A User Authentication Enabled Piezoelectric Force Touch System for the Internet of Things

In Internet of Things (IoT) applications, secure access to smart systems, e.g., smartphones, is important for protecting private information. Among various authentication techniques, keystroke authentication methods based on touch behavior of the user have received increasing attention. This is due to the unique benefits, such as no additional hardware component and the ease of use in most smart systems. In this paper, we present a technique for obtaining high user authentication accuracy by utilizing a user’s touch time and force information, which are obtained from a piezoelectric touch panel. After combining artificial neural networks with the user’s touch features, an equal error rate (EER) of 1.09% is achieved, validating the feasibility of the proposed technique for achieving highly secure user authentication, hence advancing the development of security techniques potentially deployable in the field of IoT.


INTRODUCTION
With the rapid rise in use of mobile devices, access security is becoming a global concern. As the most widely used and accepted method, password-based identity authentication [1] has many security loopholes, such as brute force cracking and smudge attacks [2]. Keystroke authentication can be a good alternative as it not only solves the insecurity of passwords but also has other advantages, such as low cost, high flexibility, and simpler hardware structure as compared to other biometric authentication methods [3][4][5], such as fingerprint and face identification.
Research on traditional keystroke authentication is mainly based on computer keyboards [6][7][8], in which the system only identifies users by time-related characteristics, limiting the expression of individual keystroke habits. Research on keystroke authentication based on mobile devices has emerged in recent years [9][10][11], but existing mobile devices, such as phones, have a limited ability to sense a user's force of touch. For example, the iPhone X can only classify force touches into two levels [12], which does not satisfy the need for accurate force sensing, but is important for keystrokes [13][14].
Based on the above considerations, this paper proposes a piezoelectric force touch system for keystroke authentication. The piezoelectric effect is used for high force detection accuracy, based on which the features of a user's touches are extracted and processed by a machine learning algorithm-an artificial neural network (ANN) [15]-for user authentication.
With the developed technique, a low equal error rate (EER) of 1.09% is achieved, demonstrating its feasibility in user authentication. The procedure of implementing the proposed technique is depicted in Fig. 1.

A. Sensor and System Design
The piezoelectric touch panel is designed as shown in Fig.  2 a and consists of four layers. The first layer is a glass substrate functioning as a protective cover. Below the glass cover is a layer of patterned (4×4) Indium tin oxide (ITO) electrodes. ITO was chosen as the electrode material due to its good light transmittance and low resistivity [16]. The side length of each electrode element is 10 mm, with spacing at 3 mm (shown in Fig. 2 b). The third layer is a PVDF based force sensing layer [17], which offers high light transmittance, high flexibility, good mechanical properties, and high forcevoltage responsivity (d 33 = 30 pC/N), making it sensitive to a user's touch force. The bottom layer is a continuous ITO electrode, which acts as the ground reference. The thickness of each layer is illustrated in Fig. 2 c, and each layer is laminated with an optically clear adhesive (OCA).  978-1-7281-5278-3/20/$31.00 ©2020 IEEE

B. Data Collection
To train the ANN model, datasets were made by ten students (six males and four females) from Beihang University. They were asked to enter the same six-digit password (199517). The purpose of authentication is to distinguish legitimate users from intruders. Thus, one participant was designated as the legitimate user, while the rest were "intruders". Within a month, we collected a dataset containing 150 positive samples from the legitimate user and 50 negative samples from each intruder.

C. Feature Extraction
The voltage response obtained from one password input is shown in Fig. 3 a. A complete touch event consists of two processes, a finger press and a finger lift, which are reflected by the piezoelectric effect as two opposite voltage responses. The collected raw voltage response data cannot directly reflect the main keystroke characteristics, which are dwelling time (DT), flying time (FT), and touch force amplitude (F). DT represents the time interval from finger press to finger lift in one touch event, and FT is the time interval from the finger lift of the first touch event to the finger press of the next touch event. To clearly explain these important features, we show them in Fig. 3 b. DT is the time interval from the first positive peak to the first negative peak, FT the time interval from the first negative peak to the second positive peak, and the positive peak of each touch represents the touch force (F). Hence, a six-digit password consists of six DTs, five FTs, and six Fs, as described in Eq. 1.
To provide high quality data for extracting accurate touch features, a pre-processing algorithm (explained in Fig. 3 c) is used on the raw data. First, the 50 Hz common mode noise is filtered out. Second, the direct current (DC) offset of each channel is removed. Third, peak detection is performed. Finally, the feature information is extracted according to the above method.

D. Feature Analysis
Keystroke authentication is always based on the premise that the keystroke habits of one person maintain a certain stability and independence from those of others. We used the following differential scoring method to assess the stability of the legitimate user's multiple keystroke characteristics and their differences from those of the simulated "intruders".
Take the average feature vector P of multiple keystrokes of the legitimate user as the keystroke template. Let the predicted feature vector be X ; then, the difference between X and P can be described by Eq. 2. The smaller the value of D , the closer the X vector is to the P vector, that is, the more likely the feature vector X to be predicted comes from the legitimate user. Where X i , i P donate the i-dimensional feature of X and P , and σ i donates the standard deviation of the i-dimensional feature of P .  FT, and F). It can be observed that, on the one hand, in either case, all keystroke vectors from the legitimate user are concentrated in the region with a lower D value, while the keystroke vectors from simulated intruders are scattered in the region with a higher D value. This result is consistent with our previous assumption. On the other hand, the overlap represents data that could be misclassified. It is clear that if the feature of the touch force is added, the data that can be misclassified will be significantly less than if only the time feature is used.
As shown in Fig. 1, the system architecture of our method also has a decision module, whose function is to use the existing dataset to train the classifier, finally recognize the predictive keystroke vector, and output the decision whether the keystroke vector is from a legitimate user or from an intruder. The result in Table I shows that the EER of dataset 2 is almost half of the EER of dataset 1. This proves that taking accurate force features into consideration is of great significance to improve the accuracy of keystroke authentication compared to merely using time features.

IV. CONCLUSION
Keystroke authentication offers an efficient way to solve the security problems of current IoT devices. We reported here a piezoelectric force touch system capable of detecting a user's touch time and force information. After analysing the time and force information, a low EER of 1.09% was achieved. The developed technique can be used not only for the current design of the touch pad, but also for any device or system with force as input, such as smartphones and tablets, to provide secure access for users, thereby protecting the users' private information and enhancing the interactivity in devices for the IoT.