IEICE TRANSACTIONS on Fundamentals
Combating Password Vulnerability with Keystroke Dynamics Featured by WiFi Sensing
Summary :
The fast evolving credential attacks have been a great security challenge to current password-based information systems. Recently, biometrics factors like facial, iris, or fingerprint that are difficult to forge rise as key elements for designing passwordless authentication. However, capturing and analyzing such factors usually require special devices, hindering their feasibility and practicality. To this end, we present WiASK, a device-free WiFi sensing enabled Authentication System exploring Keystroke dynamics. More specifically, WiASK captures keystrokes of a user typing a pre-defined easy-to-remember string leveraging the existing WiFi infrastructure. But instead of focusing on the string itself which are vulnerable to password attacks, WiASK interprets the way it is typed, i.e., keystroke dynamics, into user identity, based on the biologically validated correlation between them. We prototype WiASK on the low-cost off-the-shelf WiFi devices and verify its performance in three real environments. Empirical results show that WiASK achieves on average 93.7% authentication accuracy, 2.5% false accept rate, and 5.1% false reject rate.
- Publication
- IEICE TRANSACTIONS on Fundamentals Vol.E105-A No.9 pp.1340-1347
- Publication Date
- 2022/09/01
- Publicized
- 2022/04/01
- Online ISSN
- 1745-1337
- DOI
- 10.1587/transfun.2021EAP1119
- Type of Manuscript
- PAPER
- Category
- Mobile Information Network and Personal Communications
Authors
Yuanwei HOU
Peking University
Yu GU
Hefei University of Technology
Weiping LI
Peking University
Zhi LIU
The University of Electro-Communications
Keyword
Latest Issue
Copyrights notice of machine-translated contents
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Cite this
Copy
Yuanwei HOU, Yu GU, Weiping LI, Zhi LIU, "Combating Password Vulnerability with Keystroke Dynamics Featured by WiFi Sensing" in IEICE TRANSACTIONS on Fundamentals,
vol. E105-A, no. 9, pp. 1340-1347, September 2022, doi: 10.1587/transfun.2021EAP1119.
Abstract: The fast evolving credential attacks have been a great security challenge to current password-based information systems. Recently, biometrics factors like facial, iris, or fingerprint that are difficult to forge rise as key elements for designing passwordless authentication. However, capturing and analyzing such factors usually require special devices, hindering their feasibility and practicality. To this end, we present WiASK, a device-free WiFi sensing enabled Authentication System exploring Keystroke dynamics. More specifically, WiASK captures keystrokes of a user typing a pre-defined easy-to-remember string leveraging the existing WiFi infrastructure. But instead of focusing on the string itself which are vulnerable to password attacks, WiASK interprets the way it is typed, i.e., keystroke dynamics, into user identity, based on the biologically validated correlation between them. We prototype WiASK on the low-cost off-the-shelf WiFi devices and verify its performance in three real environments. Empirical results show that WiASK achieves on average 93.7% authentication accuracy, 2.5% false accept rate, and 5.1% false reject rate.
URL: https://global.ieice.org/en_transactions/fundamentals/10.1587/transfun.2021EAP1119/_p
Copy
@ARTICLE{e105-a_9_1340,
author={Yuanwei HOU, Yu GU, Weiping LI, Zhi LIU, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={Combating Password Vulnerability with Keystroke Dynamics Featured by WiFi Sensing},
year={2022},
volume={E105-A},
number={9},
pages={1340-1347},
abstract={The fast evolving credential attacks have been a great security challenge to current password-based information systems. Recently, biometrics factors like facial, iris, or fingerprint that are difficult to forge rise as key elements for designing passwordless authentication. However, capturing and analyzing such factors usually require special devices, hindering their feasibility and practicality. To this end, we present WiASK, a device-free WiFi sensing enabled Authentication System exploring Keystroke dynamics. More specifically, WiASK captures keystrokes of a user typing a pre-defined easy-to-remember string leveraging the existing WiFi infrastructure. But instead of focusing on the string itself which are vulnerable to password attacks, WiASK interprets the way it is typed, i.e., keystroke dynamics, into user identity, based on the biologically validated correlation between them. We prototype WiASK on the low-cost off-the-shelf WiFi devices and verify its performance in three real environments. Empirical results show that WiASK achieves on average 93.7% authentication accuracy, 2.5% false accept rate, and 5.1% false reject rate.},
keywords={},
doi={10.1587/transfun.2021EAP1119},
ISSN={1745-1337},
month={September},}
Copy
TY - JOUR
TI - Combating Password Vulnerability with Keystroke Dynamics Featured by WiFi Sensing
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 1340
EP - 1347
AU - Yuanwei HOU
AU - Yu GU
AU - Weiping LI
AU - Zhi LIU
PY - 2022
DO - 10.1587/transfun.2021EAP1119
JO - IEICE TRANSACTIONS on Fundamentals
SN - 1745-1337
VL - E105-A
IS - 9
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - September 2022
AB - The fast evolving credential attacks have been a great security challenge to current password-based information systems. Recently, biometrics factors like facial, iris, or fingerprint that are difficult to forge rise as key elements for designing passwordless authentication. However, capturing and analyzing such factors usually require special devices, hindering their feasibility and practicality. To this end, we present WiASK, a device-free WiFi sensing enabled Authentication System exploring Keystroke dynamics. More specifically, WiASK captures keystrokes of a user typing a pre-defined easy-to-remember string leveraging the existing WiFi infrastructure. But instead of focusing on the string itself which are vulnerable to password attacks, WiASK interprets the way it is typed, i.e., keystroke dynamics, into user identity, based on the biologically validated correlation between them. We prototype WiASK on the low-cost off-the-shelf WiFi devices and verify its performance in three real environments. Empirical results show that WiASK achieves on average 93.7% authentication accuracy, 2.5% false accept rate, and 5.1% false reject rate.
ER -
English
