RiderAuth: A cancelable touch-signature based rider authentication scheme for driverless taxis

Abstract

Driverless taxis are now closer to their worldwide launch, however, unsupervised physical access to the riders can pose unexpected safety and security risks to the connected and autonomous vehicle’s ecosystems. Thus, the need for human-to-machine authentication in driverless settings cannot be disregarded to maintain their smooth operations. In this paper, we propose a first rider authentication scheme, RiderAuth, using touch-signature behavioral biometrics to authenticate customers before they commence their ride in driverless settings. We also propose a template protection scheme for finite length touch-signature features using a random orthogonal projection method to address biometric template leakage. We design Android-based client and Cloud-based server prototypes to evaluate both the security and usability of our proposed scheme. We collect a new database of 1800 touch-signatures samples from 30 users in an unsupervised field experiment for two weeks. RiderAuth achieves a True Acceptance Rate (TAR) of 96.66% at False Acceptance Rate (FAR) of 0.01% without template protection and a TAR of 94.88% at FAR=0.01% with proposed template protection scheme. Subsequently, we implement a d-prime weighted score-level fusion to further enhance RiderAuth’s accuracy. We evaluate the unlinkability and revocability of the proposed template protection scheme to verify its suitability for authenticating riders in a privacy preserved setting. In addition, we conduct a survey to evaluate user acceptance of our proposed scheme using the System Usability Scale (SUS) where we get a score of ≈70% suggesting a positive experience and acceptance of RiderAuth.