Presentation is loading. Please wait.

Presentation is loading. Please wait.

I can be You: Questioning the use of Keystroke Dynamics as Biometrics Tey Chee Meng, Payas Gupta, Debin Gao Ke Chen.

Published byJohn Todd Owens Modified over 8 years ago

Similar presentations

Presentation on theme: "I can be You: Questioning the use of Keystroke Dynamics as Biometrics Tey Chee Meng, Payas Gupta, Debin Gao Ke Chen."— Presentation transcript:

1 I can be You: Questioning the use of Keystroke Dynamics as Biometrics Tey Chee Meng, Payas Gupta, Debin Gao Ke Chen

2 Outline Introduction Keystroke biometrics Experimental Design Experimental Results Conclusion

3 Authentication using Biometrics Physiological biometric: – facial features – hand geometry – Fingerprints – iris scans Behavioral biometric: – Signatures – Handwriting – Typing patterns ( i.e. keystroke dynamics )

4 Is Keystroke Biometrics Unique? If imitation is possible, then keystroke dynamics would be unsuitable for use as a biometrics feature. it is possible to imitate someone else’s keystroke typing if appropriate feedback is provided?

5 Keystroke Dynamics Keystroke dynamics refer to information about the typing pattern. pressing and releasing of a keystroke pair (ka, kb) results in 4 timings which are of interest to keystroke biometrics systems

6 Keystroke Dynamics Key-down time: Key-up time: four relative timings can be derived:

7 Data vectorization

8 Anomaly Detector Scoring mean vector

9 Anomaly Detector Scoring absolute deviation vector

10 Anomaly Detector Scoring Euclidean distance based anomaly score Manhattan distance based anomaly score

11 Anomaly Detection Threshold FRR: false rejection rate, decrease as threshold sets higher FAR: false acceptance rate, increase as threshold sets higher EER: equal error rate where FRR=FAR

12 Experiment Design Attack scenarios – the attacker is able to extract the victim pattern from a compromised biometrics database. – the attacker may be able to capture samples of the victim’s keystrokes as she is authenticating (e.g. by installing a key- logger).

13 Choice of Password “serndele” – minimize finger movements on a standard US keyboard. “ths.ouR2” – chosen to maximize finger movements and therefore difficulty of typing.

14 Experiment 1 (e1) Training Data Collection 88 participants were asked to submit 200 samples for each of the two passwords using an existing keystroke dynamics based authentication system.

15 Experiment 2 (e2) Imitation using Euclidean distance 30 minutes imitation task: 84 participants played the role of attackers. 10 victims were randomly chosen from e1. Each attacker was randomly assigned one of the 10 victims, and was given the victim’s mean vector for. Attackers gets real-time feedback of the Euclidean distance based anomaly score.

16 Experiment 3 (e3a) Investigate the additional imitation session with Euclidean distance 14 best attackers were chosen from e2 to perform the same imitation task in e2 for only 20 minutes.

17 Experiment 4 (e3b) Investigate the imitation performance of highly motivated attackers in optimal environment Feedback is based on full victim typing pattern Information (Manhattan distance and absolute deviation)

18 Feedback Interface: Mimesis

19 Experiment Results Result from e1: collision attack given a target organization with 10 high value targets, if a team of 84 attackers were to be assembled, we expect to find on average, one attacker with the same typing pattern as one of the high value targets.

20 Experiment Results Results from e2: Improvement in FAR after imitation training

21 Experiment Results Results from e2: Effect of password difficulty The differences in mean between the easier and the harder password suggest that passwords that are easier to type are also easier to imitate.

22 Experiment Results Results from e2: effect of training duration 56% attackers took no more than 20 minutes to reach their b20 performance.

23 Experiment Results Results from e3a: – 6 attackers improved their b20 FAR – 4 attackers unchanged – 4 attackers worsened

24 Experiment Results Results from e3b:

25 Experiment Results Factors affecting imitation outcome – Gender: male performs significantly better than females – Therefore there exists a weak correlation between the imitation outcome and the similarity between the attacker and victim’s typing pattern – Typing speed, keyboard, Number of trials per minute are not affecting factors

26 Conclusion A user’s typing pattern can be imitated – Trained with incomplete model of the victim’s typing pattern, an attacker’s success rate is around 0.52 – The best attacker increases FAR to 1 after training – When the number of attackers and victims are sizeable, chance of natural collision is significant

27 Conclusion Easier passwords are easily imitated Males are better imitators

28 Questions?

Download ppt "I can be You: Questioning the use of Keystroke Dynamics as Biometrics Tey Chee Meng, Payas Gupta, Debin Gao Ke Chen."

Similar presentations

CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.

CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.
BIOMETRICS Presented By Rickie Jackson.  Outline –Introduction –Biometrics techniques –Strengths, and weaknesses –FAR/FRR –Major Players –Summary.

