Visible to the public On the Effectiveness of Sensor-enhanced Keystroke Dynamics Against Statistical Attacks

TitleOn the Effectiveness of Sensor-enhanced Keystroke Dynamics Against Statistical Attacks
Publication TypeConference Paper
Year of Publication2016
AuthorsStanciu, Valeriu-Daniel, Spolaor, Riccardo, Conti, Mauro, Giuffrida, Cristiano
Conference NameProceedings of the Sixth ACM Conference on Data and Application Security and Privacy
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-3935-3
Keywordsbiometric authentication, biometric encryption, composability, Dynamical Systems, keystroke analysis, keystroke dynamics, Metrics, mobile security, pubcrawl, Resiliency, sensor dynamics, statistical attacks

In recent years, simple password-based authentication systems have increasingly proven ineffective for many classes of real-world devices. As a result, many researchers have concentrated their efforts on the design of new biometric authentication systems. This trend has been further accelerated by the advent of mobile devices, which offer numerous sensors and capabilities to implement a variety of mobile biometric authentication systems. Along with the advances in biometric authentication, however, attacks have also become much more sophisticated and many biometric techniques have ultimately proven inadequate in face of advanced attackers in practice. In this paper, we investigate the effectiveness of sensor-enhanced keystroke dynamics, a recent mobile biometric authentication mechanism that combines a particularly rich set of features. In our analysis, we consider different types of attacks, with a focus on advanced attacks that draw from general population statistics. Such attacks have already been proven effective in drastically reducing the accuracy of many state-of-the-art biometric authentication systems. We implemented a statistical attack against sensor-enhanced keystroke dynamics and evaluated its impact on detection accuracy. On one hand, our results show that sensor-enhanced keystroke dynamics are generally robust against statistical attacks with a marginal equal-error rate impact (textless0.14%). On the other hand, our results show that, surprisingly, keystroke timing features non-trivially weaken the security guarantees provided by sensor features alone. Our findings suggest that sensor dynamics may be a stronger biometric authentication mechanism against recently proposed practical attacks.

Citation Keystanciu_effectiveness_2016