Khandaker Abir Rahman

Snoop-Forge-Replay Attacks on Continuous Verification With Keystrokes

We present a new attack called the snoop-forge-replay attack on keystroke-based continuous verification systems. The snoop-forge-replay is a sample-level forgery attack and is not specific to any particular keystroke-based continuous verification method or system. It can be launched with easily available keyloggers and APIs for keystroke synthesis. Our results from 2640 experiments show that: 1) the snoop-forge-replay attacks achieve alarmingly high error rates compared to zero-effort impostor attacks, which have been the de facto standard for evaluating keystroke-based continuous verification systems; 2) four state-of-the-art verification methods, three types of keystroke latencies, and 11 matching-pair settings (-a key parameter in continuous verification with keystrokes) that we examined in this paper were susceptible to the attack; 3) the attack is effective even when as low as 20 to 100 keystrokes were snooped to create forgeries. In light of our results, we question the security offered by current keystroke-based continuous verification systems. Additionally, in our experiments, we harnessed virtualization technology to generate thousands of keystroke forgeries within a short time span. We point out that virtualization setup such as the one used in our experiments can also be exploited by an attacker to scale and speedup the attack.

Making impostor pass rates meaningless: A case of snoop-forge-replay attack on continuous cyber-behavioral verification with keystrokes

Previous efforts in continuous cyber-behavioral verification have considered only zero-effort impostor attacks. Taking continuous verification with keystroke dynamics as a case in point, we demonstrate that forgery attempts created using snooped information (stolen keystroke timing information in our case) have alarmingly high success rates. In our experiments, with as little as 50 to 200 snooped keystrokes (roughly, less than two lines of text typed in a typical email), we were able to create forgeries that had as high as 87.75 percent success rates against verifier configurations that showed less than 11 percent “zero-effort” impostor pass rates. We performed experiments using keystroke data from 50 users who typed approximately 1300 to 2900 keystrokes of free text during three different periods. Our experiments consisted of two parts. In the first part, we conducted zero-effort verification experiments with two verifiers (“R” and “S”) and obtained EERs between 10 and 15 percent under various verifier configurations. In the second part, we replayed 10,000 forged impostor attempts per user and demonstrated how the zero-effort impostor pass rates became meaningless when impostor attempts were created using stolen keystroke timing information.

Person to Camera Distance Measurement Based on Eye-Distance

This paper presents a novel person to camera distance measuring system based on eye-distance. The distance between centers of two eyes is used for measuring the person to camera distance. The variation in eye-distance (in pixels) with the changes in camera to person distance (in inches) is used to formulate the distance measuring system. The system starts with computing the distance between two eyes of a person and then person to camera distance is measured. The proposed distance measurement system is relatively simple and inexpensive to implement as it does not require any other external distance measuring tools. Experimental results show the effectiveness of the system with an average accuracy of 94.11%.

Continuous User Verification via Mouse Activities

Behavioral biometrics such as mouse dynamics are gaining attention these days to address the limitations of conventional verification systems. In this paper we present a novel method to continuously verify a user via their mouse activities. Our method, based on comparing mouse activities against a simple statistical profile, was tested over 76,500 mouse activities collected from 45 users. A total of 354,375 genuine and impostor verification attempts have been performed by deploying 175 different verifier setups. In our experiments, we achieved an impressive low Equal Error Rate (EER) of 6.70 %. On average the EER was 13.42 %. We opine that, our method can complement regular verification systems and can better serve for continuous verification purpose because of its simplicity.

Eye-Distance Based Mask Selection for Person Identification

This paper presents a multi-resolution masks based pattern matching method for person identification. The system is commenced with the construction of multi-resolution mask cluster pyramid, where the mask size is chosen depending on the distance between two eyes, computed from the detected face. Experimental results show the effectiveness of the system with significantly higher precision, recall rates and matching probability comparing with conventional single resolution mask based person identification systems.

A simple and efficient video image clustering algorithm for person specific query and image retrieval

Video image clustering is the backbone of person specific query and image retrieval from a video sequence. This paper presents a video image clustering algorithm based on the human face. Clustering in different video streams has been achieved in unsupervised manner where no prior knowledge about the input video clip is required. For face detection, multi-resolution based template matching and skin color segmentation strategies have been employed. In order to evaluate the performance of the proposed method, 11 video clips of various durations were used. Experimental results demonstrate that the performance of the method with respect to precision and recall rate are quite satisfactory and in worst case video image sequences the figures are about 83% and 79%, respectively.

