I Can Be You: Questioning the Use of Keystroke Dynamics as Biometrics
Keystroke dynamics refer to information about the typing patterns of individuals, such as the relative timing when the individual presses and releases each key. Prior studies suggest that such patterns are unique and cannot be easily imitated. This lays the foundation for the use of keystroke biomet...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2013
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/1699 https://ink.library.smu.edu.sg/context/sis_research/article/2698/viewcontent/ndss13_tey.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-2698 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-26982016-01-14T06:36:09Z I Can Be You: Questioning the Use of Keystroke Dynamics as Biometrics TEY, Chee Meng GUPTA, Payas GAO, Debin Keystroke dynamics refer to information about the typing patterns of individuals, such as the relative timing when the individual presses and releases each key. Prior studies suggest that such patterns are unique and cannot be easily imitated. This lays the foundation for the use of keystroke biometrics in authentication systems. The research effort in this area has thus far focused on novel detection techniques to differentiate between legitimate users and imposters. In this paper, we demonstrate a novel feedback and training interface named Mimesis. Mimesis provides both positive and negative feedback on the differences between a submitted pattern vs. a reference pattern. This allows one person to imitate another through incremental adjustment of typing pattern. We show that even for targets whose typing patterns are only partially known, training with Mimesis allows attackers to defeat one of the best anomaly detection engines using keystroke biometrics. For a group of 84 participants playing the role of attackers and 2 eight-character passwords of different difficulty, the false acceptance rate (FAR) of the easy and difficult password increases from 0.24 and 0.20 respectively (before Mimesis training) to 0.63 and 0.42 respectively (after Mimesis training with partial information of the victim). With full information, the FAR increases to 0.99 for both passwords for the 14 best attackers. 2013-02-01T08:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/1699 https://ink.library.smu.edu.sg/context/sis_research/article/2698/viewcontent/ndss13_tey.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Information Security |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
Information Security |
| spellingShingle |
Information Security TEY, Chee Meng GUPTA, Payas GAO, Debin I Can Be You: Questioning the Use of Keystroke Dynamics as Biometrics |
| description |
Keystroke dynamics refer to information about the typing patterns of individuals, such as the relative timing when the individual presses and releases each key. Prior studies suggest that such patterns are unique and cannot be easily imitated. This lays the foundation for the use of keystroke biometrics in authentication systems. The research effort in this area has thus far focused on novel detection techniques to differentiate between legitimate users and imposters. In this paper, we demonstrate a novel feedback and training interface named Mimesis. Mimesis provides both positive and negative feedback on the differences between a submitted pattern vs. a reference pattern. This allows one person to imitate another through incremental adjustment of typing pattern. We show that even for targets whose typing patterns are only partially known, training with Mimesis allows attackers to defeat one of the best anomaly detection engines using keystroke biometrics. For a group of 84 participants playing the role of attackers and 2 eight-character passwords of different difficulty, the false acceptance rate (FAR) of the easy and difficult password increases from 0.24 and 0.20 respectively (before Mimesis training) to 0.63 and 0.42 respectively (after Mimesis training with partial information of the victim). With full information, the FAR increases to 0.99 for both passwords for the 14 best attackers. |
| format |
text |
| author |
TEY, Chee Meng GUPTA, Payas GAO, Debin |
| author_facet |
TEY, Chee Meng GUPTA, Payas GAO, Debin |
| author_sort |
TEY, Chee Meng |
| title |
I Can Be You: Questioning the Use of Keystroke Dynamics as Biometrics |
| title_short |
I Can Be You: Questioning the Use of Keystroke Dynamics as Biometrics |
| title_full |
I Can Be You: Questioning the Use of Keystroke Dynamics as Biometrics |
| title_fullStr |
I Can Be You: Questioning the Use of Keystroke Dynamics as Biometrics |
| title_full_unstemmed |
I Can Be You: Questioning the Use of Keystroke Dynamics as Biometrics |
| title_sort |
i can be you: questioning the use of keystroke dynamics as biometrics |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2013 |
| url |
https://ink.library.smu.edu.sg/sis_research/1699 https://ink.library.smu.edu.sg/context/sis_research/article/2698/viewcontent/ndss13_tey.pdf |
| _version_ |
1770571456502038528 |