TY - GEN
T1 - BehavioCog
T2 - 21st International Conference on Financial Cryptography and Data Security, FC 2017
AU - Chauhan, Jagmohan
AU - Zhao, Benjamin Zi Hao
AU - Asghar, Hassan Jameel
AU - Chan, Jonathan
AU - Kaafar, Mohamed Ali
PY - 2017
Y1 - 2017
N2 - We propose that by integrating behavioural biometric gestures—such as drawing figures on a touch screen—with challenge-response based cognitive authentication schemes, we can benefit from the properties of both. On the one hand, we can improve the usability of existing cognitive schemes by significantly reducing the number of challenge-response rounds by (partially) relying on the hardness of mimicking carefully designed behavioural biometric gestures. On the other hand, the observation resistant property of cognitive schemes provides an extra layer of protection for behavioural biometrics; an attacker is unsure if a failed impersonation is due to a biometric failure or a wrong response to the challenge. We design and develop a prototype of such a “hybrid” scheme, named BehavioCog. To provide security close to a 4-digit PIN—one in 10,000 chance to impersonate—we only need two challenge-response rounds, which can be completed in less than 38, s on average (as estimated in our user study), with the advantage that unlike PINs or passwords, the scheme is secure under observation.
AB - We propose that by integrating behavioural biometric gestures—such as drawing figures on a touch screen—with challenge-response based cognitive authentication schemes, we can benefit from the properties of both. On the one hand, we can improve the usability of existing cognitive schemes by significantly reducing the number of challenge-response rounds by (partially) relying on the hardness of mimicking carefully designed behavioural biometric gestures. On the other hand, the observation resistant property of cognitive schemes provides an extra layer of protection for behavioural biometrics; an attacker is unsure if a failed impersonation is due to a biometric failure or a wrong response to the challenge. We design and develop a prototype of such a “hybrid” scheme, named BehavioCog. To provide security close to a 4-digit PIN—one in 10,000 chance to impersonate—we only need two challenge-response rounds, which can be completed in less than 38, s on average (as estimated in our user study), with the advantage that unlike PINs or passwords, the scheme is secure under observation.
UR - http://www.scopus.com/inward/record.url?scp=85039152805&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-70972-7_3
DO - 10.1007/978-3-319-70972-7_3
M3 - Conference proceeding contribution
AN - SCOPUS:85039152805
SN - 9783319709710
VL - 10322 LNCS
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 39
EP - 58
BT - Financial Cryptography and Data Security
A2 - Kiayias, Aggelos
PB - Springer, Springer Nature
Y2 - 3 April 2017 through 7 April 2017
ER -