The impact of application context on privacy and performance of keystroke authentication systems

Kiran S. Balagani; Paolo Gasti; Aaron Elliott; Azriel Richardson; Mike ONeal

首页> 外文期刊>Journal of computer security >The impact of application context on privacy and performance of keystroke authentication systems

【24h】

The impact of application context on privacy and performance of keystroke authentication systems

机译：应用程序上下文对按键身份验证系统的隐私和性能的影响

获取原文

获取原文并翻译 | 示例

获取外文期刊封面封底 >>

开具论文收录证明 >>

文献代查 >>

页面导航

摘要
著录项
相似文献
相关主题

摘要

In this paper, we show that keystroke latencies used in continuous user authentication systems disclose application context, i.e., in which application user is entering text. Using keystroke data collected from 62 subjects, we show that an adversary can infer application context from keystroke latencies with 95.15% accuracy.To prevent leakage from keystroke latencies, and prevent exposure of application context, we develop privacy-preserving authentication protocols in the outsourced authentication model. Our protocols implement two popular matching algorithms designed for keystroke authentication, called Absolute ("A") and Relative ("R"). With our protocols, the client reveals no information to the server during authentication, besides the authentication result. Our experiments show that these protocols are fast in practice: with 100 keystroke features, authentication was completed in about one second with the "A" protocol, and in 595 ms with the "R" protocol. Further, because the asymptotic cost of our protocols is linear, they can scale to a large number of features. On the other hand, by leveraging application context we were able to reduce HTER from 14.7% with application-agnostic templates, to as low as 5.8% with application-specific templates.

机译：在本文中，我们表明在连续用户身份验证系统中使用的按键等待时间会揭示应用程序上下文，即应用程序用户在其中输入文本。使用从62个主题中收集的击键数据，我们表明对手可以从击键延迟中推断应用程序上下文，准确度为95.15％。 r n为了防止击键延迟造成泄漏并防止应用程序上下文暴露，我们在以下方面开发了隐私保护的身份验证协议：外包认证模型。我们的协议实现了两种流行的用于击键身份验证的匹配算法，称为绝对（“ A ”）和相对（“ R ”）。使用我们的协议，客户端在身份验证期间除了身份验证结果外不会向服务器显示任何信息。我们的实验表明，这些协议在实践中是快速的：具有100个击键功能，使用“ A”协议约需一秒钟完成身份验证，使用“ R”协议可在595 ms内完成身份验证。此外，由于我们协议的渐近成本是线性的，因此它们可以扩展到大量功能。另一方面，通过利用应用程序上下文，我们能够将与应用程序无关的模板的HTER从14.7％降低到使用特定于应用程序的模板的HTER降低到5.8％。

著录项

来源
《Journal of computer security》 |2018年第4期|543-556|共14页
作者
Kiran S. Balagani; Paolo Gasti; Aaron Elliott; Azriel Richardson; Mike ONeal;
展开▼
作者单位

Department of Computer Science, New York Institute of Technology, NY, USA;

Department of Computer Science, New York Institute of Technology, NY, USA;

Aegis Research Lab, LLC, LA, USA;

Department of Computer Science, Louisiana Tech University, LA, USA;

Department of Computer Science, Louisiana Tech University, LA, USA;

展开▼
收录信息美国《工程索引》(EI);
原文格式 PDF
正文语种 eng
中图分类
关键词
Biometrics, keystroke authentication, privacy, privacy-preserving protocols, application context;

机译：生物识别;按键验证;隐私;隐私保留协议;应用程序上下文;

相似文献

外文文献
中文文献
专利

1. PRIVACY-BASED ADAPTIVE CONTEXT-AWARE AUTHENTICATION SYSTEM FOR PERSONAL MOBILE DEVICES [J] . ZHAN LIU, RICCARDO BONAZZI, YVES PIGNEUR Journal of mobile multimedia . 2016,第1a2期

机译：基于隐私的个人移动设备自适应上下文身份验证系统
2. Identity Authentication and Context Privacy Preservation in Wireless Health Monitoring System [J] . Qiming Huang, Xing Yang, Shuang Li International Journal of Computer Network and Information Security . 2011,第4期

机译：无线健康监控系统中的身份认证和上下文隐私保护
3. Context-aware System for Dynamic Privacy Risk Inference Application to smart IoT environments [J] . Chaaya Karam Bou, Barhamgi Mahmoud, Chbeir Richard, Future generation computer systems . 2019,第Deca期

机译：用于智能物联网环境的动态隐私风险推理应用的上下文感知系统
4. Performance Impacts in Database Privacy-Preserving Biometric Authentication [C] . Jana Dittmann, Veit Koppen, Christian Kratzer, International Conference on Emerging Security Information, Systems and Technologies . 2014

机译：数据库隐私保留生物识别身份验证的性能影响
5. Ensuring application specific security, privacy and performance goals in RFID system [D] . Rahman, Farzana. 2013

机译：确保RFID系统中特定于应用程序的安全性，隐私和性能目标
6. The evidence gap on gendered impacts of performance-based financing among family physicians for chronic disease care: a systematic review reanalysis in contexts of single-payer universal coverage [O] . Neeru Gupta, Holly M. Ayles 2020

机译：慢性病家庭医生绩效融资对基于绩效融资的证据差异：单笔付款人普遍覆盖背景下的系统审查再分析
7. Identity Authentication and Context Privacy Preservation in Wireless Health Monitoring System [O] . Qiming Huang, Xing Yang, Shuang Li 2011

机译：无线健康监控系统中的身份认证和上下文隐私保存

The impact of application context on privacy and performance of keystroke authentication systems

摘要

著录项

相似文献

相关主题

期刊订阅