Synthetic Forgery Attack against Continuous Keystroke Authentication Systems

摘要

Keystroke dynamics is an effective behavioral biometric for user authentication at a computer terminal. While many promising approaches have been proposed to enhance the recognition performance and several applications have been deployed to improve the system security level, the robustness under forgery attacks has not been well studied. In this paper, we propose a new approach to launch synthetic forgery attacks against the existing keystroke authentication systems. We analyze users' typing traits and select certain type of users who are good at imitating others from a large keystroke dataset and use their data to forge a master key. The attacks are launched under both zero effort as well as nonzero effort scenarios. Our initial results indicate that in the wake of the proposed synthetic impostor attack, the recognition rate can be weakened, thus exposing a significant vulnerability of current keystroke authentication systems.