5/25/2019 Assentication: User De-Authentication and Lunch Time Attack Mitigation with Seated Posture Biometric University of California, Irvine Tyler Kaczmarek , Ercan Ozturk, Gene Tsudik { tkaczmar , ercano, gtsudik}@uci.edu 1 Overview • Introduction, Motivation and Background • Assentication Biometric • Adversarial Model • Assentication Prototype Setup and User Study • Conclusion/Future Work 2 1
5/25/2019 Authentication • Effective user authentication critical for meaningful security system Modern systems typically use 2 factors: • What you know (password/PIN) • What you have (physical token) • What you are / how you behave (biometrics) • Can be biological or behavioral • Confirms legitimate user present at session start 3 Workplace Activities [A1] : Work while providing continuous input [A2] : Take a quick seated nap or meditation break [A3] : Read some printed material [A4] : Use a personal device other than your computer [A5] : Turn away from one's desk to talk [A6] : Consume media without using any input devices [A7] : Take part in an audio or video conference [A8] : Get up momentarily without leaving [A9] : Leave the workplace 4 2
5/25/2019 The Lunch Time Attack • Careless user walks away without logging out • Adversary moves in and hijacks session • Difficult to repudiate • Need to periodically reauthenticate users 5 Continuous Authentication/De-authentication • Continuous Authentication • Confirm legitimate user presence • De-authentication • Special case • Confirm user absence 6 3
5/25/2019 Continuous Authentication Goals • Correctly identify [A9] • Quickly detect circumvention attempts • Minimize FRR • Confusing [A1]-[A8] for [A9] • Minimize FAR • Confusing [A9] for [A1]-[A8] • Confusing illegitimate users for authorized ones • Minimize obtrusiveness • Both user burden and extra equipment 7 Default De-authentication: Inactivity Timeouts • Lock session if user inactive for given time limit • Reduces activities to [A1] , and NOT [A1] • FRR high for [A2]-[A8] • FAR high for non-legitimate users • Timeout duration public knowledge 8 4
5/25/2019 Modern De-authentication Techniques: Keystroke Dynamics and Zebra • Keystroke Dynamics [TC 2014] • Can detect inauthentic users • Requires active input • Defaults to inactivity timeout in NOT [A1] • Zebra [S&P 2014] • Uses wrist device to track arm movements • Matches movements to observed input • Vulnerable to imitation attack [NDSS 2016] 9 Modern De-authentication Techniques: Gaze Tracking and FADEWITCH • Gaze Tracking [NDSS 2015] • Follows user eye patterns • Detects inauthentic users in 40 sec • De-authenticates if user looks away • Requires extremely expensive equipment • FADEWITCH [ICDCS 2017] • Detects presence through RSSI changes on wireless sensors • Cannot discriminate impostors from legitimate users 10 5
5/25/2019 Overview • Introduction, Motivation and Background • Assentication Biometric • Adversarial Model • Assentication Prototype Setup and User Study • Conclusion/Future Work 11 Assentication Biometric • Physical • Hip width • Weight • Leg length • Behavioral • Posture patterns 12 6
5/25/2019 Assentication Advantages • Passive • Not easily circumventable • Liveness is implicit • No alteration in user behavior • Office workers sit >75% of the week • Very little specialized hardware • Works well with [A1]-[A7] 13 Assentication Disadvantages • Incompatible with edge-case office arrangements • Yoga balls • Standing desks • Confuse [A8] for [A9] • Day-to-Day stability questionable • Weight shifts • Posture linked to mood 14 7
5/25/2019 Overview • Introduction, Motivation and Background • Assentication Biometric • Adversarial Model • Assentication Prototype Setup and User Study • Conclusion/Future Work 15 Adversarial Model • Insider attacks responsible for 28% of crimes in industry • Disgruntled employee with physical access • Doesn’t want to be linked to attack 16 8
5/25/2019 Casual Adversary • Aware of Assentication • Tries to physically imitate posture • Does not use extra equipment 17 Determined Adversary • Aware of Assentication • Access to sensor data • Access to precise victim measurements • Constructs a physical victim model • Constructs pneumatic/hydraulic contraption 18 9
5/25/2019 Overview • Introduction, Motivation and Background • Assentication Biometric • Adversarial Model • Assentication Prototype Setup and User Study • Conclusion/Future Work 19 Prototype Design • 2003/2004 Hon Mid-Back Task Chair • 16 Tekscan Flexiforce A401 Large Force Sensing Resistors • 2 Arduino 101 modules • Total instrumentation cost - $275 • Under $150 at 30-user scale 20 10
5/25/2019 Prototype Construction 21 User Study • 30 subjects • 10 female • 20 male • Brought prototype to subjects in their office environment • Each user spent 10 minutes seated on prototype • Measurements collected every 0.5 seconds 22 11
5/25/2019 Raw Data: Posture shift 23 Identification Results – True Positive Rates 24 12
5/25/2019 Identification Results – False Positive Rates 25 Results – Continuous Authentication • Anomaly detector • Trains 5 minutes • Checks every 1.5 seconds • 3 0.5 second frames • Classifies each frame as “extreme” or not • If all 3 are “extreme” user rejected • 0% of legitimate users rejected • 91% of impostor data rejected after first 1.5 seconds • 100% of rejected by 45 seconds 26 13
5/25/2019 Overview • Introduction, Motivation and Background • Assentication Biometric • Adversarial Model • Assentication Prototype Setup and User Study • Conclusion/Future Work 27 Conclusions • Assentication biometric can be used for de-authentication • 94.2% accuracy for identification • 100% accuracy for continuous authentication • Casual impersonation unlikely • 90% imposters immediately rejected • 100% imposters rejected by 45 seconds • Determined impersonation logistically difficult 28 14
5/25/2019 Future Work • Longitudinal study • Understand longevity of Posture Patterns • Workplace evaluation • Adversarial study • Both casual and determined 29 References • S. Eberz, K. B. Rasmussen, V. Lenders, and I. Martinovic, Preventing lunchtime attacks: Fighting insider threats with eye movement biometrics." in Network and Distributed System Security Symposium 2015 (NDSS), Internet Society, San Diego, 2015. • A. A. Ahmed and I. Traore, “Biometric recognition based on free-text keystroke dynamics,“ in IEEE Transactions on cybernetics, vol. 44, no. 4, pp. 458-472, 2014. • M. Conti, G. Lovisotto, I. Martinovic, and G. Tsudik, Fadewich: Fast deauthentication over the wireless channel," in 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS). IEEE, 2017, pp. 2294-2301. • S. Mare, A. M. Markham, C. Cornelius, R. Peterson, and D. Kotz, Zebra: zero-effort bilateral recurring authentication," in 2014 IEEE Symposium on Security and Privacy (S&P). IEEE, 2014, pp. 705-720. • Huhta , O , Shrestha , P , Udar , S , Juuti , M , Saxena , N & Asokan , N 2016 , Pitfalls in Designing Zero-Effort Deauthentication: Opportunistic Human Observation Attacks . in Network and Distributed System Security Symposium 2016 (NDSS). Internet Society , San Diego , pp. 1-14 , Network and Distributed System Security Symposium , San Diego , United States , 21/02/2016 . DOI: 10.14722/ndss.2016.23199 30 15
Recommend
More recommend
