I can be You: Questioning the use of Keystroke Dynamics as Biometrics —Paper by Tey Chee Meng, Payas Gupta, Debin Gao Presented by: Kai Li Department of.

Slides:

Advertisements

Similar presentations

G. Alonso, D. Kossmann Systems Group

Advertisements

Behavior-based Authentication Systems

USign—A Security Enhanced Electronic Consent Model Yanyan Li 1 Mengjun Xie 1 Jiang Bian 2 1 University of Arkansas at Little Rock 2 University of Arkansas.

Designing a Multi-Biometric System to Fuse Classification Output of Several Pace University Biometric Systems Leigh Anne Clevenger, Laura Davis, Paola.

Detecting Computer Intrusions Using Behavioral Biometrics Ahmed Awad E. A, and Issa Traore University of Victoria PST’05 Oct 13,2005.

Section – Biometrics 1. Biometrics Biometric refers to any measure used to uniquely identify a person based on biological or physiological traits.

Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science © Matt.

CS Team 5 Alex Wong Raheel Khan Rumeiz Hasseem Swati Bharati Biometric Authentication System.

Department of Electrical and Computer Engineering Physical Biometrics Matthew Webb ECE 8741.

Miscreant of Social Networks Paper1: Social Honeypots, Making Friends With A Spammer Near You Paper2: Social phishing Kai and Isaac.

Keystroke Biometric Studies Security Research at Pace Keystroke Biometric Drs. Charles Tappert and Allen Stix Seidenberg School of CSIS.

User Personas Assignment IS 485, Professor Matt Thatcher.

Introduction to Biometrics Dr. Pushkin Kachroo. New Field Face recognition from computer vision Speaker recognition from signal processing Finger prints.

Computing Trust in Social Networks

Based on a fine paper byPhilippe Zimmermann

Keystroke Biometric Studies Keystroke Biometric Identification and Authentication on Long-Text Input Book chapter in Behavioral Biometrics for Human Identification.

Robert S. Zack, Charles C. Tappert, and Sung-Hyuk Cha Pace University, New York Performance of a Long-Text-Input Keystroke Biometric Authentication System.

05/06/2005CSIS © M. Gibbons On Evaluating Open Biometric Identification Systems Spring 2005 Michael Gibbons School of Computer Science & Information Systems.

Experience in Applying Online Learning Techniques in Computer Science & Engineering Dr. Aiman H. El-Maleh Computer Engineering Department King Fahd University.

Who’s Viewed You? The Impact of Feedback in a Mobile Location-Sharing Application Date : 2011/09/06 Reporter : Lin Kelly.

Thermal imaging of ear biometrics Steinar Watne. Outline – Introduction to biometrics – Ear as biometric – Research questions – Experiment – Pre-processing.

Zachary Olson and Yukari Hagio CIS 4360 Computer Security November 19, 2008.

EVALUATION David Kauchak CS 451 – Fall Admin Assignment 3 - change constructor to take zero parameters - instead, in the train method, call getFeatureIndices()

Intrusion and Anomaly Detection in Network Traffic Streams: Checking and Machine Learning Approaches ONR MURI area: High Confidence Real-Time Misuse and.

Dr. Engr. Sami ur Rahman Assistant Professor Department of Computer Science University of Malakand Research Methods in Computer Science Lecture: Research.

Extracting Places and Activities from GPS Traces Using Hierarchical Conditional Random Fields Yong-Joong Kim Dept. of Computer Science Yonsei.

Module 4: Systems Development Chapter 13: Investigation and Analysis.

Analyzing Reliability and Validity in Outcomes Assessment (Part 1) Robert W. Lingard and Deborah K. van Alphen California State University, Northridge.

1 Biometrics and the Department of Defense February 17, 2003.

N ew Security Approaches Biometric Technologies are Coming of Age ANIL KUMAR GUPTA & SUMIT KUMAR CHOUDHARY.

Introduction to Biometrics Charles Tappert Seidenberg School of CSIS, Pace University.

Chapter 8 Introduction to Hypothesis Testing

Keystroke Dynamics Etem DENİZ, Buğra KOCATÜRK, Gülşah YILDIZOĞLU, Ömer UZUN Boğaziçi University, CMPE, May 2010.

Presented by Qian Zou.  The purpose of conducting the experiments.  The methodology for the experiments.  The Experimental Design : Cohesion Experiments.

