Project 4 : Secure & Usable Authentication Systems in Mobile Computing


  • Design a suite of novel local user authentication systems for mobile devices (e. g. new face-based authentication systems with liveliness detection)
  • Create unified biometric and crypto-based mutual authentication systems over open networks


Existing Solutions and their Limitations

  • Existing solutions such as password-based authentication and face-based authentication are vulnerable to many pressing attacks
  • The most popular password-over-SSL/TLS system suffers from a very large attack surface
  • Usability issues: e. g., it is difficult to manage multiple passwords and to use conventional authentication for emerging portable devices


Outcomes / Deliverables

  • MID-TERM: 1) prototype for biometric-over-SSL remote authentication which does not disclose users’ biometric data to servers; 2) new face-based authentication systems with liveliness detection
  • FINAL: 1) unified biometric-based mutual authentication system which completely avoids the inherent pitfalls of SSL/TLS; 2) novel authentication methods for emerging mobile devices


Practical Applications and Impact

  • Much improved authentication services in security critical systems/applications'


Significant Research Achievements

  • We have developed the prototype of FaceLive, a face authentication system with liveness detection, on Android smart phones. In addition, we have designed and tested three password entry schemes for smart glasses, including (i) gTapper, where passwords are entered by tap and swipe on touch pad, (ii) gRotator, where password are entered by rotating heads, and (iii) gTalker, where passwords are entered by speaking out passwords.



Keep up to date with what's happening at the Singapore Management University

Newsletter checkboxes