When Your Fitness Tracker Betrays You: Quantifying the Predictability of Biometric Features Across Contexts

@article{Eberz2018WhenYF,
  title={When Your Fitness Tracker Betrays You: Quantifying the Predictability of Biometric Features Across Contexts},
  author={Simon Eberz and Giulio Lovisotto and Andrea Patan{\'e} and Marta Z. Kwiatkowska and Vincent Lenders and Ivan Martinovic},
  journal={2018 IEEE Symposium on Security and Privacy (SP)},
  year={2018},
  pages={889-905}
}
Attacks on behavioral biometrics have become increasingly popular. Most research has been focused on presenting a previously obtained feature vector to the biometric sensor, often by the attacker training themselves to change their behavior to match that of the victim. However, obtaining the victim's biometric information may not be easy, especially when the user's template on the authentication device is adequately secured. As such, if the authentication device is inaccessible, the attacker… 
28 Blinks Later: Tackling Practical Challenges of Eye Movement Biometrics
TLDR
A pupil diameter correction mechanism that can accurately adjust for the pupil shrinking or expanding in relation to the varying amount of light reaching the eye is proposed and it is shown that this system achieves significantly lower error rates compared to previous work.
ECG-Based Authentication Using Timing-Aware Domain-Specific Architecture
TLDR
A domain-specific architecture (DSA) is proposed to satisfy the execution requirements of the algorithm’s different steps and minimize the latency bottleneck, including one that features the added benefit of ensuring constant timing across the different EBA steps, in order to mitigate the vulnerability to timing-based side-channel attacks.
Privacy-Protecting Techniques for Behavioral Data: A Survey
TLDR
This work systematically reviewed applicable anonymization techniques to taxonomize and compare existing solutions regarding privacy goals, conceptual operation, advantages, and limitations and finds that some behavioral traits have received much attention, while others are mostly neglected.
Treadmill Assisted Gait Spoofing (TAGS)
TLDR
Despite the use of a variety of sensors, feature sets, and six different classification algorithms, Treadmill Assisted Gait Spoofing was able to increase the average false accept rate from 4% to 26%, calling for a further investigation into the design of evaluations of WSGait before its deployment for public use.
Touch dynamics for affective states recognition: your smartphone knows how you feel since you unlock it
TLDR
Results obtained so far indicate that Random Forest is capable to reach good classification accuracy both on touch numerical features and on negative emotional states classification also exploiting behavior information such the hand and the finger used in the execution.
I Can See Your Brain: Investigating Home-Use Electroencephalography System Security
TLDR
A novel deep learning model of a joint recurrent convolutional neural network (RCNN) to infer a user’s activities based on the reduced-featured EEG data stolen from the home-use EEG IoT devices, and evaluation over the real-world EEG data indicates that the inference accuracy of the proposed RCNN is can reach 70.55%.
Hand Stability Based Features for Touch Behavior Smartphone Authentication
  • Aswin Suharsono, Deron Liang
  • Computer Science
    202020 3rd IEEE International Conference on Knowledge Innovation and Invention (ICKII)
  • 2020
TLDR
The method using hand stability as features for behavioral authentication achieved EER 9.64 % which is potential for future development and proposed new set of features based on hand stability to authenticate smartphone users.
Eye Movements Biometrics: A Bibliometric Analysis from 2004 to 2019
TLDR
This research focused on temporal evolution, leading authors, most cited papers, leading journals, competitions and collaboration networks, using a bibliometric approach.
Kalεido: Real-Time Privacy Control for Eye-Tracking Systems
TLDR
This paper proposes Kaleido, an eyetracking data processing system that provides a formal privacy guarantee, integrates seamlessly with existing eye-tracking ecosystems, and operates in real-time.
Affective states recognition through touch dynamics
TLDR
The acquired touch pattern is segmented in swipes, successively a wide set of handcrafted features is computed to characterize the swipe to recognize affective states of a user while using a mobile device.
...
...

References

SHOWING 1-10 OF 33 REFERENCES
Looks Like Eve
TLDR
The results show that eye movement biometrics support reliable and stable continuous authentication of users and investigate different approaches in which an attacker could attempt to use inside knowledge to mimic the legitimate user.
Preventing Lunchtime Attacks: Fighting Insider Threats With Eye Movement Biometrics
TLDR
The effectiveness of using eye movement biometrics as a novel defence against the "lunchtime attack" by an insider threat is evaluated and a set of features that can be extracted from human eye movements are proposed and analyzed their distinctiveness and robustness using a systematic experimental design.
An efficient user verification system via mouse movements
TLDR
A user verification system using mouse dynamics, which is both accurate and efficient enough for future usage, and uses much more fine-grained (point-by-point) angle-based metrics of mouse movements for user verification.
Attacks on fitness trackers revisited: a case-study of unfit firmware security
TLDR
A flaw in the way firmware for Withings' Activite is verified is demonstrated, allowing an adversary to compromise the tracker itself and transfer findings to other trackers.
I can be You: Questioning the use of Keystroke Dynamics as Biometrics
TLDR
It is shown that even for targets whose typing patterns are only partially known, training with Mimesis allows attackers to defeat one of the best anomaly detection engines using keystroke biometrics.
Broken Hearted: How To Attack ECG Biometrics
TLDR
A systematic presentation attack against ECG biometrics using the Nymi Band, a wrist band that uses electrocardiography (ECG) as a biometric to authenticate the wearer, to demonstrate the attack’s effectiveness.
Unobtrusive User-Authentication on Mobile Phones Using Biometric Gait Recognition
TLDR
The performance when the data is collected with a commercially available mobile device containing low-grade accelerometers, including the Google G1 phone containing the AK8976A embedded accelerometer sensor is reported.
Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometric for Continuous Authentication
TLDR
A classification framework that learns the touch behavior of a user during an enrollment phase and is able to accept or reject the current user by monitoring interaction with the touch screen is proposed.
...
...