Keystroke Biometric System Client: Dr. Mary Villani Instructor: Dr. Charles Tappert Team 4 Members: Michael Wuench ; Mingfei Bi ; Evelin Urbaez ; Shaji.

User Authentication Using Keystroke Dynamics Jeff Hieb & Kunal Pharas ECE 614 Spring 2005 University of Louisville.

Learning From Assessment: Evaluating the Benefits of DALI (Diagnostic Assessment Learning Interface) Hershbinder Mann & Guinevere Glasfurd-Brown, University.

Selim Akyokus AIA /2/ AIA 2007 ENHANCED PASSWORD AUTENTICATION THROUGH KEYSTROKE TYPING CHARACTERISTICS Ozlem Guven(1), Selim Akyokus(1),

One-class Training for Masquerade Detection Ke Wang, Sal Stolfo Columbia University Computer Science IDS Lab.

Biometrics Stephen Schmidt Brian Miller Devin Reid.

COMP 208/214/215/216 – Lecture 8 Demonstrations and Portfolios.

Chapter 7 Probability and Samples: The Distribution of Sample Means.

Keystroke Authentication It’s All in How You Type John C. Checco BiometriTech 2003 bioChec™

Biometrics Authentication Technology

Login session using mouse biometrics A static authentication proposal using mouse biometrics Christopher Johnsrud Fullu 2008.

Introduction to CEM Secondary Pre-16 Information Systems Nicola Forster & Neil Defty Secondary Systems Programme Managers London, June 2011.

1 1 Spatialized Haptic Rendering: Providing Impact Position Information in 6DOF Haptic Simulations Using Vibrations 9/12/2008 Jean Sreng, Anatole Lécuyer,

Secure Unlocking of Mobile Touch Screen Devices by Simple Gestures – You can see it but you can not do it Muhammad Shahzad, Alex X. Liu Michigan State.

Objectives: Terminology Components The Design Cycle Resources: DHS Slides – Chapter 1 Glossary Java Applet URL:.../publications/courses/ece_8443/lectures/current/lecture_02.ppt.../publications/courses/ece_8443/lectures/current/lecture_02.ppt.

INTRODUCTION TO BIOMATRICS ACCESS CONTROL SYSTEM Prepared by: Jagruti Shrimali Guided by : Prof. Chirag Patel.

L. F. Coppenrath & Associates PASSWORD BIOPASSWORD ® Biometric Keystroke Dynamics Technology Overview.

The Kirkpatrick Model organizational change Richard Lambert, Ph.D.

I can be You: Questioning the use of Keystroke Dynamics as Biometrics Tey Chee Meng, Payas Gupta, Debin Gao Ke Chen.

Presentation for CDA6938 Network Security, Spring 2006 Timing Analysis of Keystrokes and Timing Attacks on SSH Authors: Dawn Xiaodong Song, David Wagner,

Keystroke Dynamics By Hafez Barghouthi.

A Framework for Detection and Measurement of Phishing Attacks Reporter: Li, Fong Ruei National Taiwan University of Science and Technology 2/25/2016 Slide.

The Value of USAP in Software Architecture Design Presentation by: David Grizzanti.

1 Collecting and Interpreting Quantitative Data Deborah K. van Alphen and Robert W. Lingard California State University, Northridge.

By Kyle Bickel. Road Map Biometric Authentication Biometric Factors User Authentication Factors Biometric Techniques Conclusion.

Privacy Vulnerability of Published Anonymous Mobility Traces Chris Y. T. Ma, David K. Y. Yau, Nung Kwan Yip (Purdue University) Nageswara S. V. Rao (Oak.

Flight Design Project. Objective To design a device to travel as far as possible in the air using only the materials provided Best flight ever:

Day 8 Usability testing.

A review of audio fingerprinting (Cano et al. 2005)

Supervised Time Series Pattern Discovery through Local Importance

IMPAIRED-USER INPUT SCENARIOS FOR KEYSTROKE BIOMETRIC AUTHENTICATION

Understanding and Exploiting Amazon EC2 Spot Instances

Hu Li Moments for Low Resolution Thermal Face Recognition

Anindya Maiti, Murtuza Jadliwala, Jibo He Igor Bilogrevic

Collecting and Interpreting Quantitative Data – Introduction (Part 1)

Presentation transcript:

I can be You: Questioning the use of Keystroke Dynamics as Biometrics —Paper by Tey Chee Meng, Payas Gupta, Debin Gao Presented by: Kai Li Department of Computer Science University of Central Florida Orlando FL 32816

Outline  Introduction  Approaches of keystroke biometric system –Keystroke features –Anomaly detection and accuracy measures  Experimental Design  Experimental Results  Conclusion  My Comments –Contributions –Weaknesses

Biometrics  Physiological biometric: biometric based on the physical trait of an individual –Facial features –Fingerprints –DNA  Behavioral biometric: biometric based on the behavioral trait of an individual –Signatures –Handwriting –Typing patterns (i.e. key stroke dynamics)

Keystroke biometrics  Using keystroke dynamics is based on the assumption that each person has a unique keystroke rhythm  Question the uniqueness property: –Is imitation possible ? –What information is needed to imitate? –How to effectively imitate ?

