The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
L'évolution rapide des attaques par identifiants constitue un défi majeur en matière de sécurité pour les systèmes d'information actuels basés sur des mots de passe. Récemment, des facteurs biométriques difficiles à falsifier tels que le visage, l'iris ou les empreintes digitales sont devenus des éléments clés pour la conception d'une authentification sans mot de passe. Cependant, la capture et l’analyse de ces facteurs nécessitent généralement des dispositifs spéciaux, ce qui entrave leur faisabilité et leur caractère pratique. À cette fin, nous présentons WiASK, un logiciel sans appareil WiDétection Fi activée Authentication Sexploration du système Kdynamique du coup d'œil. Plus précisément, WiASK capture les frappes d'un utilisateur tapant une chaîne prédéfinie facile à retenir en tirant parti de l'infrastructure WiFi existante. Mais au lieu de se concentrer sur la chaîne elle-même qui est vulnérable aux attaques par mot de passe, WiASK interprète la façon dont elle est saisie, c'est-à-dire la dynamique de frappe, en identité d'utilisateur, sur la base de la corrélation biologiquement validée entre elles. Nous prototypons WiASK sur des appareils WiFi disponibles dans le commerce à faible coût et vérifions ses performances dans trois environnements réels. Les résultats empiriques montrent que WiASK atteint en moyenne une précision d'authentification de 93.7 %, un taux de fausses acceptations de 2.5 % et un taux de faux rejets de 5.1 %.
Yuanwei HOU
Peking University
Yu GU
Hefei University of Technology
Weiping LI
Peking University
Zhi LIU
The University of Electro-Communications
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copier
Yuanwei HOU, Yu GU, Weiping LI, Zhi LIU, "Combating Password Vulnerability with Keystroke Dynamics Featured by WiFi Sensing" in IEICE TRANSACTIONS on Fundamentals,
vol. E105-A, no. 9, pp. 1340-1347, September 2022, doi: 10.1587/transfun.2021EAP1119.
Abstract: The fast evolving credential attacks have been a great security challenge to current password-based information systems. Recently, biometrics factors like facial, iris, or fingerprint that are difficult to forge rise as key elements for designing passwordless authentication. However, capturing and analyzing such factors usually require special devices, hindering their feasibility and practicality. To this end, we present WiASK, a device-free WiFi sensing enabled Authentication System exploring Keystroke dynamics. More specifically, WiASK captures keystrokes of a user typing a pre-defined easy-to-remember string leveraging the existing WiFi infrastructure. But instead of focusing on the string itself which are vulnerable to password attacks, WiASK interprets the way it is typed, i.e., keystroke dynamics, into user identity, based on the biologically validated correlation between them. We prototype WiASK on the low-cost off-the-shelf WiFi devices and verify its performance in three real environments. Empirical results show that WiASK achieves on average 93.7% authentication accuracy, 2.5% false accept rate, and 5.1% false reject rate.
URL: https://global.ieice.org/en_transactions/fundamentals/10.1587/transfun.2021EAP1119/_p
Copier
@ARTICLE{e105-a_9_1340,
author={Yuanwei HOU, Yu GU, Weiping LI, Zhi LIU, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={Combating Password Vulnerability with Keystroke Dynamics Featured by WiFi Sensing},
year={2022},
volume={E105-A},
number={9},
pages={1340-1347},
abstract={The fast evolving credential attacks have been a great security challenge to current password-based information systems. Recently, biometrics factors like facial, iris, or fingerprint that are difficult to forge rise as key elements for designing passwordless authentication. However, capturing and analyzing such factors usually require special devices, hindering their feasibility and practicality. To this end, we present WiASK, a device-free WiFi sensing enabled Authentication System exploring Keystroke dynamics. More specifically, WiASK captures keystrokes of a user typing a pre-defined easy-to-remember string leveraging the existing WiFi infrastructure. But instead of focusing on the string itself which are vulnerable to password attacks, WiASK interprets the way it is typed, i.e., keystroke dynamics, into user identity, based on the biologically validated correlation between them. We prototype WiASK on the low-cost off-the-shelf WiFi devices and verify its performance in three real environments. Empirical results show that WiASK achieves on average 93.7% authentication accuracy, 2.5% false accept rate, and 5.1% false reject rate.},
keywords={},
doi={10.1587/transfun.2021EAP1119},
ISSN={1745-1337},
month={September},}
Copier
TY - JOUR
TI - Combating Password Vulnerability with Keystroke Dynamics Featured by WiFi Sensing
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 1340
EP - 1347
AU - Yuanwei HOU
AU - Yu GU
AU - Weiping LI
AU - Zhi LIU
PY - 2022
DO - 10.1587/transfun.2021EAP1119
JO - IEICE TRANSACTIONS on Fundamentals
SN - 1745-1337
VL - E105-A
IS - 9
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - September 2022
AB - The fast evolving credential attacks have been a great security challenge to current password-based information systems. Recently, biometrics factors like facial, iris, or fingerprint that are difficult to forge rise as key elements for designing passwordless authentication. However, capturing and analyzing such factors usually require special devices, hindering their feasibility and practicality. To this end, we present WiASK, a device-free WiFi sensing enabled Authentication System exploring Keystroke dynamics. More specifically, WiASK captures keystrokes of a user typing a pre-defined easy-to-remember string leveraging the existing WiFi infrastructure. But instead of focusing on the string itself which are vulnerable to password attacks, WiASK interprets the way it is typed, i.e., keystroke dynamics, into user identity, based on the biologically validated correlation between them. We prototype WiASK on the low-cost off-the-shelf WiFi devices and verify its performance in three real environments. Empirical results show that WiASK achieves on average 93.7% authentication accuracy, 2.5% false accept rate, and 5.1% false reject rate.
ER -