BodyLogin (old copy)

Alphanumeric passwords have been in use since the dawn of computers. We need to remember more and more of them, and they are becoming more and more complex. Furthermore, to make them truly secure, we need to change them quite often. Although biometrics based on fingerprints, iris scans, or facial features offer a tempting alternative, they are not renewable: once compromised they are inconvenient if not difficult to replace (one could use a finger cap with a new fingerprint, however putting one on for each authentication would be very inconvenient).

In our ongoing research we are exploring a promising alternative that combines the convenience of biometrics together with the security and renewability of alphanumeric passwords. The key idea is to use gestures as passwords for authentication: a user performs his/her favorite “move” to unlock (see the video below).

In our work thus far, we have captured gestures with a Kinect camera and used both silhouettes derived from the depth field and skeletons provided by the Microsoft Kinect SDK for developing gesture-based user-authentication algorithms. A gesture consists of three elements: body build, initial-posture, and dynamics. While the first two provide biometric information (characteristics of user’s body shape), and thus are non-renewable, the dynamics is renewable as it is under the user’s control. Similar to a signature, a compromised gesture can be easily changed.

The results that we have obtained to-date are quite promising. In some scenarios, we have obtained an equal error rate (EER) of less than 1%: at most 1 out of 100 authorized users is rejected, while no more than 1 out of 100 imposters is admitted. This performance deteriorates if users rarely perform the gesture (impact of memory) or change appearance (heavy coats, backpacks, etc.). Surprisingly, however, it seems that untrained imposters cannot easily replicate a user’s gesture, even if presented with examples.

Our research continues, but for our most up-to-date results, please see the projects below.

    • Silhouettes versus skeletons in gesture-based authentication
    • The value of multiple viewpoints in gesture-based user authentication
    • BodyLogin Datasets: