Papers by Diksha Shukla
Brain Signals and the Corresponding Hand Movement Signals Dataset (BS-HMS-Dataset)
BS-HMS-Dataset is a dataset of the users' brainwave signals and the corresponding hand moveme... more BS-HMS-Dataset is a dataset of the users' brainwave signals and the corresponding hand movement signals from a large number of volunteer participants. The dataset has two parts; (1) Neurosky based Dataset (collected over several months in 2016 from 32 volunteer participants), and (2) Emotiv based Dataset (collected from 27 volunteer participants over several months in 2019). Neurosky based Dataset - Neurosky based dataset consists of EEG data recordings from neurosky headset and the corresponding hand movements recordings from SONY smartwatch's motions sensors. The users wore the smartwatch based on their personal preference of left or right hand.Emotiv based Dataset - Emotiv based dataset consists of EEG data recordings from Emotiv Epoc+ headset and the corresponding hand movements from both the hands of the user. The hand movement data was recorded using two SONY smartwatches which users wore in their hands, one in each hand. Both the datasets, Neurosky based Dataset and E...
2017 IEEE International Joint Conference on Biometrics (IJCB), 2017
In this paper, we propose a novel continuous authentication system for smartphone users. The prop... more In this paper, we propose a novel continuous authentication system for smartphone users. The proposed system entirely relies on unlabeled phone movement patterns collected through smartphone accelerometer. The data was collected in a completely unconstrained environment over five to twelve days. The contexts of phone usage were identified using k-means clustering. Multiple profiles, one for each context, were created for every user. Five machine learning algorithms were employed for classification of genuine and impostors. The performance of the system was evaluated over a diverse population of 57 users. The mean equal error rates achieved by Logistic Regression, Neural Network, kNN, SVM, and Random Forest were 13.7%, 13.5%, 12.1%, 10.7%, and 5.6% respectively. A series of statistical tests were conducted to compare the performance of the classifiers. The suitability of the proposed system for different types of users was also investigated using the failure to enroll policy. 1
Body-Taps: Authenticating Your Device Through Few Simple Taps
2018 IEEE 9th International Conference on Biometrics Theory, Applications and Systems (BTAS), 2018
To fulfill the increasing demands on authentication methods on the smart mobile and wearable devi... more To fulfill the increasing demands on authentication methods on the smart mobile and wearable devices with small form factors and constrained screen displays, we introduce a novel authentication mechanism, Body-Taps, which authenticates a device based on the Tap-Code gestures in the form of hand movements captured through the built-in motion sensors. The Body-Taps require a user to set a TapCode as an unlock code for the device by tapping the device on the set anchor points on his or her own body. The target device is authenticated based on two criterion: (1) the user’s knowledge of the set Tap-Code, and (2) the BodyTap gestures measured through the smart device’s built-in motion sensors (accelerometer and gyroscope). Our experiments show that the proposed Body-Taps system can achieve an average authentication accuracy over 99.5% on a dataset comprising of 230 Body-Tap samples from 23 subjects, using Random Forest (RF), Neural Network (NNet), and Linear Discriminant Analysis (LDA) classifiers. Our work yields a light-weight, low-cost, and easy-to-use secure authentication system that requires minimal efforts and offers satisfactory usability.
Concealable Biometric-based Continuous User Authentication System An EEG Induced Deep Learning Model
2021 IEEE International Joint Conference on Biometrics (IJCB), 2021
This paper introduces a lightweight, low-cost, easy-to-use, and unobtrusive continuous user authe... more This paper introduces a lightweight, low-cost, easy-to-use, and unobtrusive continuous user authentication system based on concealable biometric signals. The proposed authentication model continuously verifies a user’s identity throughout the user session while s/he watches a video or performs free-text typing on his/her desktop/laptop keyboard. The authentication model utilizes unobtrusively recorded electroencephalogram (EEG) signals and learns the user’s unique biometric signature based on his/her brain activity.Our work has multifold impact in the area of EEG-based authentication: (1) a comprehensive study and a comparative analysis of a wide range of extracted features are presented. These features are categorized based on the EEG electrodes placement position on the user’s head, (2) an optimal feature subset is constructed using a minimal number of EEG electrodes, (3) a deep neural network-based user authentication model is presented that utilizes the constructed optimal feature subset, and (4) a detailed experimental analysis on a publicly available EEG dataset of 26 volunteer participants is presented.Our experimental results show that the proposed authentication model could achieve an average Equal Error Rate (EER) of 0.137%. Although a thorough analysis on a larger pool of subjects must be performed, our results show the viability of low-cost, lightweight EEG-based continuous user authentication systems.
