Snoop-forge-replay attacks on continuous verification with keystrokes

Khandaker A. Rahman, Kiran S. Balagani, Vir V. Phoha

Research output: Contribution to journalArticlepeer-review

45 Scopus citations


We present a new attack called the snoop-forge-replay attack on keystroke-based continuous verification systems. The snoop-forge-replay is a sample-level forgery attack and is not specific to any particular keystroke-based continuous verification method or system. It can be launched with easily available keyloggers and APIs for keystroke synthesis. Our results from 2640 experiments show that: 1) the snoop-forge-replay attacks achieve alarmingly high error rates compared to zero-effort impostor attacks, which have been the de facto standard for evaluating keystroke-based continuous verification systems; 2) four state-of-the-art verification methods, three types of keystroke latencies, and 11 matching-pair settings (-a key parameter in continuous verification with keystrokes) that we examined in this paper were susceptible to the attack; 3) the attack is effective even when as low as 20 to 100 keystrokes were snooped to create forgeries. In light of our results, we question the security offered by current keystroke-based continuous verification systems. Additionally, in our experiments, we harnessed virtualization technology to generate thousands of keystroke forgeries within a short time span. We point out that virtualization setup such as the one used in our experiments can also be exploited by an attacker to scale and speedup the attack.

Original languageEnglish (US)
Article number6425469
Pages (from-to)528-541
Number of pages14
JournalIEEE Transactions on Information Forensics and Security
Issue number3
StatePublished - 2013
Externally publishedYes


  • Biometrics
  • continuous verification
  • keystroke dynamics
  • snooping
  • spoof attacks

ASJC Scopus subject areas

  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications


Dive into the research topics of 'Snoop-forge-replay attacks on continuous verification with keystrokes'. Together they form a unique fingerprint.

Cite this