On enhancing serial fusion based multi-biometric verification system

Design of a serial fusion based multi-biometric verification system requires fixing several parameters, such as reject thresholds at each stage of the architecture and the order in which each individual verifier is placed within the multi-stage system. Selecting the order of verifier is a crucial parameter to fix because of its high impact on verification errors. A wrong choice of verifier order might lead to tremendous user inconvenience by denying a large number of genuine users and might cause severe security breach by accepting impostors frequently. Unfortunately, this design issue has been poorly investigated in multi-biometric literature. In this paper, we address this design issue by performing experiments using three different serial fusion based multi-biometric verification schemes. We did our experiments on publicly available NIST multi-modal dataset. We tested 24 orders—all possible orders originated from four individual verifiers—on a four-stage biometric verification system. Our experimental results show that the verifier order “best-to-worst”, where the best performing individual verifier is placed in the first stage, the next best performing individual verifier is placed in the second stage, and so on, is the top performing order. In addition, we have proposed a modification to the traditional architecture of serial fusion based multi-biometric verification systems. With rigorous experiments on the NIST multi-modal dataset and using three serial fusion based multi-biometric verification schemes, we demonstrated that our proposed architecture significantly improves the performance of serial fusion based multi-biometric verification systems.

An Empirical Study on Verifier Order Selection in Serial Fusion Based Multi-biometric Verification System

Selecting the order of verifier in a serial fusion based multi-biometric system is a crucial parameter to fix because of its high impact on verification errors. A wrong choice of verifier order might lead to tremendous user inconvenience by denying a large number of genuine users and might cause severe security breach by accepting impostors frequently. Unfortunately, this design issue has been poorly investigated in multi-biometric literature. In this paper, we address this design issue by performing experiments using three different serial fusion based multi-biometric verification schemes, in particular (1) symmetric scheme, (2) SPRT-based scheme, and (3) Marcialis et al.’s scheme. We experimented on publicly available NIST-BSSR1 multi-modal database. We tested 24 orders—all possible orders originated from four individual verifiers—on a four-stage biometric verification system. Our experimental results show that the verifier order “best-to-worst”, where the best performing individual verifier is placed in the first stage, the next best performing individual verifier is placed in the second stage, and so on, is the top performing order for all three serial fusion schemes mentioned above.

User Authentication from Mouse Movement Data Using SVM Classifier

This paper presents a robust user authentication system by gleaning raw mouse movement data. The data was collected using a publicly available tool called Recording User Input (RUI) from 23 subjects analyzed for three types of mouse actions - Mouse Move, Point-and-Click on Left or Right mouse button, and Drag-and-Drop. Samples are broken down to unit blocks comprising a certain number of actions and from each block seventy-four features are extracted to construct feature vectors. The proposed system was rigorously tested against public benchmark data. Experiment results generated by using the Support Vector Machine (SVM) classifier shows a False Rejection Rate (FRR) of 1.1594 % and a False Acceptance Rate (FAR) of 1.9053 % when the block size was set for 600 actions. After reducing dimensions using Principle Component Analysis (PCA), SVM classifier shows FRR of 1.2081 % and FAR of 2.3604 %. Compared with the existing methods based on mouse movements, our method shows significantly lower error rates, which we opine are viable enough to become an alternate to conventional authentication systems.

User authentication based on mouse movement data using normalized features

This paper presents a user authentication system based on mouse movement data. An available logging tool named Recording User Input (RUI) is used to collect three types of mouse actions — Mouse Move, Point-and-Click on Left or Right mouse button and Drag-and-Drop. Collected data are divided into N-number of blocks consisting of specific number of actions. From each block seventy four features are extracted to form feature vectors where number of new features is forty eight. Two types of classifiers are used to identify the user: Support Vector Machine (SVM) and Artificial Neural Network (ANN) are used to identify the user. A benchmark data is used to train and test the system. Experimental result shows that for both classifiers system with proposed features perform better. The results also show that Support Vector Machine outperforms the Artificial Neural Network Classifier.