706 research outputs found
Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometric for Continuous Authentication
We investigate whether a classifier can continuously authenticate users based
on the way they interact with the touchscreen of a smart phone. We propose a
set of 30 behavioral touch features that can be extracted from raw touchscreen
logs and demonstrate that different users populate distinct subspaces of this
feature space. In a systematic experiment designed to test how this behavioral
pattern exhibits consistency over time, we collected touch data from users
interacting with a smart phone using basic navigation maneuvers, i.e., up-down
and left-right scrolling. We propose a classification framework that learns the
touch behavior of a user during an enrollment phase and is able to accept or
reject the current user by monitoring interaction with the touch screen. The
classifier achieves a median equal error rate of 0% for intra-session
authentication, 2%-3% for inter-session authentication and below 4% when the
authentication test was carried out one week after the enrollment phase. While
our experimental findings disqualify this method as a standalone authentication
mechanism for long-term authentication, it could be implemented as a means to
extend screen-lock time or as a part of a multi-modal biometric authentication
system.Comment: to appear at IEEE Transactions on Information Forensics & Security;
Download data from http://www.mariofrank.net/touchalytics
Application of Keystroke Dynamics Modelling Techniques to Strengthen the User Identification in the Context of E-commerce
Keystroke dynamics is a biometric technique to identify users based on analysing habitual rhythm patterns in their typing behaviour.
In e-commerce, this technique brings benefits to both security and the analysis of patterns of consumer behaviour. This paper focuses on analysing the keystroke dynamics against an e-commerce site for personal identification. This paper is an empirical reinforcement of previous works, with data extracted from realistic conditions that are of most interest for the practical application of modelling keystroke dynamics in free texts. It was a collaborative work with one of the leading e-commerce companies in Latin America. Experimental results showed that it was possible to identify typists with an accuracy of 89% from a sampling of 300 randomly selected users just by reading comment field keystrokes.VII Workshop Seguridad Informática (WSI)Red de Universidades con Carreras en Informática (RedUNCI
GANTouch: An Attack-Resilient Framework for Touch-based Continuous Authentication System
Previous studies have shown that commonly studied (vanilla) implementations
of touch-based continuous authentication systems (V-TCAS) are susceptible to
active adversarial attempts. This study presents a novel Generative Adversarial
Network assisted TCAS (G-TCAS) framework and compares it to the V-TCAS under
three active adversarial environments viz. Zero-effort, Population, and
Random-vector. The Zero-effort environment was implemented in two variations
viz. Zero-effort (same-dataset) and Zero-effort (cross-dataset). The first
involved a Zero-effort attack from the same dataset, while the second used
three different datasets. G-TCAS showed more resilience than V-TCAS under the
Population and Random-vector, the more damaging adversarial scenarios than the
Zero-effort. On average, the increase in the false accept rates (FARs) for
V-TCAS was much higher (27.5% and 21.5%) than for G-TCAS (14% and 12.5%) for
Population and Random-vector attacks, respectively. Moreover, we performed a
fairness analysis of TCAS for different genders and found TCAS to be fair
across genders. The findings suggest that we should evaluate TCAS under active
adversarial environments and affirm the usefulness of GANs in the TCAS
pipeline.Comment: 11 pages, 7 figures, 2 tables, 3 algorithms, in IEEE TBIOM 202
- …