When your fitness tracker betrays you: quantifying the predictability of biometric features across contexts

Attacks on behavioral biometrics have become increasingly popular. Most research has been focused on presenting a previously obtained feature vector to the biometric sensor, often by the attacker training themselves to change their behavior to match that of the victim. However, obtaining the victim&...

Full description

Bibliographic Details
Main Authors: Eberz, S, Lovisotto, G, Patanè, A, Kwiatkowska, M, Lenders, V, Martinovic, I
Format: Conference item
Published: IEEE 2018
_version_ 1797052430985199616
author Eberz, S
Lovisotto, G
Patanè, A
Kwiatkowska, M
Lenders, V
Martinovic, I
author_facet Eberz, S
Lovisotto, G
Patanè, A
Kwiatkowska, M
Lenders, V
Martinovic, I
author_sort Eberz, S
collection OXFORD
description Attacks on behavioral biometrics have become increasingly popular. Most research has been focused on presenting a previously obtained feature vector to the biometric sensor, often by the attacker training themselves to change their behavior to match that of the victim. However, obtaining the victim's biometric information may not be easy, especially when the user's template on the authentication device is adequately secured. As such, if the authentication device is inaccessible, the attacker may have to obtain data elsewhere. In this paper, we present an analytic framework that enables us to measure how easily features can be predicted based on data gathered in a different context (e.g., different sensor, performed task or environment). This framework is used to assess how resilient individual features or entire biometrics are against such cross-context attacks. In order to be able to compare existing biometrics with regard to this property, we perform a user study to gather biometric data from 30 participants and five biometrics (ECG, eye movements, mouse movements, touchscreen dynamics and gait) in a variety of contexts. We make this dataset publicly available online. Our results show that many attack scenarios are viable in practice as features are easily predicted from a variety of contexts. All biometrics include features that are particularly predictable (e.g., amplitude features for ECG or curvature for mouse movements). Overall, we observe that cross-context attacks on eye movements, mouse movements and touchscreen inputs are comparatively easy while ECG and gait exhibit much more chaotic cross-context changes.
first_indexed 2024-03-06T18:31:27Z
format Conference item
id oxford-uuid:09c98921-71c4-40ae-84bb-193b76dfd498
institution University of Oxford
last_indexed 2024-03-06T18:31:27Z
publishDate 2018
publisher IEEE
record_format dspace
spelling oxford-uuid:09c98921-71c4-40ae-84bb-193b76dfd4982022-03-26T09:20:14ZWhen your fitness tracker betrays you: quantifying the predictability of biometric features across contextsConference itemhttp://purl.org/coar/resource_type/c_5794uuid:09c98921-71c4-40ae-84bb-193b76dfd498Symplectic Elements at OxfordIEEE2018Eberz, SLovisotto, GPatanè, AKwiatkowska, MLenders, VMartinovic, IAttacks on behavioral biometrics have become increasingly popular. Most research has been focused on presenting a previously obtained feature vector to the biometric sensor, often by the attacker training themselves to change their behavior to match that of the victim. However, obtaining the victim's biometric information may not be easy, especially when the user's template on the authentication device is adequately secured. As such, if the authentication device is inaccessible, the attacker may have to obtain data elsewhere. In this paper, we present an analytic framework that enables us to measure how easily features can be predicted based on data gathered in a different context (e.g., different sensor, performed task or environment). This framework is used to assess how resilient individual features or entire biometrics are against such cross-context attacks. In order to be able to compare existing biometrics with regard to this property, we perform a user study to gather biometric data from 30 participants and five biometrics (ECG, eye movements, mouse movements, touchscreen dynamics and gait) in a variety of contexts. We make this dataset publicly available online. Our results show that many attack scenarios are viable in practice as features are easily predicted from a variety of contexts. All biometrics include features that are particularly predictable (e.g., amplitude features for ECG or curvature for mouse movements). Overall, we observe that cross-context attacks on eye movements, mouse movements and touchscreen inputs are comparatively easy while ECG and gait exhibit much more chaotic cross-context changes.
spellingShingle Eberz, S
Lovisotto, G
Patanè, A
Kwiatkowska, M
Lenders, V
Martinovic, I
When your fitness tracker betrays you: quantifying the predictability of biometric features across contexts
title When your fitness tracker betrays you: quantifying the predictability of biometric features across contexts
title_full When your fitness tracker betrays you: quantifying the predictability of biometric features across contexts
title_fullStr When your fitness tracker betrays you: quantifying the predictability of biometric features across contexts
title_full_unstemmed When your fitness tracker betrays you: quantifying the predictability of biometric features across contexts
title_short When your fitness tracker betrays you: quantifying the predictability of biometric features across contexts
title_sort when your fitness tracker betrays you quantifying the predictability of biometric features across contexts
work_keys_str_mv AT eberzs whenyourfitnesstrackerbetraysyouquantifyingthepredictabilityofbiometricfeaturesacrosscontexts
AT lovisottog whenyourfitnesstrackerbetraysyouquantifyingthepredictabilityofbiometricfeaturesacrosscontexts
AT patanea whenyourfitnesstrackerbetraysyouquantifyingthepredictabilityofbiometricfeaturesacrosscontexts
AT kwiatkowskam whenyourfitnesstrackerbetraysyouquantifyingthepredictabilityofbiometricfeaturesacrosscontexts
AT lendersv whenyourfitnesstrackerbetraysyouquantifyingthepredictabilityofbiometricfeaturesacrosscontexts
AT martinovici whenyourfitnesstrackerbetraysyouquantifyingthepredictabilityofbiometricfeaturesacrosscontexts