New VibWrite System Uses Finger Vibrations To Authenticate Users (bleepingcomputer.com)

← Back to Stories (view on slashdot.org)

New VibWrite System Uses Finger Vibrations To Authenticate Users (bleepingcomputer.com)

Posted by BeauHD on Tuesday October 31, 2017 @08:40AM from the smooth-vibrations dept.

An anonymous reader quotes a report from Bleeping Computer: Rutgers engineers have created a new authentication system called VibWrite. The system relies on placing an inexpensive vibration motor and receiver on a solid surface, such as wood, metal, plastic, glass, etc.. The motor sends vibrations to the receiver. When the user touches the surface with one of his fingers, the vibration waves are modified to create a unique signature per user and per finger. Rutgers researchers say that VibWrite is more secure when users are asked to draw a pattern or enter a code on a PIN pad drawn on the solid surface. This also generates a unique fingerprint, but far more complex than just touching the surface with one finger. During two tests, VibWrite verified users with a 95% accuracy and a 3% false positive rate. The only problem researchers encountered in the live trials was that some users had to draw the pattern or enter the PIN number several times before they passed the VibWrite authentication test. Besides improvements to the accuracy with which VibWrite can detect finger vibrations, researchers also plan to look into how VibWrite will behave in outdoor environments to account for varying temperatures, humidity, winds, wetness, dust, dirt, and other conditions. This new novel user authentication system is described in full in a research paper entitled "VibWrite: Towards Finger-input Authentication on Ubiquitous Surfaces via Physical Vibration."

44 comments

Min score:

Reason:

Sort:

Ahahahahahaha by Anonymous Coward · 2017-10-31 08:44 · Score: 1

Mine changes with every cup of coffee!
Good luck with this!
1. Re:Ahahahahahaha by Anonymous Coward · 2017-10-31 08:50 · Score: 1
  
  What problem is this supposed to solve?
2. Re:Ahahahahahaha by sexconker · 2017-10-31 08:54 · Score: 2
  
  "Tolerant" is the last word I'd use to describe the current crop of youths.
3. Re:Ahahahahahaha by Anonymous Coward · 2017-10-31 09:00 · Score: 0
  
  You mean the bleak sea of tired Marxist retreads?
4. Re:Ahahahahahaha by Shogun37 · 2017-10-31 09:04 · Score: 1
  
  The "You are not spending enough money on pointless solution problem." That way, our corporate overlords can sell us a "security solution" at the front door, and any one with enough money can rent the bypass out the back. Mo Money, Mo Money!
5. Re: Ahahahahahaha by Anonymous Coward · 2017-10-31 17:23 · Score: 0
  
  That's for sure, they threaten violence when i did was ask for pineapple on my pizza...
6. Re:Ahahahahahaha by mwvdlee · 2017-10-31 20:40 · Score: 1
  
  "Tolerant" has come to mean "Make a slightly negative comment about anybody and I will fucking torture you to death".
  
  --
  Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
7. Re:Ahahahahahaha by Neuronwelder · 2017-11-01 04:40 · Score: 1
  
  umm.. more ways to use vibrators??
8. Re: Ahahahahahaha by sexconker · 2017-11-01 06:47 · Score: 1
  
  That's for sure, they threaten violence when i did was ask for pineapple on my pizza...
  You're disgusting.
Vibrator Login by Zorro · 2017-10-31 08:45 · Score: 2

I hear it has a good buzz from the users.
Why are they so stupid? by 140Mandak262Jamuna · 2017-10-31 08:50 · Score: 3, Insightful

The problem is not finding something unique about someone. That is not the only purpose of authentication. The purpose is to prevent third parties from faking it.
No matter what it is, fingerprints, voice prints, retinal scans, finger vibrations, deep alpha waves of the brain, characteristic whorls in your scalp, the unique biota of bacteria living in your colon... it does not matter what it is. It gets digitized and gets transmitted. If the digitized data is compromised, then there is no way for the user to change these things. They make particularly bad authentication tokens. Governments and spy agencies would love such unalterable tags on people. But it does not solve the problem of authentication.
What we need is a true two factor authentication. Something I have physically. Something I can change if it is compromised. I use an RSA id key fob I have to login to Schwab. If they discover a flaw, and the randmoizer seed was hard wired, something leaked, some employee was bribed to sell some key info about it to random criminals... We can change the key fob. How am I going to change my fingerprint or voice print or thumb vibrations, if that authentication mechanism was compromised?

