Abstract
In recent years, simple password-based authentication systems have increasingly proven ineffective for many classes of real-world devices. As a result, many researchers have concentrated their efforts on the design of new biometric authentication systems. This trend has been further accelerated by the advent of mobile devices, which offer numerous sensors and capabilities to implement a variety of mobile biometric authentication systems. Along with the advances in biometric authentication, however, attacks have also become much more sophisticated and many biometric techniques have ultimately proven inadequate in face of advanced attackers in practice. In this paper, we investigate the effectiveness of sensor enhanced keystroke dynamics, a recent mobile biometric authentication mechanism that combines a particularly rich set of features. In our analysis, we consider different types of attacks, with a focus on advanced attacks that draw from general population statistics. Such attacks have already been proven effective in drastically reducing the accuracy of many state-of-the-art biometric authentication systems. We implemented a statistical attack against sensor enhanced keystroke dynamics and evaluated its impact on detection accuracy. On one hand, our results show that sensor-enhanced keystroke dynamics are generally robust against statistical attacks with a marginal equal-error rate impact (<0.14%). On the other hand, our results show that, surprisingly, keystroke timing features non-trivially weaken the security guarantees provided by sensor features alone. Our findings suggest that sensor dynamics may be a stronger biometric authentication mechanism against recently proposed practical attacks.
Original language | English |
---|---|
Title of host publication | CODASPY 2016 - Proceedings of the 6th ACM Conference on Data and Application Security and Privacy |
Publisher | Association for Computing Machinery, Inc |
Pages | 105-112 |
Number of pages | 8 |
ISBN (Electronic) | 9781450339353 |
DOIs | |
Publication status | Published - 9 Mar 2016 |
Event | 6th ACM Conference on Data and Application Security and Privacy, CODASPY 2016 - New Orleans, United States Duration: 9 Mar 2016 → 11 Mar 2016 |
Conference
Conference | 6th ACM Conference on Data and Application Security and Privacy, CODASPY 2016 |
---|---|
Country/Territory | United States |
City | New Orleans |
Period | 9/03/16 → 11/03/16 |
Keywords
- biometric authentication
- statistical attacks
- sensor dynamics
- mobile security
- keystroke dynamics
- classsidechannels
- classmobile