BeCAPTCHA-Type: Biometric Keystroke Data Generation for Improved Bot Detection

This work proposes a data driven learning model for the synthesis of keystroke biometric data. The proposed method is compared with two statistical approaches based on Universal and User-dependent models. These approaches are validated on the bot detection task, using the keystroke synthetic data to improve the training process of keystroke-based bot detection systems. Our experimental framework considers a dataset with 136 million keystroke events from 168 thousand subjects. We have analyzed the performance of the three synthesis approaches through qualitative and quantitative experiments. Different bot detectors are considered based on several supervised classifiers (Support Vector Machine, Random Forest, Gaussian Naive Bayes and a Long Short-Term Memory network) and a learning framework including human and synthetic samples. The experiments demonstrate the realism of the synthetic samples. The classification results suggest that in scenarios with large labeled data, these synthetic samples can be detected with high accuracy. However, in few-shot learning scenarios it represents an important challenge. Furthermore, these results show the great potential of the presented models.Comment: Paper accepted in IEEE Computer Society Workshop on Biometrics (CVPRw) 202

Vulnerability analysis of cyber-behavioral biometric authentication

Research on cyber-behavioral biometric authentication has traditionally assumed naïve (or zero-effort) impostors who make no attempt to generate sophisticated forgeries of biometric samples. Given the plethora of adversarial technologies on the Internet, it is questionable as to whether the zero-effort threat model provides a realistic estimate of how these authentication systems would perform in the wake of adversity. To better evaluate the efficiency of these authentication systems, there is need for research on algorithmic attacks which simulate the state-of-the-art threats. To tackle this problem, we took the case of keystroke and touch-based authentication and developed a new family of algorithmic attacks which leverage the intrinsic instability and variability exhibited by users\u27 behavioral biometric patterns. For both fixed-text (or password-based) keystroke and continuous touch-based authentication, we: 1) Used a wide range of pattern analysis and statistical techniques to examine large repositories of biometrics data for weaknesses that could be exploited by adversaries to break these systems, 2) Designed algorithmic attacks whose mechanisms hinge around the discovered weaknesses, and 3) Rigorously analyzed the impact of the attacks on the best verification algorithms in the respective research domains. When launched against three high performance password-based keystroke verification systems, our attacks increased the mean Equal Error Rates (EERs) of the systems by between 28.6% and 84.4% relative to the traditional zero-effort attack. For the touch-based authentication system, the attacks performed even better, as they increased the system\u27s mean EER by between 338.8% and 1535.6% depending on parameters such as the failure-to-enroll threshold and the type of touch gesture subjected to attack. For both keystroke and touch-based authentication, we found that there was a small proportion of users who saw considerably greater performance degradation than others as a result of the attack. There was also a sub-set of users who were completely immune to the attacks. Our work exposes a previously unexplored weakness of keystroke and touch-based authentication and opens the door to the design of behavioral biometric systems which are resistant to statistical attacks

Snoop-forge-replay attack on continuous verification with keystrokes

We present a new attack called the snoop-forge-replay attack on the keystroke-based continuous verification systems. We performed the attacks on two levels – 1) feature-level and 2) sample-level. (1) Feature-level attack targets specific keystroke-based continuous verification method or system. In feature-level attacks, we performed a series of experiments using keystroke data from 50 users who typed approximately 1200 to 2300 keystrokes of free text during three different periods. The experiments consisted of two parts. In the first part, we conducted zero-effort verification experiments with two verifiers ( R and S ) and obtained Equal Error Rates (EERs) between 10% and 15% under various verifier configurations. In the second part, we replayed 10,000 forged impostor attempts per user and demonstrated how the zero-effort impostor pass rates became meaningless when impostor attempts were created using stolen keystroke timing information. (2) Sample-level attack is not specific to any particular keystroke-based continuous verification method or system. It can be launched with easily available keyloggers and application programming interfaces (APIs) for keystroke synthesis. Our results from 2640 experiments show that (i) the snoop-forge-replay attacks achieve alarmingly high error rates compared to zero-effort impostor attacks, which have been the de facto standard for evaluating keystroke-based continuous verification systems; (ii) four state-of-the-art verification methods, three types of keystroke latencies, and eleven matching-pair settings (–a key parameter in continuous verification with keystrokes) that we examined in this dissertation were susceptible to the attack; (iii) the attack is effective even when as low as 20 to 100 keystrokes were snooped to create forgeries. In light of our results, we question the security offered by the current keystroke-based continuous verification systems. Additionally, in our experiments, we harnessed virtualization technology to generate thousands of keystroke forgeries within a short time span. We point out that virtualization setup such as the one used in our experiments can also be exploited by an attacker to scale and speed up the attack

