Thumprint authenticates and identifies individual members of a small local group through their expression of a single shared secret knock. It allows groups to have reasonably strong authentication that identifies individuals without requiring group members to keep secrets from one another.

1. 1
Thumprint
Socially-Inclusive Local Group Authentication
Through Shared Secret Knocks
Sauvik
Das
Gierad
Laput
Chris
Harrison
Jason
Hong
CMU HCII

2. 2
Socially-inclusive group authentication and member
identification through shared secret knocks.

3. 3
Families
Game consoles
Nest
Work Teams
Kitchenettes
Meeting rooms
Classrooms
Storage
Tablets
Small, local groups who collectively
own and share resources.

4. 4
Divisive authentication requiring
individual secrets is not ideal.
But neither is authentication with
non-identifying shared secrets.
Creates social friction, security only as strong as “weakest link”.
Precludes personalization, parental controls, audit logs.

5. Key Motivation
Create an inclusive group authenticator that
identifies individuals.
5

6. 6
Design Inspiration: Speakeasy secret knocks

7. Thumprint Overview
7
Users enter
secret knocks
on a sensor
surface.
Extract
features that
represent
sensor signals.
Learn
individual and
group knock
expressions.
Regulate
access control
through an
end-point.

8. Registration
8
Each group member enters secret knock up to 10x
on the sensor surface. Feature vectors extracted.

9. Supervised Feature Selection
9
f1: Zero-crossing rate
f2: RMS
f3: Total energy
f4: FFT bins
f5: Dominant frequency
f6: Spectral flatness
f7: Spectral centroid
f8: D4 Wavelet coefficients
…
fn: Total Power
fx
fy

10. Registration
10
Member 2
Member 3
Member 1

11. Training
11
Learn individual thumprint expressions by
clustering each candidates attempts.
Member 1
Member 2
Member 3
Less
recent
More
recent

12. Authentication
12
Determine if unlabeled attempt is similar enough
to candidate group member expressions.
Member 1
Member 2
Member 3
Less
recent
More
recent
Unlabeled
attempt

13. Evaluation
13
Can people enter thumprints
consistently over time?
Can casual but motivated
adversaries be detected?
Can individual group members
be distinguished?

14. 14
3 groups of 5 participants in a 2-day study.
Day 1: Participants watched recordings of a group-
specific thumprint. Each asked to replicate 10x.

15. Token X
Sound Only X
Video + Wrong Token X X
Video + Correct Token X X X
Correct
Token
Sound
File
Video
File
Day 2: Participants independently replicated group
thumprint from memory. Then asked to “break” other
thumprints as one of four adversaries:

16. Procedure
16
Trained on data collected from the
first day.
Tested on data collected from the
second day.

17. MeanClosestCluster
Distance
0.0
0.2
0.4
0.6
0.8
Correct
Member
Wrong
Member
Video +
wrong
Sound
only
Token
only
Video +
correct
At a
0.45
threshold
12%
EER
<5%
misidentification

18. Evaluation
18
Yes *
Mostly *
Can people enter thumprints
consistently over time?
Can casual but motivated
adversaries be detected?
Can individual group members
be distinguished?
Yes *
* Should get better with more training data.

19. 19
Thumprint is an inclusive group authenticator that
identifies individuals.

20. 20
Thumprint is a promising first step towards
a future of socially-intelligent
cybersecurity systems
…but it is just a first step.

21. As computing melds with our physical worlds,
security continues to interfere with our social lives.

22. How can we close the gap between the social
requirements and the technical capabilities of
interactive cybersecurity systems?
Social
Requirements
Technical
Capabilities

23. 23
Thumprint
Socially-Inclusive Local Group Authentication
Through Shared Secret Knocks
Sauvik
Das
Gierad
Laput
Chris
Harrison
Jason
Hong
sauvik@cmu.edu