Abdul Serwadda

Which verifiers work?: A benchmark evaluation of touch-based authentication algorithms

Despite the tremendous need for the evaluation of touch-based authentication as an extra security layer for mobile devices, the huge disparity in the experimental methodology used by different researchers makes it hard to determine how much research in this area has progressed. Critical variables such as the types of features and how they are pre-processed, the training and testing methodology and the performance evaluation metrics, to mention but a few, vary from one study to the next. Additionally, most datasets used for these evaluations are not openly accessible, making it impossible for researchers to carry out comparative analysis on the same data. This paper takes the first steps towards bridging this gap. We evaluate the performance of ten state-of-the-art touch-based authentication classification algorithms under a common experimental protocol, and present the associated benchmark dataset for the community to use. Using a series of statistical tests, we rigorously compare the performance of the algorithms, and also evaluate how the “failure to enroll” phenomena would impact overall system performance if users exceeding certain EERs were barred from using the system. Our results and benchmark dataset open the door to future research that will enable the community to better understand the potential of touch gestures as a biometric authentication modality.

Context-Aware Active Authentication Using Smartphone Accelerometer Measurements

While body movement patterns recorded by a smartphone accelerometer are now well understood to be discriminative enough to separate users, little work has been done to address the question of if or how the position in which the phone is held affects user authentication. In this work, we show through a combination of supervised learning methods and statistical tests, that there are certain users for whom exploitation of information of how a phone is held drastically improves classification performance. We propose a two-stage authentication framework that identifies the location of the phone before performing authentication, and show its benefits based on a dataset of 30 users. Our work represents a first step towards bridging the gap between accelerometer-based authentication systems analyzed from the context of a laboratory environment and a real accelerometer-based authentication system in the wild where phone positioning cannot be assumed.

Examining a Large Keystroke Biometrics Dataset for Statistical-Attack Openings

Research on keystroke-based authentication has traditionally assumed human impostors who generate forgeries by physically typing on the keyboard. With bots now well understood to have the capacity to originate precisely timed keystroke sequences, this model of attack is likely to underestimate the threat facing a keystroke-based system in practice. In this work, we investigate how a keystroke-based authentication system would perform if it were subjected to synthetic attacks designed to mimic the typical user. To implement the attacks, we perform a rigorous statistical analysis on keystroke biometrics data collected over a 2-year period from more than 3000 users, and then use the observed statistical traits to design and launch algorithmic attacks against three state-of-the-art password-based keystroke verification systems. Relative to the zero-effort attacks typically used to test the performance of keystroke biometric systems, we show that our algorithmic attack increases the mean Equal Error Rates (EERs) of three high performance keystroke verifiers by between 28.6% and 84.4%. We also find that the impact of the attack is more pronounced when the keystroke profiles subjected to the attack are based on shorter strings, and that some users see considerably greater performance degradation under the attack than others. This article calls for a shift from the traditional zero-effort approach of testing the performance of password-based keystroke verifiers, to a more rigorous algorithmic approach that captures the threat posed by today’s bots.

Scan-Based Evaluation of Continuous Keystroke Authentication Systems

For biometric modalities in which error rates are typically high--including behavioral biometrics, such as keystroke dynamics--temporal information associated with the occurrence of errors might help answer questions regarding performance evaluation.

Size-based scheduling: a recipe for DDOS?

Internet traffic measurements have shown that the majority of the Internets flows are short, while a small percentage of the largest flows are responsible for most of the bytes. To exploit this property for performance improvement in routers and Web servers, several studies have proposed size-based schedulings to offer preferential treatment to the shortest flows. In this work, we present analytical and simulation results which confirm that size-based scheduling will ease the task of launching DDOS attacks on the Internet.

Towards end-host-based identification of competing protocols against TCP in a bottleneck link

Classical Transmission Control Protocol (TCP) designs have never considered the identity of the competing transport protocol as useful information to TCP sources in congestion control mechanisms. When competing against a TCP flow on a bottleneck link, a User Datagram Protocol (UDP) flow can unfairly occupy the entire link bandwidth and suffocate all TCP flows on the link. If it were possible for a TCP source to know the type of transport protocol that deprives it of link access, perhaps it would be better for the TCP source to react in a way which prevents total starvation. In this paper, we use coefficient of variation and power spectral density of throughput traces to identify the presence of UDP transport protocols that compete against TCP flows on bottleneck links. Our results show clear traits that differentiate the presence of competing UDP flows from TCP flows independent of round-trip times variations. Signatures that we identified include an increase in coefficient of variation whenever a competing UDP flow joins the bottleneck link for the first time, noisy spectral density representation of a TCP flow when competing against a UDP flow in the bottleneck link, and a dominant frequency with outstanding power in the presence of TCP competition only. In addition, the results show that signatures for congestion caused by competing UDP flows are different from signatures due to congestion caused by competing TCP flows regardless of their round-trip times. The results in this paper present the first steps towards development of more ’intelligent’ congestion control algorithms with added capability of knowing the identity of aggressor protocols against TCP, and subsequently using this additional information for rate control.