--
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
1. Re:Why are they so stupid? by sheramil · 2017-10-31 08:56 · Score: 1
  
  The problem is not finding something unique about someone. That is not the only purpose of authentication. The purpose is to prevent third parties from faking it.
  I just wish they'd stop basing these systems on body parts that can easily be removed. It's like they're encouraging people with bolt cutters.
2. Re:Why are they so stupid? by Anonymous Coward · 2017-10-31 09:23 · Score: 0
  
  Aside from movies, has anyone actually happened anywhere?
3. Re:Why are they so stupid? by Calydor · 2017-10-31 09:51 · Score: 1
  
  At least the summary sounds like your finger is supposed to stay attached to you in order to work. That's better than MANY of the early versions!
  
  --
  -=This sig has nothing to do with my comment. Move along now=-
4. Re:Why are they so stupid? by Anonymous Coward · 2017-10-31 16:45 · Score: 0
  
  Aside from movies, has anyone actually happened anywhere?
  Do you mean "Has anyone really been far even as decided to use even go want to do look more like?" Because that's what it sounded like.
5. Re:Why are they so stupid? by mwvdlee · 2017-10-31 20:42 · Score: 1
  
  You'd like it to be based on body parts which are harder to remove?
  
  --
  Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
6. Re:Why are they so stupid? by Anonymous Coward · 2017-10-31 23:05 · Score: 0
  
  No, and mostly because nobody with real power trust even a really good fingerprint scanner. Fake prints or bolt cutters are simply too easy. Try getting into a well guarded military installation. If they don't know you, they will check your papers. Possibly call someone. There may be passwords.
  Papers can be faked - but no reason for fingerprints/iris scan/facial recognition sw - because all those can be faked too and usually easier. So they make a call instead, checking if your'e supposed to be there. Or the ID paper has a printed hash based on some secret very few people would know.
7. Re:Why are they so stupid? by Anonymous Coward · 2017-11-01 02:59 · Score: 0
  
  What about behavioral analytics? Identify someone by a demonstrated behavior - if compromised, change the behavior to be demonstrated?
Old tech by Anonymous Coward · 2017-10-31 08:51 · Score: 0

I already authenticate with my wife with my finger vibrations
1. Re:Old tech by Anonymous Coward · 2017-10-31 09:08 · Score: 0
  
  Me too, but I'm a little concerned because I was getting some false negatives last month; she might be having a second affair!
RUTGERS ENGINEERS GET NAMING RIGHTS REVOKED by Anonymous Coward · 2017-10-31 08:51 · Score: 0
what about reader to reader differences by Joe_Dragon · 2017-10-31 08:56 · Score: 1

what about reader to reader differences?
some installs may not be down the same MM spacing.
how often does it need calibration?
1. Re:what about reader to reader differences by Aighearach · 2017-10-31 09:09 · Score: 1
  
  While this device seems like a horrible idea, for your concerns I would say it is probably very similar to fingerprint scanning.
Or, in fewer words by Anonymous Coward · 2017-10-31 08:59 · Score: 0

Biometrics are good for identification, they are not so good for authentication
too many false positives and negatives by Anonymous Coward · 2017-10-31 09:00 · Score: 0

Hmm, "3% false positive rate" and "some users had to draw the pattern or enter the PIN number several times". Somehow I don't see this catching on anytime soon. People will abandon it quickly if it doesn't give them easy access to their stuff. On the other hand, if they stick with it, 3% of the time it will let some (presumably) totally random person in.
1. Re:too many false positives and negatives by mwvdlee · 2017-10-31 20:43 · Score: 1
  
  "some users had to draw the pattern or enter the PIN number several times"
  Which won't cause security guards to become suspicious of you at all.
  
