Download presentation
Presentation is loading. Please wait.
Published byHelena Owens Modified over 9 years ago
1
USign—A Security Enhanced Electronic Consent Model Yanyan Li 1 Mengjun Xie 1 Jiang Bian 2 1 University of Arkansas at Little Rock 2 University of Arkansas for Medical Sciences August 29, 2014 University of Arkansas at Little Rock Electronic Consent ModelAugust 29, 20141 / 25
2
Outline Introduction Related Work Design and Implementation of USign System Evaluation Conclusion University of Arkansas at Little Rock Electronic Consent ModelAugust 29, 20142 / 25
3
Introduction University of Arkansas at Little Rock Electronic Consent ModelAugust 29, 20143 / 25
4
Why electronic consent? Improve efficiency and quality E.g. recruit more subjects and save time and money in clinical trails Problems in electronic consent Lack of considerations in security and privacy Most focus on improving participant comprehension of consent Collected signatures are only for archival purpose Proposed solution – USign Collects signatures for authentication purpose Guarantees the signer is the person he/she claim to be University of Arkansas at Little Rock Electronic Consent ModelAugust 29, 20144 / 25
5
Related Work University of Arkansas at Little Rock Electronic Consent ModelAugust 29, 20145 / 25
6
Electronic Consent Give researchers greater access to rural populations Captured signature is only used as a record Electronic Signature Use predefined signature styles, not real ones Not for verifying a signer’s identity Signature Verification Signatures are commonly accepted High accuracy (low error rate) has been achieved University of Arkansas at Little Rock Electronic Consent ModelAugust 29, 20146 / 25
7
Design and Implementation of USign University of Arkansas at Little Rock Electronic Consent ModelAugust 29, 20147 / 25
8
Motivation Enhance the security of the existing eConsent system University of Arkansas at Little Rock Electronic Consent ModelAugust 29, 20148 / 25 Existing eConsent System USign Security Enhanced eConsent System Your identity could be impersonated by others Only genuine users can login / sign document
9
Comparison between existing and proposed system University of Arkansas at Little Rock Electronic Consent ModelAugust 29, 20149 / 25 Identity Verification in User Login Identity Verification in Document Signing Existing eConsent systemWeakNo USign-based eConsent system model StrongYes
10
Design of USign system Prototype system follows client-server model University of Arkansas at Little Rock Electronic Consent ModelAugust 29, 201410 / 25 Android Client Tomcat Server MySQL database HTTPS SOCKET Operates User Client SideServer Side
11
Login interface of the client application University of Arkansas at Little Rock Electronic Consent ModelAugust 29, 201411 / 25
12
Signature Verification Dynamic Time Warping (DTW) method is used University of Arkansas at Little Rock Electronic Consent ModelAugust 29, 201412 / 25 Workflow of user identity verification
13
Data Acquisition step Users’ signature data are obtained via tablet/smartphone Collected many features related to the signature itself X and Y Coordinates, timestamp, pressure, touch area Preprocessing is not included in this system Cause information loss University of Arkansas at Little Rock Electronic Consent ModelAugust 29, 201413 / 25
14
Feature Selection step Extract ∆x and ∆y from original X and Y coordinates Difference of X and Y coordinates between two consecutive points Pressure and touch area features are not selected Studies show these features are not effective Selected features: ∆x and ∆y University of Arkansas at Little Rock Electronic Consent ModelAugust 29, 201414 / 25
15
Pairwise Alignment step Calculate DTW distances of all reference signatures Create a matrix to record all calculated distance values Calculate the minimum distance for each row Derive the average minimum value, avg(d min (R ID )) University of Arkansas at Little Rock Electronic Consent ModelAugust 29, 201415 / 25
16
Distance Normalization step To restrict the distance values in a certain range of variation University of Arkansas at Little Rock Electronic Consent ModelAugust 29, 201416 / 25 Genuine Training Sigs Reference Sigs d min (GTr, R ID ) d min (FTr, R ID ) Forged Training Sigs avg(d min (R I D )) d min (GTr, R ID )/avg(d min (R ID )) d min (FTr, R ID )/avg(d min (R ID )) Separating Boundary
17
Verification step Login signatures go through all aforementioned steps Including distance calculation and normalization Normalized value will be compared with boundary value If smaller than boundary --> authentic Otherwise --> forgery signature University of Arkansas at Little Rock Electronic Consent ModelAugust 29, 201417 / 25
18
System Evaluation University of Arkansas at Little Rock Electronic Consent ModelAugust 29, 201418 / 25
19
Experiment Methodology Use SVC2004 Task1 dataset as the data source 40 writers, 40 signatures for each writer The first 20 are genuine sigs, and the rest are forgery sigs University of Arkansas at Little Rock Electronic Consent ModelAugust 29, 201419 / 25 Data SetTypeEach UserTotal Size ReferenceGenuine12480 TrainingGenuine/Forgery2/2160 Test 1Genuine6240 Test 2Forgery18720
20
Error Rate False Rejection Rate (FRR) / False Acceptance Rate (FAR) Equal Error Rate (EER) EER for this DTW method with the given data source is close to 5.6% University of Arkansas at Little Rock Electronic Consent ModelAugust 29, 201420 / 25 Separating Boundary FRRFAR 1.2011.7%4.2% 1.255.83%5.4% 1.304.17%7.2% 1.354.17%10.3%
21
System Usability 10 students are randomly recruited to test this system Q1: Is this eConsent system easy to use? Q2: Would you like to use it in the future? Q3: Do you feel secure using your signature to login the system? Q4: Do you have some concerns regarding it? University of Arkansas at Little Rock Electronic Consent ModelAugust 29, 201421 / 25 Questions# of Yes# of No Question 182 Question 291 Question 391 Question 428
22
System Usability Two concerns C1: Somebody may forge my signature to log into the system C2: Troublesome registration Our future plan Conduct more extensive usability evaluation in a larger scale to understand those user concerns we may not be aware of Improve the system usability based on the evaluation feedback University of Arkansas at Little Rock Electronic Consent ModelAugust 29, 201422 / 25
23
Conclusion University of Arkansas at Little Rock Electronic Consent ModelAugust 29, 201423 / 25
24
Present a security enhanced eConsent model, USign Strengthening the identity protection and authentication Develop a prototype of USign Conduct preliminary evaluation on system accuracy/usability Evaluation results show the feasibility of proposed model University of Arkansas at Little Rock Electronic Consent ModelAugust 29, 201424 / 25
25
Thank you! Questions? University of Arkansas at Little Rock Electronic Consent ModelAugust 29, 201425 / 25
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.