Digital Threats: Research and Practice, 2020
Very few studies have explored linkages between physiological, such as electroencephalograph (EEG... more Very few studies have explored linkages between physiological, such as electroencephalograph (EEG), and behavioral patterns, such as wrist movements. These linkages provide us a unique mechanism to predict one set of patterns from other related patterns. Unlike conventional biometrics, EEG biometrics are hard to spoof using standard presentation attack methods, given the intrinsic liveness resulting from the bounded randomness of EEG signals specific to an individual. In this article, we propose a novel attack on the EEG-based authentication systems by investigating and leveraging the strong correlation between hand movements and brain signals captured through the motion sensors on a smartwatch and the wearable EEG headset, respectively. Based on this technique, we can successfully estimate the user’s EEG signals from the stolen hand movement data while the user was typing on the keyboard. Our attack results on the EEG biometric authentication system show an increase in the mean equ...
A Temporal Memory-based Continuous Authentication System
2021 IEEE International Joint Conference on Biometrics (IJCB), 2021
With the emerging use of technology, verifying a user’s identity continuously throughout a device... more With the emerging use of technology, verifying a user’s identity continuously throughout a device’s usage has become increasingly important. This paper proposes an authentication system that unobtrusively verifies a user’s identity continuously, based on his/her hand movement patterns captured using accelerometer, while a user performs free-text typing. Our model validates a user’s identity with a verification decision in every ≈ 20ms interval. The authentication model utilizes a short temporal memory of size M of a user’s hand movement patterns. Experiments on different values of M suggests that the model shows an improved and consistent performance by increasing the size of the temporal memory of a user’s hand movement patterns to M ≈ 300ms.The authentication system requires only a user’s hand movement signals in order to authenticate a user on a device. Experiments on the hand movement patterns of 27 volunteer participants, captured using motion sensors of a Sony Smartwatch while they performed free-text typing on a desktop/laptop device, show that our model could achieve an average authentication accuracy of 99.8% with an average False Accept Rate (FAR) of 0.0003 and an average False Reject Rate (FRR) of 0.0034.
Looking Through Your Smartphone Screen to Steal Your Pin Using a 3D Camera
Advances in Intelligent Systems and Computing, 2018
Recent research shows that video recordings of the user’s hand movement and his or her smartphone... more Recent research shows that video recordings of the user’s hand movement and his or her smartphone screen display can be used to steal sensitive information such as pins and passwords. The methods presented in the past assume the victim to be present in a well illuminated place. In this paper, we present a novel attack on the smartphone users’ pins that does not require a highly illuminated room and works even in the complete darkness. We use a DS325 Soft Kinect camera to record the users’ interaction with their smartphones while they type their pins. Using the 900 short RGBD video recording of the pin entry process from 30 different users, we show our attack was able to break 43% of the pins in the first attempt and 61% of the pins in the first 10 attempts. With the advancements in the quality and accessibility of the depth-sensing cameras day by day, we believe our work exposes a major security risk in the present and future and calls the community to take a closer look at the secu...
2021 IEEE European Symposium on Security and Privacy (EuroS&P), 2021
Physical Data Auditing for Attack Detection in Cyber-Manufacturing Systems: Blockchain for Machine Learning Process
Volume 2B: Advanced Manufacturing, 2019
Auditing physical data using machine learning can enhance the security in Cyber-Manufacturing Sys... more Auditing physical data using machine learning can enhance the security in Cyber-Manufacturing System (CMS). However, the physical data processing itself is prone to cyber-attacks. Connections based on the internet in CMS opens the route for adversaries to compromise the attack detection system itself. To prevent data from malicious data injection in CMS, this paper proposes an enhanced Simple Convolutional Neural Network (SCNN) based attack detection system employing a blockchain. There are three contributions of this paper: (i) introducing a secure attack detection system using blockchain, (ii) optimizing the cost and time for CMS by training on the simulated images, and (iii) presenting a real-time attack detection system for CMS by simplifying the convolutional neural network. The paper demonstrates the effectiveness of the blockchain implementation by presenting the comparative performance analysis of the proposed attack detection system with and without blockchain implementatio...
