Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science

slides - Jiang Bian

advertisement 
USign—A Security Enhanced Electronic
Consent Model
Yanyan Li1 Mengjun Xie1 Jiang Bian2
1University
of Arkansas at Little Rock
2University of Arkansas for Medical Sciences
August 29, 2014
University of Arkansas at Little Rock
Electronic Consent Model
August 29, 2014
1 / 25
Outline
Introduction
Related Work
Design and Implementation of USign
System Evaluation
Conclusion
University of Arkansas at Little Rock
Electronic Consent Model
August 29, 2014
2 / 25
Introduction
University of Arkansas at Little Rock
Electronic Consent Model
August 29, 2014
3 / 25
Why electronic consent?
Improve efficiency and quality
• E.g. recruit more subjects and save time and money in clinical trails
Problems in electronic consent
Lack of considerations in security and privacy
• Most focus on improving participant comprehension of consent
Collected signatures are only for archival purpose
Proposed solution – USign
Collects signatures for authentication purpose
Guarantees the signer is the person he/she claim to be
University of Arkansas at Little Rock
Electronic Consent Model
August 29, 2014
4 / 25
Related Work
University of Arkansas at Little Rock
Electronic Consent Model
August 29, 2014
5 / 25
Electronic Consent
Give researchers greater access to rural populations
Captured signature is only used as a record
Electronic Signature
Use predefined signature styles, not real ones
Not for verifying a signer’s identity
Signature Verification
Signatures are commonly accepted
High accuracy (low error rate) has been achieved
University of Arkansas at Little Rock
Electronic Consent Model
August 29, 2014
6 / 25
Design and Implementation of USign
University of Arkansas at Little Rock
Electronic Consent Model
August 29, 2014
7 / 25
Motivation
Enhance the security of the existing eConsent system
Existing eConsent System
Existing
eConsent
System
USign
Your identity could be
impersonated by others
Only genuine users can
login / sign document
Security Enhanced eConsent System
University of Arkansas at Little Rock
Electronic Consent Model
August 29, 2014
8 / 25
Comparison between existing and proposed system
Identity Verification in
User Login
Identity Verification in
Document Signing
Existing eConsent system
Weak
No
USign-based eConsent
system model
Strong
Yes
University of Arkansas at Little Rock
Electronic Consent Model
August 29, 2014
9 / 25
Design of USign system
Prototype system follows client-server model
User
MySQL database
Operates
SOCKET
HTTPS
Android Client
Tomcat Server
Client Side
Server Side
University of Arkansas at Little Rock
Electronic Consent Model
August 29, 2014
10 / 25
Login interface of the client application
University of Arkansas at Little Rock
Electronic Consent Model
August 29, 2014
11 / 25
Signature Verification
Dynamic Time Warping (DTW) method is used
Workflow of user identity verification
University of Arkansas at Little Rock
Electronic Consent Model
August 29, 2014
12 / 25
Data Acquisition step
Users’ signature data are obtained via tablet/smartphone
Collected many features related to the signature itself
X and Y Coordinates, timestamp, pressure, touch area
Preprocessing is not included in this system
Cause information loss
University of Arkansas at Little Rock
Electronic Consent Model
August 29, 2014
13 / 25
Feature Selection step
Extract ∆x and ∆y from original X and Y coordinates
Difference of X and Y coordinates between two consecutive points
Pressure and touch area features are not selected
Studies show these features are not effective
Selected features: ∆x and ∆y
University of Arkansas at Little Rock
Electronic Consent Model
August 29, 2014
14 / 25
Pairwise Alignment step
Calculate DTW distances of all reference signatures
Create a matrix to record all calculated distance values
Calculate the minimum distance for each row
Derive the average minimum value, avg(dmin(RID))
University of Arkansas at Little Rock
Electronic Consent Model
August 29, 2014
15 / 25
Distance Normalization step
To restrict the distance values in a certain range of variation
Genuine Training Sigs
dmin(GTr, RID)
Reference Sigs
dmin(GTr, RID)/avg(dmin(RID))
avg(dmin(RID)
)
dmin(FTr, RID)
Separating Boundary
dmin(FTr, RID)/avg(dmin(RID))
Forged Training Sigs
University of Arkansas at Little Rock
Electronic Consent Model
August 29, 2014
16 / 25
Verification step
Login signatures go through all aforementioned steps
Including distance calculation and normalization
Normalized value will be compared with boundary value
If smaller than boundary --> authentic
Otherwise --> forgery signature
University of Arkansas at Little Rock
Electronic Consent Model
August 29, 2014
17 / 25
System Evaluation
University of Arkansas at Little Rock
Electronic Consent Model
August 29, 2014
18 / 25
Experiment Methodology
Use SVC2004 Task1 dataset as the data source
40 writers, 40 signatures for each writer
The first 20 are genuine sigs, and the rest are forgery sigs
Data Set
Type
Each User
Total Size
Reference
Genuine
12
480
Training
Genuine/Forgery
2/2
160
Test 1
Genuine
6
240
Test 2
Forgery
18
720
University of Arkansas at Little Rock
Electronic Consent Model
August 29, 2014
19 / 25
Error Rate
False Rejection Rate (FRR) / False Acceptance Rate (FAR)
Equal Error Rate (EER)
Separating
Boundary
FRR
FAR
1.20
11.7%
4.2%
1.25
5.83%
5.4%
1.30
4.17%
7.2%
1.35
4.17%
10.3%
EER for this DTW method with the given data source is
close to 5.6%
University of Arkansas at Little Rock
Electronic Consent Model
August 29, 2014
20 / 25
System Usability
10 students are randomly recruited to test this system
Q1: Is this eConsent system easy to use?
Q2: Would you like to use it in the future?
Q3: Do you feel secure using your signature to login the system?
Q4: Do you have some concerns regarding it?
Questions
# of Yes
# of No
Question 1
8
2
Question 2
9
1
Question 3
9
1
Question 4
2
8
University of Arkansas at Little Rock
Electronic Consent Model
August 29, 2014
21 / 25
System Usability
Two concerns
C1: Somebody may forge my signature to log into the system
C2: Troublesome registration
Our future plan
Conduct more extensive usability evaluation in a larger scale to
understand those user concerns we may not be aware of
Improve the system usability based on the evaluation feedback
University of Arkansas at Little Rock
Electronic Consent Model
August 29, 2014
22 / 25
Conclusion
University of Arkansas at Little Rock
Electronic Consent Model
August 29, 2014
23 / 25
Present a security enhanced eConsent model, USign
Strengthening the identity protection and authentication
Develop a prototype of USign
Conduct preliminary evaluation on system accuracy/usability
Evaluation results show the feasibility of proposed model
University of Arkansas at Little Rock
Electronic Consent Model
August 29, 2014
24 / 25
Thank you!
Questions?
University of Arkansas at Little Rock
Electronic Consent Model
August 29, 2014
25 / 25
Related documents
To Whom It May Concern
To Whom It May Concern
Arkansas Digital Sandbox
Arkansas Digital Sandbox
ENTREPRENEURSHIP EDUCATION AT THE MIDDLE LEVELs
ENTREPRENEURSHIP EDUCATION AT THE MIDDLE LEVELs
9-7 Independent and Dependent Events (ppg 398-401)
9-7 Independent and Dependent Events (ppg 398-401)
Communications and Outreach
Communications and Outreach
부모 미동반 입국서류
부모 미동반 입국서류
Hard Rock Café`s Human Resource Strategy
Hard Rock Café`s Human Resource Strategy
USE OF CELEBRITIES IN ADVERTISING
USE OF CELEBRITIES IN ADVERTISING
Download
advertisement