Pitfalls in Designing Zero-Effort Deauthentication: Opportunistic Human Observation Attacks

Huhta, Otto; Shrestha, Prakash; Udar, Swapnil; Juuti, Mika; Saxena, Nitesh; Asokan, N.

doi:10.14722/ndss.2016.23199

Cited by 22 publications

(24 citation statements)

References 22 publications

(61 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The attacker can either try to bypass the system via providing data from his smartwatch or can try to use the victim's smartwatch somehow obtained (e.g., can steal it or victim can leave it behind). • More Powerful Adversaries: Furthermore, a powerful adversary can be aware of WACA and try to defeat it using special tools and skills by imitating legitimate users [19], [20] or launching statistical attacks [21], [22]. This powerful adversary (insider or outsider) can be a human or a trained bot.…”

Section: Design Goals Assumptions and Adversary Modelmentioning

confidence: 99%

“…In this subsection, we evaluate the performance of WACA against two powerful attacks: imitation [19], [20] and statistical [21], [22] attacks. In these attacks, the attacker is aware of WACA and can try to defeat WACA using special tools and skills.…”

Section: B Advanced Attacks On Waca With More Powerful Adversariesmentioning

confidence: 99%

“…Zero-effort attacks will not be successful due to the low EER values in WACA as analyzed in the previous sub-sections. However, the effectiveness of the imitation attacks performed by a human should be investigated as noted in some recent studies [19], [20].…”

Section: B Advanced Attacks On Waca With More Powerful Adversariesmentioning

confidence: 99%

“…Fortunately, WACA can provide a better solution for these inactive cases. If the smartwatch deployed for data collection has a proximity sensor (or using the Bluetooth signal strengths [20]), the user's closeness to the computer can be checked. If the user moves away, then the user can be logged out.…”

Section: Limitationsmentioning

confidence: 99%

“…(iii) How accurately can it identify an insider? Moreover, we also evaluated the robustness of our proposed method against powerful attacks, including, imitation [19], [20], statistical [21], [22], and insider attacks. Contributions: The main contributions of this work are summarized as follows:…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

WACA: Wearable-Assisted Continuous Authentication

Acar¹,

Aksu²,

Uluagac³

et al. 2018

2018 IEEE Security and Privacy Workshops (SPW)

View full text Add to dashboard Cite

One-time login process in conventional authentication systems does not guarantee that the identified user is the actual user throughout the session. However, it is necessary to re-verify the user identity periodically throughout a login session without reducing the user convenience. Continuous authentication can address this issue. However, existing methods are either not reliable or not usable. In this paper, we introduce a usable and reliable method called Wearable-Assisted Continuous Authentication (WACA). WACA relies on the sensor-based keystroke dynamics, where the authentication data is acquired through the builtin sensors of a wearable (e.g., smartwatch) while the user is typing. We implemented the WACA framework and evaluated its performance on real devices with real users. The empirical evaluation of WACA reveals that WACA is feasible and its error rate is as low as 1% with 30 seconds of processing time and 2 − 3% for 20 seconds. The computational overhead is minimal. Furthermore, we tested WACA against different attack scenarios. WACA is capable of identifying insider threats with very high accuracy (99.2%) and also robust against powerful adversaries such as imitation and statistical attackers.

show abstract

Section: Design Goals Assumptions and Adversary Modelmentioning

confidence: 99%