Toward robotic robbery on the touch screen

Abdul Serwadda, Vir Phoha, Zibo Wang, Rajesh Kumar, Diksha Shukla

Research output: Contribution to journalArticle

7 Citations (Scopus)

Abstract

Despite the tremendous amount of research fronting the use of touch gestures as a mechanism of continuous authentication on smart phones, very little research has been conducted to evaluate how these systems could behave if attacked by sophisticated adversaries. In this article, we present two Lego-driven robotic attacks on touch-based authentication: a population statistics-driven attack and a user-tailored attack. The population statistics-driven attack is based on patterns gleaned from a large population of users, whereas the user-tailored attack is launched based on samples stolen from the victim. Both attacks are launched by a Lego robot that is trained on how to swipe on the touch screen. Using seven verification algorithms and a large dataset of users, we show that the attacks cause the system's mean false acceptance rate (FAR) to increase by up to fivefold relative to the mean FAR seen under the standard zero-effort impostor attack. The article demonstrates the threat that robots pose to touch-based authentication and provides compelling evidence as to why the zero-effort attack should cease to be used as the benchmark for touch-based authentication systems.

Original languageEnglish (US)
Article number14
JournalACM Transactions on Information and System Security
Volume18
Issue number4
DOIs
StatePublished - May 1 2016

Fingerprint

Touch screens
Authentication
Population statistics
Robotics
Robots

Keywords

  • Behavioral biometrics
  • Robotic attacks
  • Smartphone security
  • Touch gestures

ASJC Scopus subject areas

  • Computer Science(all)
  • Safety, Risk, Reliability and Quality

Cite this

Toward robotic robbery on the touch screen. / Serwadda, Abdul; Phoha, Vir; Wang, Zibo; Kumar, Rajesh; Shukla, Diksha.

In: ACM Transactions on Information and System Security, Vol. 18, No. 4, 14, 01.05.2016.

Research output: Contribution to journalArticle

Serwadda, Abdul ; Phoha, Vir ; Wang, Zibo ; Kumar, Rajesh ; Shukla, Diksha. / Toward robotic robbery on the touch screen. In: ACM Transactions on Information and System Security. 2016 ; Vol. 18, No. 4.
@article{6191d960fb0847e9ac6850fb482fead5,
title = "Toward robotic robbery on the touch screen",
abstract = "Despite the tremendous amount of research fronting the use of touch gestures as a mechanism of continuous authentication on smart phones, very little research has been conducted to evaluate how these systems could behave if attacked by sophisticated adversaries. In this article, we present two Lego-driven robotic attacks on touch-based authentication: a population statistics-driven attack and a user-tailored attack. The population statistics-driven attack is based on patterns gleaned from a large population of users, whereas the user-tailored attack is launched based on samples stolen from the victim. Both attacks are launched by a Lego robot that is trained on how to swipe on the touch screen. Using seven verification algorithms and a large dataset of users, we show that the attacks cause the system's mean false acceptance rate (FAR) to increase by up to fivefold relative to the mean FAR seen under the standard zero-effort impostor attack. The article demonstrates the threat that robots pose to touch-based authentication and provides compelling evidence as to why the zero-effort attack should cease to be used as the benchmark for touch-based authentication systems.",
keywords = "Behavioral biometrics, Robotic attacks, Smartphone security, Touch gestures",
author = "Abdul Serwadda and Vir Phoha and Zibo Wang and Rajesh Kumar and Diksha Shukla",
year = "2016",
month = "5",
day = "1",
doi = "10.1145/2898353",
language = "English (US)",
volume = "18",
journal = "ACM Transactions on Information and System Security",
issn = "1094-9224",
publisher = "Association for Computing Machinery (ACM)",
number = "4",

}

TY - JOUR

T1 - Toward robotic robbery on the touch screen

AU - Serwadda, Abdul

AU - Phoha, Vir

AU - Wang, Zibo

AU - Kumar, Rajesh

AU - Shukla, Diksha

PY - 2016/5/1

Y1 - 2016/5/1

N2 - Despite the tremendous amount of research fronting the use of touch gestures as a mechanism of continuous authentication on smart phones, very little research has been conducted to evaluate how these systems could behave if attacked by sophisticated adversaries. In this article, we present two Lego-driven robotic attacks on touch-based authentication: a population statistics-driven attack and a user-tailored attack. The population statistics-driven attack is based on patterns gleaned from a large population of users, whereas the user-tailored attack is launched based on samples stolen from the victim. Both attacks are launched by a Lego robot that is trained on how to swipe on the touch screen. Using seven verification algorithms and a large dataset of users, we show that the attacks cause the system's mean false acceptance rate (FAR) to increase by up to fivefold relative to the mean FAR seen under the standard zero-effort impostor attack. The article demonstrates the threat that robots pose to touch-based authentication and provides compelling evidence as to why the zero-effort attack should cease to be used as the benchmark for touch-based authentication systems.

AB - Despite the tremendous amount of research fronting the use of touch gestures as a mechanism of continuous authentication on smart phones, very little research has been conducted to evaluate how these systems could behave if attacked by sophisticated adversaries. In this article, we present two Lego-driven robotic attacks on touch-based authentication: a population statistics-driven attack and a user-tailored attack. The population statistics-driven attack is based on patterns gleaned from a large population of users, whereas the user-tailored attack is launched based on samples stolen from the victim. Both attacks are launched by a Lego robot that is trained on how to swipe on the touch screen. Using seven verification algorithms and a large dataset of users, we show that the attacks cause the system's mean false acceptance rate (FAR) to increase by up to fivefold relative to the mean FAR seen under the standard zero-effort impostor attack. The article demonstrates the threat that robots pose to touch-based authentication and provides compelling evidence as to why the zero-effort attack should cease to be used as the benchmark for touch-based authentication systems.

KW - Behavioral biometrics

KW - Robotic attacks

KW - Smartphone security

KW - Touch gestures

UR - http://www.scopus.com/inward/record.url?scp=84969915653&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84969915653&partnerID=8YFLogxK

U2 - 10.1145/2898353

DO - 10.1145/2898353

M3 - Article

VL - 18

JO - ACM Transactions on Information and System Security

JF - ACM Transactions on Information and System Security

SN - 1094-9224

IS - 4

M1 - 14

ER -