Access the full text.
Sign up today, get DeepDyve free for 14 days.
R. Bolle, Sharath Pankanti, N. Ratha (2000)
Evaluation techniques for biometrics-based authentication systems (FRR)Proceedings 15th International Conference on Pattern Recognition. ICPR-2000, 2
U. Uludag, Anil Jain (2004)
Attacks on biometric systems: a case study in fingerprints, 5306
L. Ballard, S. Kamara, F. Monrose, M. Reiter (2008)
Towards practical biometric key generation with randomized biometric templatesProceedings of the 15th ACM conference on Computer and communications security
Abdul Serwadda, V. Phoha (2013)
Examining a Large Keystroke Biometrics Dataset for Statistical-Attack OpeningsACM Trans. Inf. Syst. Secur., 16
S. Govindarajan, Paolo Gasti, K. Balagani (2013)
Secure privacy-preserving protocols for outsourcing continuous authentication of smartphone users with touch data2013 IEEE Sixth International Conference on Biometrics: Theory, Applications and Systems (BTAS)
N. Beebe (2015)
A Complete Bibliography of ACM Transactions on Information and System Security
Shigeo DrEng (2001)
Pattern Classification
Emmanuel Owusu, Jun Han, Sauvik Das, A. Perrig, J. Zhang (2012)
ACCessory: password inference using accelerometers on smartphones
T. Cover, P. Hart (1967)
Nearest neighbor pattern classificationIEEE Trans. Inf. Theory, 13
(2015)
Received March
Zibo Wang, Abdul Serwadda, K. Balagani, V. Phoha (2012)
Transforming animals in a cyber-behavioral biometric menagerie with Frog-Boiling attacks2012 IEEE Fifth International Conference on Biometrics: Theory, Applications and Systems (BTAS)
Corinna Cortes, V. Vapnik (1995)
Support-Vector NetworksMachine Learning, 20
Abdul Serwadda, V. Phoha, Zibo Wang (2013)
Which verifiers work?: A benchmark evaluation of touch-based authentication algorithms2013 IEEE Sixth International Conference on Biometrics: Theory, Applications and Systems (BTAS)
Chee Tey, Payas Gupta, Debin Gao (2013)
I can be You: Questioning the use of Keystroke Dynamics as Biometrics
Adam Aviv, Katherine Gibson, Evan Mossop, M. Blaze, Jonathan Smith (2010)
Smudge Attacks on Smartphone Touch Screens
S. Hong (1997)
Data miningFuture Gener. Comput. Syst., 13
Xi Zhao, Tao Feng, W. Shi (2013)
Continuous mobile authentication using a novel Graphic Touch Gesture Feature2013 IEEE Sixth International Conference on Biometrics: Theory, Applications and Systems (BTAS)
Lingjun Li, Xinxin Zhao, G. Xue (2013)
Unobservable Re-authentication for Smartphones
Tao Feng, Ziyi Liu, Kyeong-An Kwon, W. Shi, Bogdan Carbunar, Jiang Yifei, Nhung Nguyen (2012)
Continuous mobile authentication using touchscreen gestures2012 IEEE Conference on Technologies for Homeland Security (HST)
R. Duda, P. Hart, D. Stork (2002)
Pattern Classification (2nd edJohn Wiley & Sons.
