Newswise — “Good, good, good, good vibrations” goes the catchy Beach Boys song, a big hit in 1966 and beyond.

Now Rutgers engineers have created VibWrite, a smart access system that senses finger vibrations to verify users. The low-cost security system could eventually be used to gain access to homes, apartment buildings, cars, appliances – anything with a solid surface.

“Everyone’s finger bone structure is unique, and their fingers apply different pressures on surfaces, so sensors that detect subtle physiological and behavioral differences can identify and authenticate a person,” said Yingying (Jennifer) Chen, a professor in the Department of Electrical and Computer Engineering at Rutgers UniversityNew Brunswick.

Chen is senior author of a peer-reviewed paper on VibWrite that was published online today at the ACM Conference on Computer and Communications Security, a flagship annual event of the Association for Computing Machinery (ACM). The international conference in Dallas, Texas, convenes information security researchers, practitioners, developers and users who explore cutting-edge research. VibWrite paper co-authors include Jian Liu and Chen Wang, doctoral students who work with Chen, and Nitesh Saxena, an associate professor at the University of Alabama at Birmingham.

The market for smart security access systems is expected to grow rapidly, reaching nearly $10 billion by 2022, the paper says. Today’s smart security access systems mainly rely on traditional techniques that use intercoms, cameras, cards or fingerprints to authenticate users. But these systems require costly equipment, complex hardware installation and diverse maintenance needs.

The goal of VibWrite is to allow user verification when fingers touch any solid surface, the paper says. VibWrite integrates passcode, behavioral and physiological characteristics. It builds on a touch-sensing technique by using vibration signals. It’s different than traditional, password-based approaches, which validate passwords instead of legitimate users, as well as behavioral biometrics-based solutions, which typically involve touch screens, fingerprint readers or other costly hardware and lead to privacy concerns and “smudge attacks” that trace oily residues on surfaces from fingers.

“Smart access systems that use fingerprinting and iris-recognition are very secure, but they’re probably more than 10 times as expensive as our VibWrite system, especially when you want to widely deploy them,” said Chen, who works in the School of Engineering and is a member of the Wireless Information Network Laboratory (WINLAB) at Rutgers UniversityNew Brunswick.

VibWrite allows users to choose from PINs, lock patterns or gestures to gain secure access, the paper says. The authentication process can be performed on any solid surface beyond touch screens and on any screen size. It is resilient to “side-channel attacks” – when someone places a hidden vibration receiver on the surface or uses a nearby microphone to capture vibration signals. It also resists several other types of attacks, including when an attacker learns passcodes after observing a user multiple times.

A great benefit is that a VibWrite system is low-cost and uses minimal power. It includes an inexpensive vibration motor and receiver, and it can turn any solid surface into an authentication surface. Both hardware installation and maintenance are easy, and “VibWrite probably could be commercialized in a couple of years,” Chen said.

During two trials, VibWrite verified legitimate users with more than 95 percent accuracy and the false positive rate was less than 3 percent. But the current VibWrite system needs improvements because users may need a few attempts to pass the system. To improve performance, the Rutgers-led team will deploy multiple sensor pairs, refine the hardware and upgrade authentication algorithms. They also need to further test the system outdoors to account for varying temperatures, humidity, winds, wetness, dust, dirt and other conditions.

Meeting Link: ACM Conference on Computer and Communications Security Other Link: Rutgers Today, Oct-2017