Snoop-Forge-Replay Attacks on Continuous Verification With Keystrokes

We present a new attack called the snoop-forge-replay attack on keystroke-based continuous verification systems. The snoop-forge-replay is a sample-level forgery attack and is not specific to any particular keystroke-based continuous verification method or system. It can be launched with easily available keyloggers and APIs for keystroke synthesis. Our results from 2640 experiments show that: 1) the snoop-forge-replay attacks achieve alarmingly high error rates compared to zero-effort impostor attacks, which have been the de facto standard for evaluating keystroke-based continuous verification systems; 2) four state-of-the-art verification methods, three types of keystroke latencies, and 11 matching-pair settings (-a key parameter in continuous verification with keystrokes) that we examined in this paper were susceptible to the attack; 3) the attack is effective even when as low as 20 to 100 keystrokes were snooped to create forgeries. In light of our results, we question the security offered by current keystroke-based continuous verification systems. Additionally, in our experiments, we harnessed virtualization technology to generate thousands of keystroke forgeries within a short time span. We point out that virtualization setup such as the one used in our experiments can also be exploited by an attacker to scale and speedup the attack.