3 research outputs found
A Key to Your Heart: Biometric Authentication Based on ECG Signals
In recent years, there has been a shift of interest towards the field of
biometric authentication, which proves the identity of the user using their
biological characteristics. We explore a novel biometric based on the
electrical activity of the human heart in the form of electrocardiogram (ECG)
signals. In order to explore the stability of ECG as a biometric, we collect
data from 55 participants over two sessions with a period of 4 months in
between. We also use a consumer-grade ECG monitor that is more affordable and
usable than a medical-grade counterpart. Using a standard approach to evaluate
our classifier, we obtain error rates of 2.4% for data collected within one
session and 9.7% for data collected across two sessions. The experimental
results suggest that ECG signals collected using a consumer-grade monitor can
be successfully used for user authentication.Comment: Appears in the "Who Are You?! Adventures in Authentication" workshop
(WAY 2019) co-located with the Symposium on Usable Privacy and Security
(SOUPS
PILOT: Password and PIN Information Leakage from Obfuscated Typing Videos
This paper studies leakage of user passwords and PINs based on observations
of typing feedback on screens or from projectors in the form of masked
characters that indicate keystrokes. To this end, we developed an attack called
Password and Pin Information Leakage from Obfuscated Typing Videos (PILOT). Our
attack extracts inter-keystroke timing information from videos of password
masking characters displayed when users type their password on a computer, or
their PIN at an ATM. We conducted several experiments in various attack
scenarios. Results indicate that, while in some cases leakage is minor, it is
quite substantial in others. By leveraging inter-keystroke timings, PILOT
recovers 8-character alphanumeric passwords in as little as 19 attempts. When
guessing PINs, PILOT significantly improved on both random guessing and the
attack strategy adopted in our prior work [4]. In particular, we were able to
guess about 3% of the PINs within 10 attempts. This corresponds to a 26-fold
improvement compared to random guessing. Our results strongly indicate that
secure password masking GUIs must consider the information leakage identified
in this paper