BehavePassDB: Public Database for Mobile Behavioral Biometrics and Benchmark Evaluation

Mobile behavioral biometrics have become a popular topic of research, reaching promising results in terms of authentication, exploiting a multimodal combination of touchscreen and background sensor data. However, there is no way of knowing whether state-of-the-art classifiers in the literature can distinguish between the notion of user and device. In this article, we present a new database, BehavePassDB, structured into separate acquisition sessions and tasks to mimic the most common aspects of mobile Human-Computer Interaction (HCI). BehavePassDB is acquired through a dedicated mobile app installed on the subjects devices, also including the case of different users on the same device for evaluation. We propose a standard experimental protocol and benchmark for the research community to perform a fair comparison of novel approaches with the state of the art1. We propose and evaluate a system based on Long-Short Term Memory (LSTM) architecture with triplet loss and modality fusion at score levelThis project has received funding from the European Unions Horizon 2020 research and innovation programme under the Marie Skodowska-Curie grant agreement no. 860315, and from Orange Labs. R. Tolosana and R. Vera-Rodriguez are also supported by INTER-ACTION (PID2021-126521OB-I00 MICINN/FEDER

Non-conventional keystroke dynamics for user authentication

This paper introduces an approach for user authentication using free-text keystroke dynamics which incorporates the use of non-conventional keystroke features. Semi-timing features along with editing features are extracted from the user’s typing stream. Decision trees were exploited to classify each of the user’s data. In parallel for comparison, support vector machines (SVMs) were also used for classification in association with an ant colony optimization (ACO) feature selection technique. The results obtained from this study are encouraging as low false accept rates (FAR) and false reject rates (FRR) were achieved in the experimentation phase. This signifies that satisfactory overall system performance was achieved by using the typing attributes in the proposed approach. Thus, the use of non-conventional typing features improves the understanding of human typing behavior and therefore, provides significant contribution to the authentication system

Behavioral biometric based personal authentication in feature phones

The usage of mobile phones has increased multifold in the recent decades mostly because of its utility in most of the aspects of daily life, such as communications, entertainment, and financial transactions. Feature phones are generally the keyboard based or lower version of touch based mobile phones, mostly targeted for efficient calling and messaging. In comparison to smart phones, feature phones have no provision of a biometrics system for the user access. The literature, have shown very less attempts in designing a biometrics system which could be most suitable to the low-cost feature phones. A biometric system utilizes the features and attributes based on the physiological or behavioral properties of the individual. In this research, we explore the usefulness of keystroke dynamics for feature phones which offers an efficient and versatile biometric framework. In our research, we have suggested an approach to incorporate the user’s typing patterns to enhance the security in the feature phone. We have applied k-nearest neighbors (k-NN) with fuzzy logic and achieved the equal error rate (EER) 1.88% to get the better accuracy. The experiments are performed with 25 users on Samsung On7 Pro C3590. On comparison, our proposed technique is competitive with almost all the other techniques available in the literature

Keystroke Biometrics Ongoing Competition

This paper presents the first Keystroke Biometrics Ongoing Competition (KBOC) organized to establish a reproducible baseline in person authentication using keystroke biometrics. The competition has been developed using the BEAT platform and includes one of the largest keystroke databases publicly available based on a fixed text scenario. The database includes genuine and attacker keystroke sequences from 300 users acquired in 4 different sessions distributed in a four month time span. The sequences correspond to the user's name and surname and therefore each user comprises an individual and personal sequence. As baseline for KBOC we report the results of 31 different algorithms evaluated according to performance and robustness. The systems have achieved EERs as low as 5.32% and high robustness against multisession variability with drop of performances lower than 1% for probes separated by months. The entire database is publicly available at the competition website