Keystroke features

Inter-keystroke time Hold time

Anomaly Detection

FAR FRR

Experiment Design  Attack scenarios –The attacker is able to acquire the victim patterns from a compromised biometrics database –The attacker is able to capture samples of the victim’s keystroke (e.g. by installing a key-logger)  Choice of password –Weak password: ‘serndele’ –Strong password: ‘ths.ouR2’

Experiment Design  Four sets of experiments are designed –Experiment 1 (e1) Goal: User Data Collection Details: 88 users were asked to submit 200 samples for each of the two passwords using an existing keystroke dynamics based authentication system.

Experiment Design  Four sets of experiments are designed –Experiment 2 (e2): Goal: Evaluate imitation results given partial user data as feedback Details: 84 participants played the role of attackers. 10 victims were randomly chosen from e1. Each attacker was randomly assigned one of the 10 victims, and was given the victim’s mean vector for 30 minutes imitation task. Attackers gets real-time feedback based on Euclidean distance based anomaly score.

Experiment Design  Four sets of experiments are designed –Experiment 3 (e3a): Goal: Investigate the effect an additional session has on the imitation performance Details: 14 best attackers were chosen from e2 to perform the same imitation task in e2 for only 20 minutes. –Experiment 4 (e3b): Goal: Investigate the imitation performance of highly motivated attackers in optimal environment (e.g. full victim parameters, extended time) Details:14 attackers are the same as in e3a. Feedback is based on full victim typing pattern information (Manhattan distance and absolute deviation)

Experiment Design  Feedback interface: Mimesis

Experiment Results  Typing profile of an attacker

Experiment Results  Results from e1: collision attack –Given a target organization with 10 high value targets, if a team of 84 attackers were to be assembled, we expect to find on average, one attacker with the same typing pattern as one of the high value targets.

Experiment Results  Imitation outcome of e2 –b20 data set: an attacker’s best 20 consecutive tries in an experiment Attackers with degraded performance Attackers with improved performance

Experiment Results  Results from e2: effect of password difficulty The effectiveness of keystroke biometrics in mitigating weak passwords is lesser than assumed

Experiment Results  Results from e2: effect of attacker consistency Imitation performance based on consistency in e1 Consistency scores in e1 and e2

Experiment Results  Results from e2: effect of training duration –56% attackers took no more than 20 minutes to reach their b20 performance. Time required to reach b20 performance

Experiment Results  Imitation outcome of e3a –6 attackers improved their b20 FAR –4 attackers unchanged –4 attackers worsened

Experiment Results  Imitation outcome of e3b Almost all attackers were able to achieve near perfect imitation of their victims The original FRR and FAR of a victim, and the FAR of his two assigned attackers

Experiment Results  Results from e3b: training time to achieve b20 FAR –64% attackers peak their performance in 20 minutes or less –Two highly motivated participants took nearly 2 hours

Experiment Results  Factors affecting imitation outcome –Gender: male performs significantly better than females –Initial typing similarity with the victim: weak correlation –Typing speed, keyboard, Number of trials per minute are not affecting factors

Conclusion  A user’s typing pattern can be imitated –Trained with incomplete model of the victim’s typing pattern, an attacker’s success rate is around 0.52 –The best attacker increases FAR to 1 after training –When the number of attackers and victims are sizeable, chance of natural collision is significant  Factors that affect the imitation performance –Easier passwords are easily imitated –Males are better imitators

Comments  Contributions –Extensive experiments are designed to study different keystroke dynamic imitation scenarios –Show by concrete results that keystroke dynamics biometric system can be compromised by attackers after imitation training –Design a friendly user interface for imitation training  Weakness –Deliberately exclude the key up-down timing, which might have an negative on the imitation –b20 performance do not actually represent real attacking performance –Too many experiments, some are not important. Technical contribution is limited.

Questions?