@inproceedings{c96cacf6b5864ba19eada71dee42f417,
title = "When kids' toys breach mobile phone security",
abstract = "Touch-based verification - the use of touch gestures (e.g., swiping, zooming, etc.) to authenticate users of touch screen devices - has recently been widely evaluated for its potential to serve as a second layer of defense to the PIN lock mechanism. In all performance evaluations of touch-based authentication systems however, researchers have assumed naive (zero-effort) forgeries in which the attacker makes no effort to mimic a given gesture pattern. In this paper we demonstrate that a simple {"}Lego{"} robot driven by input gleaned from general population swiping statistics can generate forgeries that achieve alarmingly high penetration rates against touch-based authentication systems. Using the best classification algorithms in touch-based authentication, we rigorously explore the effect of the attack, finding that it increases the Equal Error Rates of the classifiers by between 339% and 1004% depending on parameters such as the failure-to-enroll threshold and the type of touch stroke generated by the robot. The paper calls into question the zero-effort impostor testing approach used to benchmark the performance of touch-based authentication systems.",
keywords = "attack, authentication, biometrics, robot, touch gestures",
author = "Abdul Serwadda and Phoha, {Vir V.}",
year = "2013",
doi = "10.1145/2508859.2516659",
language = "English (US)",
isbn = "9781450324779",
series = "Proceedings of the ACM Conference on Computer and Communications Security",
pages = "599--610",
booktitle = "CCS 2013 - Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security",
note = "2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013 ; Conference date: 04-11-2013 Through 08-11-2013",
}