On the Effectiveness of Sensor-enhanced Keystroke Dynamics Against Statistical Attacks

In recent years, simple password-based authentication systems have increasingly proven ineffective for many classes of real-world devices. As a result, many researchers have concentrated their efforts on the design of new biometric authentication systems. This trend has been further accelerated by the advent of mobile devices, which offer numerous sensors and capabilities to implement a variety of mobile biometric authentication systems. Along with the advances in biometric authentication, however, attacks have also become much more sophisticated and many biometric techniques have ultimately proven inadequate in face of advanced attackers in practice. In this paper, we investigate the effectiveness of sensor enhanced keystroke dynamics, a recent mobile biometric authentication mechanism that combines a particularly rich set of features. In our analysis, we consider different types of attacks, with a focus on advanced attacks that draw from general population statistics. Such attacks have already been proven effective in drastically reducing the accuracy of many state-of-the-art biometric authentication systems. We implemented a statistical attack against sensor enhanced keystroke dynamics and evaluated its impact on detection accuracy. On one hand, our results show that sensor-enhanced keystroke dynamics are generally robust against statistical attacks with a marginal equal-error rate impact (<0.14%). On the other hand, our results show that, surprisingly, keystroke timing features non-trivially weaken the security guarantees provided by sensor features alone. Our findings suggest that sensor dynamics may be a stronger biometric authentication mechanism against recently proposed practical attacks

Privacy-Preserving Crowd-Monitoring using Bloom Filters and Homomorphic Encryption

This paper introduces an architecture for crowd-monitoring which allows statistical counting for pedestrian dynamics while considering privacy-preservation for the individuals being sensed. Monitoring crowds of pedestrians has been an interesting area of study for many years. The recent prevalence of mobile devices paved the way for wide-scale deployments of infrastructures which perform automated sensing. Suddenly, people could be discreetly monitored by leveraging radio signals such as Wi-Fi probe requests periodically sent by their devices. However, this monitoring process implies dealing with sensitive data which is prone to privacy infringement by nature. While routinely performing their tasks, parties involved in this process can try to infer private information about individuals from the data they handle. Following privacy by design principles, we envision a construction which protects the short-term storage and processing of the collected privacy-sensitive sensor readings with strong cryptographic guarantees such that only the end-result (i.e. a statistical count) becomes available in the clear. We combine Bloom filters, to facilitate set membership testing for counting, with homomorphic encryption, to allow the oblivious performance of operations under encryption. We carry out an implementation of our solution using a resource-constrained device as a sensor and perform experiments which demonstrate its feasibility in practice

Challenges in Automated Measurement of Pedestrian Dynamics

Analyzing pedestrian dynamics has since long been an active and practical field of interest. Since the introduction of, in particular, smartphones, various organizations saw a simple means for automatically measuring pedestrian dynamics. The basic idea is simple: network packets sent by WiFi-enabled devices can be collected by sensors and by extracting the unique MAC address from each packet, it should be possible to count how many devices are detected by a single sensor, as well as how devices move between sensors. Although this approach has been commercially deployed for many years, it is now largely forbidden (at least in the EU) due to obvious privacy infringements. In this paper, we address challenges and some potential solutions to automated measurement of pedestrian movements while protecting privacy. The results come from learning the hard way: having run experiments extensively over the past years, we have gradually gained considerable insight in what is possible and what may lie ahead