Engineers create VibWrite, a finger vibration-based security system

Illustration of a finger touching a solid surface with a sensor to detect vibrations. The VibWrite system can be linked to three types of pass codes for user authentication. Credit: The DAISY Lab

"Good, good, good, good vibrations" goes the catchy Beach Boys song, a big hit in 1966 and beyond.

Now Rutgers engineers have created VibWrite, a smart access system that senses finger vibrations to verify users. The low-cost security system could eventually be used to gain access to homes, apartment buildings, cars, appliances - anything with a .

"Everyone's finger bone structure is unique, and their fingers apply different pressures on surfaces, so sensors that detect subtle physiological and behavioral differences can identify and authenticate a person," said Yingying (Jennifer) Chen, a professor in the Department of Electrical and Computer Engineering at Rutgers University-New Brunswick.

Chen is senior author of a peer-reviewed paper on VibWrite that was published online today at the ACM Conference on Computer and Communications Security, a flagship annual event of the Association for Computing Machinery (ACM). The international conference in Dallas, Texas, convenes information security researchers, practitioners, developers and users who explore cutting-edge research. VibWrite paper co-authors include Jian Liu and Chen Wang, doctoral students who work with Chen, and a researcher at the University of Alabama at Birmingham.

The market for smart security access systems is expected to grow rapidly, reaching nearly $10 billion by 2022, the paper says. Today's smart security access systems mainly rely on traditional techniques that use intercoms, cameras, cards or fingerprints to authenticate users. But these systems require costly equipment, complex hardware installation and diverse maintenance needs.

Experimental setup of VibWrite on a wooden table and door panel. Credit: The DAISY Lab

The goal of VibWrite is to allow user verification when fingers touch any solid , the paper says. VibWrite integrates passcode, behavioral and physiological characteristics. It builds on a touch-sensing technique by using vibration signals. It's different than traditional, password-based approaches, which validate passwords instead of legitimate users, as well as behavioral biometrics-based solutions, which typically involve touch screens, fingerprint readers or other costly hardware and lead to privacy concerns and "smudge attacks" that trace oily residues on surfaces from fingers.

"Smart access systems that use fingerprinting and iris-recognition are very secure, but they're probably more than 10 times as expensive as our VibWrite system, especially when you want to widely deploy them," said Chen, who works in the School of Engineering and is a member of the Wireless Information Network Laboratory (WINLAB) at Rutgers University-New Brunswick.

VibWrite allows users to choose from PINs, lock patterns or gestures to gain secure access, the paper says. The authentication process can be performed on any solid surface beyond touch screens and on any screen size. It is resilient to "side-channel attacks" - when someone places a hidden vibration receiver on the surface or uses a nearby microphone to capture vibration signals. It also resists several other types of attacks, including when an attacker learns passcodes after observing a user multiple times.

A great benefit is that a VibWrite system is low-cost and uses minimal power. It includes an inexpensive vibration motor and receiver, and it can turn any solid surface into an authentication surface. Both hardware installation and maintenance are easy, and "VibWrite probably could be commercialized in a couple of years," Chen said.

During two trials, VibWrite verified legitimate users with more than 95 percent accuracy and the false positive rate was less than 3 percent. But the current VibWrite system needs improvements because users may need a few attempts to pass the system. To improve performance, the Rutgers-led team will deploy multiple sensor pairs, refine the hardware and upgrade authentication algorithms. They also need to further test the system outdoors to account for varying temperatures, humidity, winds, wetness, dust, dirt and other conditions.

Explore further: Real or fake? Creating fingers to protect identities

More information: Jian Liu et al, VibWrite, Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security - CCS '17 (2017). DOI: 10.1145/3133956.3133964

Provided by Rutgers University

90 shares