The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
Os ataques de credenciais em rápida evolução têm sido um grande desafio de segurança para os atuais sistemas de informação baseados em senhas. Recentemente, fatores biométricos como facial, íris ou impressão digital, que são difíceis de falsificar, surgiram como elementos-chave para projetar autenticação sem senha. Porém, a captura e análise de tais fatores geralmente requerem dispositivos especiais, dificultando sua viabilidade e praticidade. Para tanto, apresentamos o WiASK, um software sem dispositivos WiDetecção Fi ativada Aautenticação Sexploração do sistema Kdinâmica do toque. Mais especificamente, o WiASK captura as teclas digitadas por um usuário em uma sequência predefinida e fácil de lembrar, aproveitando a infraestrutura WiFi existente. Mas em vez de se concentrar na própria string, que é vulnerável a ataques de senha, o WiASK interpreta a maneira como ela é digitada, ou seja, a dinâmica das teclas, na identidade do usuário, com base na correlação biologicamente validada entre elas. Prototipamos o WiASK em dispositivos WiFi de baixo custo e verificamos seu desempenho em três ambientes reais. Os resultados empíricos mostram que o WiASK atinge em média 93.7% de precisão de autenticação, 2.5% de taxa de falsa aceitação e 5.1% de taxa de falsa rejeição.
Yuanwei HOU
Peking University
Yu GU
Hefei University of Technology
Weiping LI
Peking University
Zhi LIU
The University of Electro-Communications
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copiar
Yuanwei HOU, Yu GU, Weiping LI, Zhi LIU, "Combating Password Vulnerability with Keystroke Dynamics Featured by WiFi Sensing" in IEICE TRANSACTIONS on Fundamentals,
vol. E105-A, no. 9, pp. 1340-1347, September 2022, doi: 10.1587/transfun.2021EAP1119.
Abstract: The fast evolving credential attacks have been a great security challenge to current password-based information systems. Recently, biometrics factors like facial, iris, or fingerprint that are difficult to forge rise as key elements for designing passwordless authentication. However, capturing and analyzing such factors usually require special devices, hindering their feasibility and practicality. To this end, we present WiASK, a device-free WiFi sensing enabled Authentication System exploring Keystroke dynamics. More specifically, WiASK captures keystrokes of a user typing a pre-defined easy-to-remember string leveraging the existing WiFi infrastructure. But instead of focusing on the string itself which are vulnerable to password attacks, WiASK interprets the way it is typed, i.e., keystroke dynamics, into user identity, based on the biologically validated correlation between them. We prototype WiASK on the low-cost off-the-shelf WiFi devices and verify its performance in three real environments. Empirical results show that WiASK achieves on average 93.7% authentication accuracy, 2.5% false accept rate, and 5.1% false reject rate.
URL: https://global.ieice.org/en_transactions/fundamentals/10.1587/transfun.2021EAP1119/_p
Copiar
@ARTICLE{e105-a_9_1340,
author={Yuanwei HOU, Yu GU, Weiping LI, Zhi LIU, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={Combating Password Vulnerability with Keystroke Dynamics Featured by WiFi Sensing},
year={2022},
volume={E105-A},
number={9},
pages={1340-1347},
abstract={The fast evolving credential attacks have been a great security challenge to current password-based information systems. Recently, biometrics factors like facial, iris, or fingerprint that are difficult to forge rise as key elements for designing passwordless authentication. However, capturing and analyzing such factors usually require special devices, hindering their feasibility and practicality. To this end, we present WiASK, a device-free WiFi sensing enabled Authentication System exploring Keystroke dynamics. More specifically, WiASK captures keystrokes of a user typing a pre-defined easy-to-remember string leveraging the existing WiFi infrastructure. But instead of focusing on the string itself which are vulnerable to password attacks, WiASK interprets the way it is typed, i.e., keystroke dynamics, into user identity, based on the biologically validated correlation between them. We prototype WiASK on the low-cost off-the-shelf WiFi devices and verify its performance in three real environments. Empirical results show that WiASK achieves on average 93.7% authentication accuracy, 2.5% false accept rate, and 5.1% false reject rate.},
keywords={},
doi={10.1587/transfun.2021EAP1119},
ISSN={1745-1337},
month={September},}
Copiar
TY - JOUR
TI - Combating Password Vulnerability with Keystroke Dynamics Featured by WiFi Sensing
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 1340
EP - 1347
AU - Yuanwei HOU
AU - Yu GU
AU - Weiping LI
AU - Zhi LIU
PY - 2022
DO - 10.1587/transfun.2021EAP1119
JO - IEICE TRANSACTIONS on Fundamentals
SN - 1745-1337
VL - E105-A
IS - 9
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - September 2022
AB - The fast evolving credential attacks have been a great security challenge to current password-based information systems. Recently, biometrics factors like facial, iris, or fingerprint that are difficult to forge rise as key elements for designing passwordless authentication. However, capturing and analyzing such factors usually require special devices, hindering their feasibility and practicality. To this end, we present WiASK, a device-free WiFi sensing enabled Authentication System exploring Keystroke dynamics. More specifically, WiASK captures keystrokes of a user typing a pre-defined easy-to-remember string leveraging the existing WiFi infrastructure. But instead of focusing on the string itself which are vulnerable to password attacks, WiASK interprets the way it is typed, i.e., keystroke dynamics, into user identity, based on the biologically validated correlation between them. We prototype WiASK on the low-cost off-the-shelf WiFi devices and verify its performance in three real environments. Empirical results show that WiASK achieves on average 93.7% authentication accuracy, 2.5% false accept rate, and 5.1% false reject rate.
ER -