- Design a suite of novel local user authentication systems for mobile devices (e. g. new face-based authentication systems with liveliness detection)
- Create unified biometric and crypto-based mutual authentication systems over open networks
Existing Solutions and their Limitations
- Existing solutions such as password-based authentication and face-based authentication are vulnerable to many pressing attacks
- The most popular password-over-SSL/TLS system suffers from a very large attack surface
- Usability issues: e. g., it is difficult to manage multiple passwords and to use conventional authentication for emerging portable devices
Outcomes / Deliverables
- MID-TERM: 1) prototype for biometric-over-SSL remote authentication which does not disclose users’ biometric data to servers; 2) new face-based authentication systems with liveliness detection
- FINAL: 1) unified biometric-based mutual authentication system which completely avoids the inherent pitfalls of SSL/TLS; 2) novel authentication methods for emerging mobile devices
Practical Applications and Impact
- Much improved authentication services in security critical systems/applications'
Significant Research Achievements
- We have developed the prototype of FaceLive, a face authentication system with liveness detection, on Android smart phones. In addition, we have designed and tested three password entry schemes for smart glasses, including (i) gTapper, where passwords are entered by tap and swipe on touch pad, (ii) gRotator, where password are entered by rotating heads, and (iii) gTalker, where passwords are entered by speaking out passwords.