| Summary: | <p>In recent years, behavioural biometrics have become increasingly popular, with many types of behaviour being explored for the purpose of user authentication. Some of the most common examples are keystroke dynamics, mouse movements, touchscreen inputs and human gait. </p> <p>Unlike physiological biometrics (e.g., fingerprints), behavioural biometrics are often believed to be relatively hard for adversaries to collect, but nevertheless have been subject to active attacks, including presentation, signal injection and imitation attacks.</p> <p>In this thesis, we take a holistic view on the design, evaluation and security analysis of behavioural biometric recognition systems. First, we underline their usefulness by designing a novel authentication system based on distinctive eye movement behaviour. We evaluate this system under different adversary models and show that eye movements can be used for both user authentication and judging a user's task familiarity. Drawing from insights gained from this project, we go beyond the state of the art to develop metrics and methodologies that more accurately reflect a system's real-world performance and security. This approach is centred around reflecting a biometric's systematic false negatives (i.e., attackers that consistently go undetected) more accurately.</p> <p>A frequent focus of related work is how to present previously obtained biometric data to a behavioural authentication system (e.g., through imitation or mimicry attacks). However, the challenge of obtaining this data in the first place is far less explored. In this thesis, we perform a series of experiments to judge the usefulness of biometric data collected through a variety of sources. The idea is to measure the security impact of the plethora of biometric data that is involuntarily created through our day-to-day interactions with diverse systems.</p>
|
|---|