When kids' toys breach mobile phone security

Abdul Serwadda, Vir V. Phoha

Research output: Chapter in Book/Report/Conference proceedingConference contribution

45 Scopus citations

Abstract

Touch-based verification - the use of touch gestures (e.g., swiping, zooming, etc.) to authenticate users of touch screen devices - has recently been widely evaluated for its potential to serve as a second layer of defense to the PIN lock mechanism. In all performance evaluations of touch-based authentication systems however, researchers have assumed naive (zero-effort) forgeries in which the attacker makes no effort to mimic a given gesture pattern. In this paper we demonstrate that a simple "Lego" robot driven by input gleaned from general population swiping statistics can generate forgeries that achieve alarmingly high penetration rates against touch-based authentication systems. Using the best classification algorithms in touch-based authentication, we rigorously explore the effect of the attack, finding that it increases the Equal Error Rates of the classifiers by between 339% and 1004% depending on parameters such as the failure-to-enroll threshold and the type of touch stroke generated by the robot. The paper calls into question the zero-effort impostor testing approach used to benchmark the performance of touch-based authentication systems.

Original languageEnglish (US)
Title of host publicationCCS 2013 - Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security
Pages599-610
Number of pages12
DOIs
StatePublished - Dec 9 2013
Externally publishedYes
Event2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013 - Berlin, Germany
Duration: Nov 4 2013Nov 8 2013

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221

Other

Other2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013
CountryGermany
CityBerlin
Period11/4/1311/8/13

Keywords

  • attack
  • authentication
  • biometrics
  • robot
  • touch gestures

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'When kids' toys breach mobile phone security'. Together they form a unique fingerprint.

  • Cite this

    Serwadda, A., & Phoha, V. V. (2013). When kids' toys breach mobile phone security. In CCS 2013 - Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security (pp. 599-610). (Proceedings of the ACM Conference on Computer and Communications Security). https://doi.org/10.1145/2508859.2516659