BIOMETRICS Presented By Rickie Jackson.  Outline –Introduction –Biometrics techniques –Strengths, and weaknesses –FAR/FRR –Major Players –Summary.
BIOMETRICS By Lt Cdr V Pravin 05IT6019. BIOMETRICS  Forget passwords...  Forget pin numbers...  Forget all your security concerns...

BIOMETRICS By Lt Cdr V Pravin 05IT6019. BIOMETRICS  Forget passwords...  Forget pin numbers...  Forget all your security concerns...
Behavior-based Authentication Systems

Behavior-based Authentication Systems
USign—A Security Enhanced Electronic Consent Model Yanyan Li 1 Mengjun Xie 1 Jiang Bian 2 1 University of Arkansas at Little Rock 2 University of Arkansas.

USign—A Security Enhanced Electronic Consent Model Yanyan Li 1 Mengjun Xie 1 Jiang Bian 2 1 University of Arkansas at Little Rock 2 University of Arkansas.
Biometrics.

Biometrics.
Designing a Multi-Biometric System to Fuse Classification Output of Several Pace University Biometric Systems Leigh Anne Clevenger, Laura Davis, Paola.

Designing a Multi-Biometric System to Fuse Classification Output of Several Pace University Biometric Systems Leigh Anne Clevenger, Laura Davis, Paola.
Detecting Computer Intrusions Using Behavioral Biometrics Ahmed Awad E. A, and Issa Traore University of Victoria PST’05 Oct 13,2005.

Detecting Computer Intrusions Using Behavioral Biometrics Ahmed Awad E. A, and Issa Traore University of Victoria PST’05 Oct 13,2005.
66: Priyanka J. Sawant 67: Ayesha A. Upadhyay 75: Sumeet Sukthankar.

66: Priyanka J. Sawant 67: Ayesha A. Upadhyay 75: Sumeet Sukthankar.
Section 2.3.5 – Biometrics 1. Biometrics Biometric refers to any measure used to uniquely identify a person based on biological or physiological traits.

Section – Biometrics 1. Biometrics Biometric refers to any measure used to uniquely identify a person based on biological or physiological traits.
Biometrics Technology Jie Meng. What is Biometrics ? Biometrics is the science and technology of measuring and analyzing biological data. In information.

Biometrics Technology Jie Meng. What is Biometrics ? Biometrics is the science and technology of measuring and analyzing biological data. In information.
Keystroke Biometric : ROC Experiments Team Abhishek Kanchan Priyanka Ranadive Sagar Desai Pooja Malhotra Ning Wang.

Keystroke Biometric : ROC Experiments Team Abhishek Kanchan Priyanka Ranadive Sagar Desai Pooja Malhotra Ning Wang.
CS 691 - Team 5 Alex Wong Raheel Khan Rumeiz Hasseem Swati Bharati Biometric Authentication System.

CS Team 5 Alex Wong Raheel Khan Rumeiz Hasseem Swati Bharati Biometric Authentication System.
Department of Electrical and Computer Engineering Physical Biometrics Matthew Webb ECE 8741.

Department of Electrical and Computer Engineering Physical Biometrics Matthew Webb ECE 8741.
Keystroke Biometric Studies Security Research at Pace Keystroke Biometric Drs. Charles Tappert and Allen Stix Seidenberg School of CSIS.

Keystroke Biometric Studies Security Research at Pace Keystroke Biometric Drs. Charles Tappert and Allen Stix Seidenberg School of CSIS.
FIT3105 Biometric based authentication and identity management

FIT3105 Biometric based authentication and identity management
1 November 2004 1 Applicability of Biometrics As a Means of Authentication Scholarship for Service William Kwan.

1 November Applicability of Biometrics As a Means of Authentication Scholarship for Service William Kwan.
Introduction to Biometrics Dr. Pushkin Kachroo. New Field Face recognition from computer vision Speaker recognition from signal processing Finger prints.

Introduction to Biometrics Dr. Pushkin Kachroo. New Field Face recognition from computer vision Speaker recognition from signal processing Finger prints.
Keystroke Biometric Studies Keystroke Biometric Identification and Authentication on Long-Text Input Book chapter in Behavioral Biometrics for Human Identification.

Keystroke Biometric Studies Keystroke Biometric Identification and Authentication on Long-Text Input Book chapter in Behavioral Biometrics for Human Identification.
Robert S. Zack, Charles C. Tappert, and Sung-Hyuk Cha Pace University, New York Performance of a Long-Text-Input Keystroke Biometric Authentication System.

Robert S. Zack, Charles C. Tappert, and Sung-Hyuk Cha Pace University, New York Performance of a Long-Text-Input Keystroke Biometric Authentication System.

Similar presentations

Ads by Google