Thesis icon

Thesis

Security analysis of behavioural biometrics for continuous authentication

Abstract:

In recent years, behavioural biometrics have become increasingly popular, with many types of behaviour being explored for the purpose of user authentication. Some of the most common examples are keystroke dynamics, mouse movements, touchscreen inputs and human gait.

Unlike physiological biometrics (e.g., fingerprints), behavioural biometrics are often believed to be relatively hard for adversaries to collect, but nevertheless have been subject to active attacks, including presentation, signal injection and imitation attacks.

In this thesis, we take a holistic view on the design, evaluation and security analysis of behavioural biometric recognition systems. First, we underline their usefulness by designing a novel authentication system based on distinctive eye movement behaviour. We evaluate this system under different adversary models and show that eye movements can be used for both user authentication and judging a user's task familiarity. Drawing from insights gained from this project, we go beyond the state of the art to develop metrics and methodologies that more accurately reflect a system's real-world performance and security. This approach is centred around reflecting a biometric's systematic false negatives (i.e., attackers that consistently go undetected) more accurately.

A frequent focus of related work is how to present previously obtained biometric data to a behavioural authentication system (e.g., through imitation or mimicry attacks). However, the challenge of obtaining this data in the first place is far less explored. In this thesis, we perform a series of experiments to judge the usefulness of biometric data collected through a variety of sources. The idea is to measure the security impact of the plethora of biometric data that is involuntarily created through our day-to-day interactions with diverse systems.

Actions

Access Document

Authors

More by this author
Division:
MPLS
Department:
Computer Science
Role:
Author

Contributors

Role:
Supervisor
Role:
Supervisor


More from this funder
Funding agency for:
Eberz, S
Grant:
EP/M50659X/1


DOI:
Type of award:
DPhil
Level of award:
Doctoral
Awarding institution:
University of Oxford


Language:
English
Keywords:
UUID:
uuid:077d9dcc-83e5-484b-a4ba-4d8fa14ea385
Deposit date:
2019-06-23
ARK identifier:

Terms of use


Views and Downloads






If you are the owner of this record, you can report an update to it here: Report update to this record

TO TOP