Get 20M+ Full-Text Papers For Less Than $1.50/day. Start a 14-Day Trial for You or Your Team.

Learn More →

Toward Robotic Robbery on the Touch Screen

Toward Robotic Robbery on the Touch Screen Despite the tremendous amount of research fronting the use of touch gestures as a mechanism of continuous authentication on smart phones, very little research has been conducted to evaluate how these systems could behave if attacked by sophisticated adversaries. In this article, we present two Lego-driven robotic attacks on touch-based authentication: a population statistics--driven attack and a user-tailored attack. The population statistics--driven attack is based on patterns gleaned from a large population of users, whereas the user-tailored attack is launched based on samples stolen from the victim. Both attacks are launched by a Lego robot that is trained on how to swipe on the touch screen. Using seven verification algorithms and a large dataset of users, we show that the attacks cause the systems mean false acceptance rate (FAR) to increase by up to fivefold relative to the mean FAR seen under the standard zero-effort impostor attack. The article demonstrates the threat that robots pose to touch-based authentication and provides compelling evidence as to why the zero-effort attack should cease to be used as the benchmark for touch-based authentication systems. http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png ACM Transactions on Information and System Security (TISSEC) Association for Computing Machinery

Loading next page...
 
/lp/association-for-computing-machinery/toward-robotic-robbery-on-the-touch-screen-AkzSiaktuj

References (35)

Publisher
Association for Computing Machinery
Copyright
Copyright © 2016 ACM
ISSN
1094-9224
eISSN
1557-7406
DOI
10.1145/2898353
Publisher site
See Article on Publisher Site

Abstract

Despite the tremendous amount of research fronting the use of touch gestures as a mechanism of continuous authentication on smart phones, very little research has been conducted to evaluate how these systems could behave if attacked by sophisticated adversaries. In this article, we present two Lego-driven robotic attacks on touch-based authentication: a population statistics--driven attack and a user-tailored attack. The population statistics--driven attack is based on patterns gleaned from a large population of users, whereas the user-tailored attack is launched based on samples stolen from the victim. Both attacks are launched by a Lego robot that is trained on how to swipe on the touch screen. Using seven verification algorithms and a large dataset of users, we show that the attacks cause the systems mean false acceptance rate (FAR) to increase by up to fivefold relative to the mean FAR seen under the standard zero-effort impostor attack. The article demonstrates the threat that robots pose to touch-based authentication and provides compelling evidence as to why the zero-effort attack should cease to be used as the benchmark for touch-based authentication systems.

Journal

ACM Transactions on Information and System Security (TISSEC)Association for Computing Machinery

Published: May 6, 2016

Keywords: Touch gestures

There are no references for this article.