Fighting Coercion Attacks in Key Generation using Skin Conductance
Many techniques have been proposed to generate keys including text passwords, graphical passwords, biometric data and etc. Most of these techniques are not resistant to coercion attacks in which the user is forcefully asked by an attacker to generate the key to gain access to the system or to decryp...
Saved in:
| Main Authors: | , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2010
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/1317 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| Summary: | Many techniques have been proposed to generate keys including text passwords, graphical passwords, biometric data and etc. Most of these techniques are not resistant to coercion attacks in which the user is forcefully asked by an attacker to generate the key to gain access to the system or to decrypt the encrypted file. We present a novel approach in generating cryptographic keys to fight against coercion attacks. Our novel technique incorporates the user’s emotional status, which changes when the user is under coercion, into the key generation through measurements of the user’s skin conductance. We present a model that generates cryptographic keys with one’s voice and skin conductance. In order to explore more, a preliminary user study with 39 subjects was done which shows that our approach has moderate falsepositive and false-negative rates. We also present the attacker’s strategy in guessing the cryptographic keys, and show that the resulting change in the password space under such attacks is small. |
|---|