Thumprint authenticates and identifies individual members of a small local group through their expression of a single shared secret knock. It allows groups to have reasonably strong authentication that identifies individuals without requiring group members to keep secrets from one another.
4. 4
Divisive authentication requiring
individual secrets is not ideal.
But neither is authentication with
non-identifying shared secrets.
Creates social friction, security only as strong as “weakest link”.
Precludes personalization, parental controls, audit logs.
7. Thumprint Overview
7
Users enter
secret knocks
on a sensor
surface.
Extract
features that
represent
sensor signals.
Learn
individual and
group knock
expressions.
Regulate
access control
through an
end-point.
12. Authentication
12
Determine if unlabeled attempt is similar enough
to candidate group member expressions.
Member 1
Member 2
Member 3
Less
recent
More
recent
Unlabeled
attempt
13. Evaluation
13
Can people enter thumprints
consistently over time?
Can casual but motivated
adversaries be detected?
Can individual group members
be distinguished?
14. 14
3 groups of 5 participants in a 2-day study.
Day 1: Participants watched recordings of a group-
specific thumprint. Each asked to replicate 10x.
15. Token X
Sound Only X
Video + Wrong Token X X
Video + Correct Token X X X
Correct
Token
Sound
File
Video
File
Day 2: Participants independently replicated group
thumprint from memory. Then asked to “break” other
thumprints as one of four adversaries:
18. Evaluation
18
Yes *
Mostly *
Can people enter thumprints
consistently over time?
Can casual but motivated
adversaries be detected?
Can individual group members
be distinguished?
Yes *
* Should get better with more training data.
19. 19
Thumprint is an inclusive group authenticator that
identifies individuals.
20. 20
Thumprint is a promising first step towards
a future of socially-intelligent
cybersecurity systems
…but it is just a first step.
21. As computing melds with our physical worlds,
security continues to interfere with our social lives.
22. How can we close the gap between the social
requirements and the technical capabilities of
interactive cybersecurity systems?
Social
Requirements
Technical
Capabilities