Machine Learning
Data Mining: Practical Machine Learning Tools and Techniques, Second Edition (Morgan Kaufmann Series in Data Management Systems)
Towards practical biometric key generation with randomized biometric templates
Proceedings of the 15th ACM conference on Computer and communications security
IEEE Transactions on Pattern Analysis and Machine Intelligence
Exploiting the "Doddington Zoo" effect in biometric fusion
BTAS'09 Proceedings of the 3rd IEEE international conference on Biometrics: Theory, applications and systems
Smudge attacks on smartphone touch screens
WOOT'10 Proceedings of the 4th USENIX conference on Offensive technologies
ACCessory: password inference using accelerometers on smartphones
Proceedings of the Twelfth Workshop on Mobile Computing Systems & Applications
Biometric-rich gestures: a novel approach to authentication on multi-touch devices
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Touch me once and i know it's you!: implicit authentication based on touch screen patterns
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Forgery Quality and Its Implications for Behavioral Biometric Security
IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics
Nearest neighbor pattern classification
IEEE Transactions on Information Theory
Examining a Large Keystroke Biometrics Dataset for Statistical-Attack Openings
ACM Transactions on Information and System Security (TISSEC)
Towards application-centric implicit authentication on smartphones
Proceedings of the 15th Workshop on Mobile Computing Systems and Applications
Hi-index | 0.00 |
Touch-based verification --- the use of touch gestures (e.g., swiping, zooming, etc.) to authenticate users of touch screen devices --- has recently been widely evaluated for its potential to serve as a second layer of defense to the PIN lock mechanism. In all performance evaluations of touch-based authentication systems however, researchers have assumed naive (zero-effort) forgeries in which the attacker makes no effort to mimic a given gesture pattern. In this paper we demonstrate that a simple "Lego" robot driven by input gleaned from general population swiping statistics can generate forgeries that achieve alarmingly high penetration rates against touch-based authentication systems. Using the best classification algorithms in touch-based authentication, we rigorously explore the effect of the attack, finding that it increases the Equal Error Rates of the classifiers by between 339% and 1004% depending on parameters such as the failure-to-enroll threshold and the type of touch stroke generated by the robot. The paper calls into question the zero-effort impostor testing approach used to benchmark the performance of touch-based authentication systems.