Velody: Nonlinear Vibration Challenge-Response for Resilient User Authentication

Biometrics have been widely adopted for enhancing user authentication, beneting usability by exploiting pervasive and collectible unique characteristics from physiological or behavioral traits of human. However, successful attacks on "static" biometrics such as ngerprints have been reported where an adversary acquires users' biometrics stealthily and compromises non-resilient biometrics. To mitigate the vulnerabilities of static biometrics, we leverage the unique and nonlinear hand-surface vibration response and design a system called V to defend against various attacks including replay and synthesis. The V system relies on two major properties in hand-surface vibration responses: uniqueness, contributed by physiological characteristics of human hands, and nonlinearity, whose complexity prevents attackers from predicting the response to an unseen challenge. V employs a challengeresponse protocol. By changing the vibration challenge, the system elicits input-dependent nonlinear "symptoms" and unique spectrotemporal features in the vibration response, stopping both replay and synthesis attacks. Also, a large number of disposable challengeresponse pairs can be collected during enrollment passively for daily authentication sessions. We build a prototype of V with an o-the-shelf vibration speaker and accelerometers to verify its usability and security through a comprehensive user experiment. Our results show that V demonstrates both strong security and long-term consistency with a low equal error rate (EER) of 5.8% against impersonation attack while correctly rejecting all other attacks including replay and synthesis attacks using a very short vibration challenge. CCS CONCEPTS • Security and privacy → Authentication.