  --
  Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
my voice is my passport verify me by Joe_Dragon · 2017-10-31 09:01 · Score: 1

my voice is my passport verify me
And when you cut your finger... by sconeu · 2017-10-31 09:03 · Score: 2

You cut your finger, put on a band-aid, and you are locked out of your account.

--
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
1. Re:And when you cut your finger... by ichthus · 2017-10-31 09:08 · Score: 1
  
  .. Or gain weight, lose weight, ...
  
  --
  sig: sauer
2. Re:And when you cut your finger... by Calydor · 2017-10-31 09:52 · Score: 1
  
  Or get the flu with accompanying shakes. Bye-bye access to your movie library while you're in bed!
  
  --
  -=This sig has nothing to do with my comment. Move along now=-
3. Re:And when you cut your finger... by Anonymous Coward · 2017-10-31 14:44 · Score: 0
  
  Give them your 11th.
Michael J Fox by Anonymous Coward · 2017-10-31 09:06 · Score: 0

We've been expecting you.
1. Re:Michael J Fox by Anonymous Coward · 2017-10-31 09:50 · Score: 0
  
  This is SOOO bad.
  I laughed my ass off! Am I going to hell now?
2. Re:Michael J Fox by fredrated · 2017-10-31 09:56 · Score: 1
  
  This is hell.
3% false positive rate?! by ConceptJunkie · 2017-10-31 10:07 · Score: 1

A 3% false positive rate is supposed to be meaningful? That means that 1 out of 33 people who try to login to something they are not authorized for will get in? How is this meaningful in any way? That number needs to decrease by several orders of magnitude before this wacky kludge of an idea should even be considered.
Do you know how many false positives you get from a password? Exactly the odds of someone typing your password in by random, or by guessing. If you pick a reasonable password, that figure will be astronomically small.
This device sounds to me like it hasn't even passed the proof-of-concept stage yet.

--
You are in a maze of twisty little passages, all alike.
So... by nospam007 · 2017-10-31 10:24 · Score: 1

they want us to give them the finger?
No problem.
You have a cold, I cannot verify you by Anonymous Coward · 2017-10-31 11:03 · Score: 0

You cut your tongue, I don't understand you.
You sucked on an ice cube, and don't match original version
You are breathing hard, voice doesn't match original
95% success rate is pure failure by Anonymous Coward · 2017-10-31 11:06 · Score: 0

If I only have 3 tries to enter 'password' before lock-delay starts, or full-lock happens, then 95% success is pure failure.
Does this work when I'm wearing work or fashion gloves, or when it is cold & trying to unlock something?
1. Re:95% success rate is pure failure by barbariccow · 2017-11-01 07:15 · Score: 1
  
  No, that's .95^3 = 85.7% chance of success, or 14.3% chance of failure (i.e. compromise)
Biometrics encourage state murder by Anonymous Coward · 2017-10-31 12:02 · Score: 0

Every spook agency can help itself to your phone if it can just pry open an eyelid on your corpse to open it.
1. Re: Biometrics encourage state murder by Anonymous Coward · 2017-10-31 14:03 · Score: 0
  
  Teddybear
2. Re:Biometrics encourage state murder by ConceptJunkie · 2017-11-01 02:59 · Score: 1
  
  Every spook agency can help itself to your phone if it can just pry open an eyelid on your corpse to open it.
  Yeah, I have visions of Wesley Snipes with a scalpel.
  
  --
  You are in a maze of twisty little passages, all alike.
Ancient Tech resurrected by Anonymous Coward · 2017-11-01 00:42 · Score: 0

Interesting how ancient 20th century technology keeps getting resurrected as "original ideas".
And I'm sure these folk are taking all the credit for being so "original" and innovative. But since this was not patented (as far as I know) they can probably get away with it. However, this ancient tech was made public ages ago.