IEEE Transactions on Information Forensics and Security, 2019
Use of mobile phones in public places opens up the possibilities of remote side channel attacks o... more Use of mobile phones in public places opens up the possibilities of remote side channel attacks on these devices. We present a video-based side channel attack to decipher passwords on mobile devices. Our method uses short video clips ranging from 5 to 10 seconds each, which can be taken unobtrusively from a distance and does not require the keyboard or the screen of the phone to be visible. By relating the spatiotemporal movements of the user's hand during typing and an anchor point on any visible part of the phone, we predict the typed password with high accuracy. Results on a dataset of 375 short videos of password entry process on Samsung Galaxy S4 phone show an exponential reduction in the search space compared to a random guess. For each key-press corresponding to a character in the passwords, our method was able to reduce the search space to an average of 2-3 keys compared to ∼30 keys if one has to guess the key randomly. Thus this paper reaffirms threats to smartphone users' conventional login in public places and highlights the threats in scenarios such as hiding the screen that otherwise gives the impression of being safe to the users.
ACM Transactions on Information and System Security, 2016
Despite the tremendous amount of research fronting the use of touch gestures as a mechanism of co... more Despite the tremendous amount of research fronting the use of touch gestures as a mechanism of continuous authentication on smart phones, very little research has been conducted to evaluate how these systems could behave if attacked by sophisticated adversaries. In this article, we present two Lego-driven robotic attacks on touch-based authentication: a population statistics--driven attack and a user-tailored attack. The population statistics--driven attack is based on patterns gleaned from a large population of users, whereas the user-tailored attack is launched based on samples stolen from the victim. Both attacks are launched by a Lego robot that is trained on how to swipe on the touch screen. Using seven verification algorithms and a large dataset of users, we show that the attacks cause the system’s mean false acceptance rate (FAR) to increase by up to fivefold relative to the mean FAR seen under the standard zero-effort impostor attack. The article demonstrates the threat that...
Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, 2014
Research on attacks which exploit video-based side-channels to decode text typed on a smartphone ... more Research on attacks which exploit video-based side-channels to decode text typed on a smartphone has traditionally assumed that the adversary is able to leverage some information from the screen display (say, a reflection of the screen or a low resolution video of the content typed on the screen). This paper introduces a new breed of side-channel attack on the PIN entry process on a smartphone which entirely relies on the spatio-temporal dynamics of the hands during typing to decode the typed text. Implemented on a dataset of 200 videos of the PIN entry process on an HTC One phone, we show, that the attack breaks an average of over 50% of the PINs on the first attempt and an average of over 85% of the PINs in ten attempts. Because the attack can be conducted in such a way not to raise suspicion (i.e., since the adversary does not have to direct the camera at the screen), we believe that it is very likely to be adopted by adversaries who seek to stealthily steal sensitive private information. As users conduct more and more of their computing transactions on mobile devices in the open, the paper calls for the community to take a closer look at the risks posed by the now ubiquitous camera-enabled devices.
We unlock our smart devices such as smartphone several times every day using a pin, password, or ... more We unlock our smart devices such as smartphone several times every day using a pin, password, or graphical pattern if the device is secured by one. The scope and usage of smart devices’ are expanding day by day in our everyday life and hence the need to make them more secure. In the near future, we may need to authenticate ourselves on emerging smart devices such as electronic doors, exercise equipment, power tools, medical devices, and smart TV remote control. While recent research focuses on developing new behavior-based methods to authenticate these smart devices, pin and password still remain primary methods to authenticate a user on a device. Although the recent research exposes the observation-based vulnerabilities, the popular belief is that the direct observation attacks can be thwarted by simple methods that obscure the attacker’s view of the input console (or screen). In this dissertation, we study the users’ hand movement pattern while they type on their smart devices. Th...
