TY - GEN
T1 - Making impostor pass rates meaningless
T2 - 2011 IEEE Computer Society Conference on Computer Vision and Pattern Recognition Workshops, CVPRW 2011
AU - Rahman, Khandaker A.
AU - Balagani, Kiran S.
AU - Phoha, Vir V.
PY - 2011
Y1 - 2011
N2 - Previous efforts in continuous cyber-behavioral verification have considered only zero-effort impostor attacks. Taking continuous verification with keystroke dynamics as a case in point, we demonstrate that forgery attempts created using snooped information (stolen keystroke timing information in our case) have alarmingly high success rates. In our experiments, with as little as 50 to 200 snooped keystrokes (roughly, less than two lines of text typed in a typical email), we were able to create forgeries that had as high as 87.75 percent success rates against verifier configurations that showed less than 11 percent "zero-effort" impostor pass rates. We performed experiments using keystroke data from 50 users who typed approximately 1300 to 2900 keystrokes of free text during three different periods. Our experiments consisted of two parts. In the first part, we conducted zero-effort verification experiments with two verifiers ("R" and "S") and obtained EERs between 10 and 15 percent under various verifier configurations. In the second part, we replayed 10,000 forged impostor attempts per user and demonstrated how the zero-effort impostor pass rates became meaningless when impostor attempts were created using stolen keystroke timing information.
AB - Previous efforts in continuous cyber-behavioral verification have considered only zero-effort impostor attacks. Taking continuous verification with keystroke dynamics as a case in point, we demonstrate that forgery attempts created using snooped information (stolen keystroke timing information in our case) have alarmingly high success rates. In our experiments, with as little as 50 to 200 snooped keystrokes (roughly, less than two lines of text typed in a typical email), we were able to create forgeries that had as high as 87.75 percent success rates against verifier configurations that showed less than 11 percent "zero-effort" impostor pass rates. We performed experiments using keystroke data from 50 users who typed approximately 1300 to 2900 keystrokes of free text during three different periods. Our experiments consisted of two parts. In the first part, we conducted zero-effort verification experiments with two verifiers ("R" and "S") and obtained EERs between 10 and 15 percent under various verifier configurations. In the second part, we replayed 10,000 forged impostor attempts per user and demonstrated how the zero-effort impostor pass rates became meaningless when impostor attempts were created using stolen keystroke timing information.
UR - http://www.scopus.com/inward/record.url?scp=80054932298&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=80054932298&partnerID=8YFLogxK
U2 - 10.1109/CVPRW.2011.5981729
DO - 10.1109/CVPRW.2011.5981729
M3 - Conference contribution
AN - SCOPUS:80054932298
SN - 9781457705298
T3 - IEEE Computer Society Conference on Computer Vision and Pattern Recognition Workshops
SP - 31
EP - 38
BT - 2011 IEEE Computer Society Conference on Computer Vision and Pattern Recognition Workshops, CVPRW 2011
PB - IEEE Computer Society
Y2 - 20 June 2011 through 25 June 2011
ER -