Making impostor pass rates meaningless: A case of snoop-forge-replay attack on continuous cyber-behavioral verification with keystrokes

Previous efforts in continuous cyber-behavioral verification have considered only zero-effort impostor attacks. Taking continuous verification with keystroke dynamics as a case in point, we demonstrate that forgery attempts created using snooped information (stolen keystroke timing information in our case) have alarmingly high success rates. In our experiments, with as little as 50 to 200 snooped keystrokes (roughly, less than two lines of text typed in a typical email), we were able to create forgeries that had as high as 87.75 percent success rates against verifier configurations that showed less than 11 percent “zero-effort” impostor pass rates. We performed experiments using keystroke data from 50 users who typed approximately 1300 to 2900 keystrokes of free text during three different periods. Our experiments consisted of two parts. In the first part, we conducted zero-effort verification experiments with two verifiers (“R” and “S”) and obtained EERs between 10 and 15 percent under various verifier configurations. In the second part, we replayed 10,000 forged impostor attempts per user and demonstrated how the zero-effort impostor pass rates became meaningless when impostor attempts were created using stolen keystroke timing information.