The issue of localization has been addressed in many research areas such as vehicle navigation sy... more The issue of localization has been addressed in many research areas such as vehicle navigation systems, virtual reality systems, user localization in wireless sensor networks (WSNs). In this paper, we have proposed an efficient range-free localization algorithm: Geometrical Localization Algorithm (GLA) for large scale three dimensional WSNs. GLA uses moving anchors to localize static sensors. GLA consists of beacon message selection, circular cross section selection. Three beacon messages are used to compute the center of circular cross section using vector method and perpendicular bisector method. The static sensors are localized with help of the center of circular cross section and geometrical rules for sphere. GLA is simulated in SINALGO software and results have been compared with existing methods namely chord selection and point localization. GLA outperforms both the compared methods in terms of average localization time and beacon overhead.
Research on attacks which exploit video-based side-channels to decode text typed on a smartphone ... more Research on attacks which exploit video-based side-channels to decode text typed on a smartphone has traditionally assumed that the adversary is able to leverage some information from the screen display (say, a reflection of the screen or a low resolution video of the content typed on the screen).This paper introduces a new breed of side-channel attack on the PIN entry process on a smartphone which entirely relies on the spatio-temporal dynamics of the hands during typing to decode the typed text. Implemented on a data-set of 200 videos of the PIN entry process on an HTC One phone, we show, that the attack breaks an average of over 50% of the PINs on the first attempt and an average of over 85% of the PINs in ten attempts. Because the attack can be conducted in such a way not to raise suspicion (i.e., since the adversary does not have to direct the camera at the screen), we believe that it is very likely to be adopted by adversaries who seek to stealthily steal sensitive private information. As users conduct more and more of their computing transactions on mobile devices in the open, the paper calls for tech community to take a closer look at the risks posed by the now ubiquitous camera-enabled devices.
Final version of this paper is accepted for publicaion at ACM Computer and Communication Security (CCS 2014), August 2014.
Research Articles by Diksha Shukla
In this paper, we propose a novel continuous authentication system for smartphone users. The prop... more In this paper, we propose a novel continuous authentication system for smartphone users. The proposed system entirely relies on unlabeled phone movement patterns collected through smartphone accelerometer. The data was collected in a completely unconstrained environment over five to twelve days. The contexts of phone usage were identified using k-means clustering. Multiple profiles, one for each context, were created for every user. Five machine learning algorithms were employed for classification of genuine and impostors. The performance of the system was evaluated over a diverse population of 57 users. The mean equal error rates achieved by Logistic Regression, Neural Network, kNN, SVM, and Random Forest were 13.7%, 13.5%, 12.1%, 10.7%, and 5.6% respectively. A series of statistical tests were conducted to compare the performance of the classifiers. The suitability of the proposed system for different types of users was also investigated using the failure to enroll policy.
Despite the tremendous amount of research fronting the use of touch gestures as a mechanism of co... more Despite the tremendous amount of research fronting the use of touch gestures as a mechanism of continuous authentication on smart phones, very little research has been conducted to evaluate how these systems could behave if attacked by sophisticated adversaries. In this article, we present two Lego-driven robotic attacks on touch-based authentication: a population statistics--driven attack and a user-tailored attack. The population statistics--driven attack is based on patterns gleaned from a large population of users, whereas the user-tailored attack is launched based on samples stolen from the victim. Both attacks are launched by a Lego robot that is trained on how to swipe on the touch screen. Using seven verification algorithms and a large dataset of users, we show that the attacks cause the system’s mean false acceptance rate (FAR) to increase by up to fivefold relative to the mean FAR seen under the standard zero-effort impostor attack. The article demonstrates the threat that robots pose to touch-based authentication and provides compelling evidence as to why the zero-effort attack should cease to be used as the benchmark for touch-based authentication systems.
Uploads
Papers by Diksha Shukla
Final version of this paper is accepted for publicaion at ACM Computer and Communication Security (CCS 2014), August 2014.
Research Articles by Diksha Shukla