Conference item
When your fitness tracker betrays you: quantifying the predictability of biometric features across contexts
- Abstract:
- Attacks on behavioral biometrics have become increasingly popular. Most research has been focused on presenting a previously obtained feature vector to the biometric sensor, often by the attacker training themselves to change their behavior to match that of the victim. However, obtaining the victim's biometric information may not be easy, especially when the user's template on the authentication device is adequately secured. As such, if the authentication device is inaccessible, the attacker may have to obtain data elsewhere. In this paper, we present an analytic framework that enables us to measure how easily features can be predicted based on data gathered in a different context (e.g., different sensor, performed task or environment). This framework is used to assess how resilient individual features or entire biometrics are against such cross-context attacks. In order to be able to compare existing biometrics with regard to this property, we perform a user study to gather biometric data from 30 participants and five biometrics (ECG, eye movements, mouse movements, touchscreen dynamics and gait) in a variety of contexts. We make this dataset publicly available online. Our results show that many attack scenarios are viable in practice as features are easily predicted from a variety of contexts. All biometrics include features that are particularly predictable (e.g., amplitude features for ECG or curvature for mouse movements). Overall, we observe that cross-context attacks on eye movements, mouse movements and touchscreen inputs are comparatively easy while ECG and gait exhibit much more chaotic cross-context changes.
- Publication status:
- Published
- Peer review status:
- Peer reviewed
Actions
Access Document
- Files:
-
-
(Preview, Accepted manuscript, pdf, 2.5MB, Terms of use)
-
- Publisher copy:
- 10.1109/SP.2018.00053
Authors
+ European Union
More from this funder
- Grant:
- Horizon 2020 under the Marie Skłodowska-Curie grant [No 722022
+ Engineering and Physical Sciences Research Council
More from this funder
- Grant:
- EP/M50659X/1, EP/N509711/1
- Publisher:
- IEEE
- Host title:
- 2018 IEEE Symposium on Security and Privacy (SP)
- Journal:
- 2018 IEEE Symposium on Security and Privacy (SP) More from this journal
- Pages:
- 889-905
- Publication date:
- 2018-07-26
- Acceptance date:
- 2018-02-26
- DOI:
- ISSN:
-
2375-1207
- ISBN:
- 9781538643532
- Pubs id:
-
pubs:830206
- UUID:
-
uuid:09c98921-71c4-40ae-84bb-193b76dfd498
- Local pid:
-
pubs:830206
- Source identifiers:
-
830206
- Deposit date:
-
2018-03-17
Terms of use
- Copyright holder:
- Eberz et al
- Copyright date:
- 2018
- Notes:
- Copyright © 2018, Simon Eberz. Under license to IEEE. This is the accepted manuscript version of the paper. The final version is available online from IEEE at: https://doi.org/10.1109/SP.2018.00053
If you are the owner of this record, you can report an update to it here: Report update to this record