USign—A Security Enhanced Electronic Consent Model Yanyan Li 1 Mengjun Xie 1 Jiang Bian 2 1...

USign—A Security Enhanced Electronic Consent Model

Yanyan Li1 Mengjun Xie1 Jiang Bian2

1University of Arkansas at Little Rock2University of Arkansas for Medical Sciences

August 29, 2014

University of Arkansas at Little Rock Electronic Consent Model August 29, 2014 1 / 25

Outline

IntroductionRelated WorkDesign and Implementation of USignSystem EvaluationConclusion


Introduction


Why electronic consent?Improve efficiency and quality• E.g. recruit more subjects and save time and money in

clinical trails

Problems in electronic consentLack of considerations in security and privacy• Most focus on improving participant comprehension of

consent

Collected signatures are only for archival purpose

Proposed solution – USignCollects signatures for authentication purposeGuarantees the signer is the person he/she claim to be


Related Work


Electronic ConsentGive researchers greater access to rural populations

Captured signature is only used as a record

Electronic SignatureUse predefined signature styles, not real ones

Not for verifying a signer’s identity

Signature VerificationSignatures are commonly accepted

High accuracy (low error rate) has been achieved


Design and Implementation of USign


Motivation

Enhance the security of the existing eConsent system


Existing eConsent System

Existing eConsent

SystemUSign

Security Enhanced eConsent System

Your identity could be impersonated by others

Only genuine users can login / sign document

Comparison between existing and proposed system


Identity Verification in User Login

Identity Verification in Document Signing

Existing eConsent system Weak No

USign-based eConsent system model Strong Yes

Design of USign systemPrototype system follows client-server model


Android Client Tomcat Server

MySQL database

HTTPS

SOCKETOperates

User

Client Side Server Side

Login interface of the client application


Signature VerificationDynamic Time Warping (DTW) method is used


Workflow of user identity verification

Data Acquisition step

Users’ signature data are obtained via tablet/smartphone

Collected many features related to the signature itself

X and Y Coordinates, timestamp, pressure, touch area

Preprocessing is not included in this systemCause information loss


Feature Selection step

Extract ∆x and ∆y from original X and Y coordinates

Difference of X and Y coordinates between two consecutive points

Pressure and touch area features are not selected

Studies show these features are not effective

Selected features: ∆x and ∆y


Pairwise Alignment step

Calculate DTW distances of all reference signatures

Create a matrix to record all calculated distance values

Calculate the minimum distance for each row

Derive the average minimum value, avg(dmin(RID))


Distance Normalization step

To restrict the distance values in a certain range of variation


Genuine Training Sigs

Reference Sigs

dmin(GTr, RID)

dmin(FTr, RID)

Forged Training Sigs

avg(dmin(R

ID))

dmin(GTr, RID)/avg(dmin(RID))

dmin(FTr, RID)/avg(dmin(RID))

Separating Boundary

Verification step

Login signatures go through all aforementioned steps

Including distance calculation and normalization

Normalized value will be compared with boundary value

If smaller than boundary --> authentic

Otherwise --> forgery signature


System Evaluation


Experiment Methodology

Use SVC2004 Task1 dataset as the data source40 writers, 40 signatures for each writer

The first 20 are genuine sigs, and the rest are forgery sigs


Data Set Type Each User Total Size

Reference Genuine 12 480

Training Genuine/Forgery 2/2 160

Test 1 Genuine 6 240

Test 2 Forgery 18 720

Error Rate

False Rejection Rate (FRR) / False Acceptance Rate (FAR)Equal Error Rate (EER)

EER for this DTW method with the given data source is close to 5.6%


Separating Boundary FRR FAR

1.20 11.7% 4.2%

1.25 5.83% 5.4%

1.30 4.17% 7.2%

1.35 4.17% 10.3%

System Usability

10 students are randomly recruited to test this system

Q1: Is this eConsent system easy to use?

Q2: Would you like to use it in the future?

Q3: Do you feel secure using your signature to login the system?

Q4: Do you have some concerns regarding it?


Questions # of Yes # of No

Question 1 8 2

Question 2 9 1

Question 3 9 1

Question 4 2 8

System Usability

Two concernsC1: Somebody may forge my signature to log into the system

C2: Troublesome registration

Our future planConduct more extensive usability evaluation in a larger scale to understand those user concerns we may not be aware of

Improve the system usability based on the evaluation feedback


Conclusion


Present a security enhanced eConsent model, USign

Strengthening the identity protection and authentication

Develop a prototype of USign

Conduct preliminary evaluation on system accuracy/usability

Evaluation results show the feasibility of proposed model


Thank you!Questions?


USign—A Security Enhanced Electronic Consent Model Yanyan Li 1 Mengjun Xie 1 Jiang Bian 2 1...

Documents

Transcript of USign—A Security Enhanced Electronic Consent Model Yanyan Li 1 Mengjun Xie 1 Jiang Bian 2 1...