Transforming animals in a cyber-behavioral biometric menagerie with Frog-Boiling attacks

While recent research has demonstrated how frequent updating of users' templates can enhance the performance of a biometric system, there has not been much work devoted to studying the effects of attacks against template update mechanisms. In this work, we present an attack which stealthily leverages the template update scheme of a keystroke verification system to poison users' templates. Using a publicly accessible dataset and some of the best performing individual and fusion verifiers in keystroke authentication, we show how the attack increases the error rates of the verifiers as it transforms groups of well performing users into ill performing users. In our experiments, depending on the template towards which the attack is made to converge, equal error rates of verifiers increased from between 9.9% and 18.9% to between 19.1% and 63.6% as a result of the attack. Results demonstrated in this paper call for research on new biometric sample attestation and validation techniques to augment template update mechanisms.

[1]  Roy A. Maxion,et al.  Why Did My Detector Do That?! - Predicting Keystroke-Dynamics Error Rates , 2010, RAID.

[2]  Yao Zhao,et al.  BotGraph: Large Scale Spamming Botnet Detection , 2009, NSDI.

[3]  Neil Yager,et al.  The Biometric Menagerie , 2010, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[4]  Abdul Serwadda,et al.  Using global knowledge of users' typing traits to attack keystroke biometrics templates , 2011, MM&Sec '11.

[5]  Sungzoon Cho,et al.  Continual Retraining of Keystroke Dynamics Based Authenticator , 2007, ICB.

[6]  Massimo Tistarelli,et al.  Exploiting the “doddington zoo” effect in biometric fusion , 2009, 2009 IEEE 3rd International Conference on Biometrics: Theory, Applications, and Systems.

[7]  Yongdae Kim,et al.  The Frog-Boiling Attack: Limitations of Secure Network Coordinate Systems , 2011, TSEC.

[8]  Claudia Picardi,et al.  Keystroke analysis of free text , 2005, TSEC.

[9]  Douglas A. Reynolds,et al.  SHEEP, GOATS, LAMBS and WOLVES A Statistical Analysis of Speaker Performance in the NIST 1998 Speaker Recognition Evaluation , 1998 .

[10]  Claudia Picardi,et al.  User authentication through keystroke dynamics , 2002, TSEC.

[11]  Deian Stefan,et al.  Robustness of keystroke-dynamics based biometrics against synthetic forgeries , 2012, Comput. Secur..

[12]  Roy A. Maxion,et al.  Comparing anomaly-detection algorithms for keystroke dynamics , 2009, 2009 IEEE/IFIP International Conference on Dependable Systems & Networks.

[13]  Arun Ross,et al.  Information fusion in biometrics , 2003, Pattern Recognit. Lett..

[14]  Kiran S. Balagani,et al.  Making impostor pass rates meaningless: A case of snoop-forge-replay attack on continuous cyber-behavioral verification with keystrokes , 2011, CVPR 2011 WORKSHOPS.