardian Scan is a biometric system that uses non-volitional, individual-specific heart motion, as represented by different points of analysis (“fiducial descriptors”). The proponents of this method use a DC-coupled continuous-wave Doppler radar sensor to obtain high resolution cardiac motion information from a distance.
The cardiac cycle includes several different stages in which ventricles and atria are expanding or collapsing, depending on the part of the cycle. This allows the researchers to define a set of specific events that have a clear meaning and are discernible, and to map these points closely with the Doppler radar sensor. By doing this they can take two broad types of measurement:
- The normalized time it takes the heart to transition from one point to another (not to be confused with heart rate).
- The displacement difference in ventricles and atria in between two given events.
The resulting combination of values is, as far as is known, unique for each person, in the same way a fingerprint is unique.
According to the authors of this study, a very high level of accuracy (balanced accuracy upwards of 98.5%) can be obtained with a measurement of only 4 cardiac cycles. Under this scenario, they ran tests using a refreshing interval (i.e., the time between each authentication event; not to be confused with the time it takes to collect the information for analysis) of 5 seconds, and a false negative tolerance threshold of 2, which means that the system can falsely identify a valid user as an attacker in one particular measurement, but the chance of happening twice in a row is essentially zero, so if it does, the session will be terminated.
There are two important implications in this. First, since heart motion is non-volitional (i.e., unintentional) and not under the subject’s control, it cannot be duplicated by a human being. This doesn’t mean that the authentication method cannot be compromised, as it is susceptible to an attack using technology (a wave generator and a sound card, for instance), but these kinds of attack can be fended off by leveraging additional information from the subject, such as the presence of involuntary movements, rhythmic breathing, etc.
The authors describe some other issues they tackled, such as cancelling background noise and random motion to create a robust identification. They solved this problem by using two Doppler radars on each side of the subject, so that, in case he is moving, the Doppler-shift on one sensor would exactly cancel the measurements on the other. They also examined the distance-dependency of the system, which has some limitations. An interesting point they discuss is how the presence of multiple subjects within the authentication field produced no irregularities in the results, because the authentic user’s signal can be separated from any other person’s without a problem.
There are still some unanswered questions about this technology, such as user coercion, i.e., a situation in which the valid user is present under threat of violence by an attacker who wishes to gain access. There is also no mention about how this technology would respond to people with heart conditions of any kind, as the authors decided to exclude such a possibility in this initial study, for the sake of simplicity.
The future of biometrics
There is no question that biometrics as a means of establishing a user’s identity will continue gaining momentum and growing in the future. The promise of implementing systems that live up to the 5 characteristics described above, especially the ones that are more unlikely to ever be solved by conventional mechanisms, such as intrinsic liveness, points the future in the direction of biometrics.
In the case of something like Cardiac Scan, it is still unclear if it’s going to live up to its promise, or what kind of applications justify the effort. Intrinsic liveness is a feature of the “ideal” authentication device, but it made not be necessary, or even desirable, in some contexts. There is an extra cost to consider as well.
These kinds of technologies need to evolve and grow some more before we can gauge their real impact, but they are full of possibilities. It’s not too difficult to imagine a future that incorporates technologies of this kind, that extract unfalsifiable biometrical information from live subjects in an unobtrusive way and generate perfect or near perfect identity matches, in a manner so convenient and cost-effective that they could be used for almost everything. And with the advent of the Internet of Things and hyperconnectivity, this ubiquitous authentication technology could be embedded into the very fabric of our daily lives, enabling a higher layer of access security related to all the places and things we interact with, and all the services and products we use.