Kevin Killourhy, R. Maxion (2009)
Comparing anomaly-detection algorithms for keystroke dynamics2009 IEEE/IFIP International Conference on Dependable Systems & Networks
A. Luca, Alina Hang, Frederik Brudy, Christian Lindner, H. Hussmann (2012)
Touch me once and i know it's you!: implicit authentication based on touch screen patternsProceedings of the SIGCHI Conference on Human Factors in Computing Systems
อนิรุธ สืบสิงห์ (2014)
Data Mining Practical Machine Learning Tools and TechniquesJournal of management science, 3
L. Breiman (2001)
Random ForestsMachine Learning, 45
L. Ballard, F. Monrose, D. Lopresti (2006)
Biometric Authentication Revisited: Understanding the Impact of Wolves in Sheep's Clothing
John Sinclair, Herbert Wiegand, Richard Allsopp, James Arthurs, Arthur Bronstein, Louise Dagenais, Robert London, Christian Kay, Johan Leiden, Franciscus Junius, B. Kipfer, Alan Kirkness, A. Cowie, Ton Broeders, Phil Hyams, Thomas Creamer, Takoma Park, N. Kharma, Hans-Peder Kromann, Theis Riiber, Poul Rosbach, E. Lovatt, J. Mdee, H. Niedzielski, Viggo Pedersen, Sandra Thompson (1992)
TABLE OF CONTENTS Preface
(2005)
Timeless Toys: Classic Toys and the Playmakers Who Created Them
Kevin S. Killourhy, Roy A. Maxion (2009)
Comparing anomaly-detection algorithms for keystroke dynamicsProceedings of the 39th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN’09)
Ian H. Witten, Eibe Frank (2005)
Data Mining: Practical Machine Learning Tools and Techniques (2nd edMorgan Kaufmann
E. Mauch (2001)
Using Technological Innovation to Improve the Problem-Solving Skills of Middle School Students: Educators' Experiences with the LEGO Mindstorms Robotic Invention SystemThe Clearing House: A Journal of Educational Strategies, Issues and Ideas, 74
Mario Frank, R. Biedert, Eugene Ma, I. Martinovic, D. Song (2012)
Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometric for Continuous AuthenticationIEEE Transactions on Information Forensics and Security, 8
L. Ballard, D. Lopresti, F. Monrose (2007)
Forgery Quality and Its Implications for Behavioral Biometric SecurityIEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics), 37
Abdul Serwadda, V. Phoha (2013)
When kids' toys breach mobile phone securityProceedings of the 2013 ACM SIGSAC conference on Computer & communications security
M. Gail, S. Green (1976)
Critical Values for the One-Sided Two-Sample Kolmogorov-Smirnov StatisticJournal of the American Statistical Association, 71
K. Rahman, K. Balagani, V. Phoha (2013)
Snoop-Forge-Replay Attacks on Continuous Verification With KeystrokesIEEE Transactions on Information Forensics and Security, 8
Despite the tremendous amount of research fronting the use of touch gestures as a mechanism of continuous authentication on smart phones, very little research has been conducted to evaluate how these systems could behave if attacked by sophisticated adversaries. In this article, we present two Lego-driven robotic attacks on touch-based authentication: a population statistics--driven attack and a user-tailored attack. The population statistics--driven attack is based on patterns gleaned from a large population of users, whereas the user-tailored attack is launched based on samples stolen from the victim. Both attacks are launched by a Lego robot that is trained on how to swipe on the touch screen. Using seven verification algorithms and a large dataset of users, we show that the attacks cause the systems mean false acceptance rate (FAR) to increase by up to fivefold relative to the mean FAR seen under the standard zero-effort impostor attack. The article demonstrates the threat that robots pose to touch-based authentication and provides compelling evidence as to why the zero-effort attack should cease to be used as the benchmark for touch-based authentication systems.
ACM Transactions on Information and System Security (TISSEC) – Association for Computing Machinery
Published: May 6, 2016
Keywords: Touch gestures
Read and print from thousands of top scholarly journals.
Already have an account? Log in
Bookmark this article. You can see your Bookmarks on your DeepDyve Library.
To save an article, log in first, or sign up for a DeepDyve account if you don’t already have one.
Copy and paste the desired citation format or use the link below to download a file formatted for EndNote
Access the full text.
Sign up today, get DeepDyve free for 14 days.
All DeepDyve websites use cookies to improve your online experience. They were placed on your computer when you launched this website. You can change your cookie settings through your browser.