Assentication: User De-Authentication and Lunch Time Attack - - PDF document

5/25/2019 1

Assentication: User De-Authentication and Lunch Time Attack Mitigation with Seated Posture Biometric

University of California, Irvine Tyler Kaczmarek, Ercan Ozturk, Gene Tsudik {tkaczmar, ercano, gtsudik}@uci.edu

1

Overview

• Introduction, Motivation and Background
• Assentication Biometric
• Adversarial Model
• Assentication Prototype Setup and User Study
• Conclusion/Future Work

2

5/25/2019 2

Authentication

• Effective user authentication critical for meaningful security system

Modern systems typically use 2 factors:

• What you know (password/PIN)
• What you have (physical token)
• What you are / how you behave (biometrics)
• Can be biological or behavioral
• Confirms legitimate user present at session start

3

Workplace Activities

[A1]: Work while providing continuous input [A2]: Take a quick seated nap or meditation break [A3]: Read some printed material [A4]: Use a personal device other than your computer [A5]: Turn away from one's desk to talk [A6]: Consume media without using any input devices [A7]: Take part in an audio or video conference [A8]: Get up momentarily without leaving [A9]: Leave the workplace

4

5/25/2019 3

The Lunch Time Attack

• Careless user walks away

without logging out

• Adversary moves in and hijacks

session

• Difficult to repudiate
• Need to periodically

reauthenticate users

5

Continuous Authentication/De-authentication

• Continuous Authentication
• Confirm legitimate user presence
• De-authentication
• Special case
• Confirm user absence

6

5/25/2019 4

Continuous Authentication Goals

• Correctly identify [A9]
• Quickly detect circumvention attempts
• Minimize FRR
• Confusing [A1]-[A8] for [A9]
• Minimize FAR
• Confusing [A9] for [A1]-[A8]
• Confusing illegitimate users for authorized ones
• Minimize obtrusiveness
• Both user burden and extra equipment

7

Default De-authentication: Inactivity Timeouts

• Lock session if user inactive for given time limit
• Reduces activities to [A1], and NOT [A1]
• FRR high for [A2]-[A8]
• FAR high for non-legitimate users
• Timeout duration public knowledge

8

5/25/2019 5

Modern De-authentication Techniques: Keystroke Dynamics and Zebra

• Keystroke Dynamics [TC 2014]
• Can detect inauthentic users
• Requires active input
• Defaults to inactivity timeout in NOT [A1]
• Zebra [S&P 2014]
• Uses wrist device to track arm movements
• Matches movements to observed input
• Vulnerable to imitation attack [NDSS 2016]

9

Modern De-authentication Techniques: Gaze Tracking and FADEWITCH

• Gaze Tracking [NDSS 2015]
• Follows user eye patterns
• Detects inauthentic users in 40 sec
• De-authenticates if user looks away
• Requires extremely expensive equipment
• FADEWITCH [ICDCS 2017]
• Detects presence through RSSI changes on wireless sensors
• Cannot discriminate impostors from legitimate users

10

5/25/2019 6

Overview

• Introduction, Motivation and Background
• Assentication Biometric
• Adversarial Model
• Assentication Prototype Setup and User Study
• Conclusion/Future Work

11

Assentication Biometric

• Physical
• Hip width
• Weight
• Leg length
• Behavioral
• Posture patterns

12

5/25/2019 7

Assentication Advantages

• Passive
• Not easily circumventable
• Liveness is implicit
• No alteration in user behavior
• Office workers sit >75% of the week
• Very little specialized hardware
• Works well with [A1]-[A7]

13

Assentication Disadvantages

• Incompatible with edge-case office arrangements
• Yoga balls
• Standing desks
• Confuse [A8] for [A9]
• Day-to-Day stability questionable
• Weight shifts
• Posture linked to mood

14

5/25/2019 8

Overview

• Introduction, Motivation and Background
• Assentication Biometric
• Adversarial Model
• Assentication Prototype Setup and User Study
• Conclusion/Future Work

15

Adversarial Model

• Insider attacks responsible for 28% of crimes in industry
• Disgruntled employee with physical access
• Doesn’t want to be linked to attack

16

5/25/2019 9

Casual Adversary

• Aware of Assentication
• Tries to physically imitate posture
• Does not use extra equipment

17

Determined Adversary

• Aware of Assentication
• Access to sensor data
• Access to precise victim measurements
• Constructs a physical victim model
• Constructs pneumatic/hydraulic contraption

18

5/25/2019 10

Overview

• Introduction, Motivation and Background
• Assentication Biometric
• Adversarial Model
• Assentication Prototype Setup and User Study
• Conclusion/Future Work

19

Prototype Design

20

• 2003/2004 Hon Mid-Back Task Chair
• 16 Tekscan Flexiforce A401 Large Force Sensing Resistors
• 2 Arduino 101 modules
• Total instrumentation cost - $275
• Under $150 at 30-user scale

5/25/2019 11

Prototype Construction

21

User Study

• 30 subjects
• 10 female
• 20 male
• Brought prototype to subjects in their office environment
• Each user spent 10 minutes seated on prototype
• Measurements collected every 0.5 seconds

22

5/25/2019 12

Raw Data: Posture shift

23

Identification Results – True Positive Rates

24

5/25/2019 13

Identification Results – False Positive Rates

25

Results – Continuous Authentication

• Anomaly detector
• Trains 5 minutes
• Checks every 1.5 seconds
• 3 0.5 second frames
• Classifies each frame as “extreme” or not
• If all 3 are “extreme” user rejected
• 0% of legitimate users rejected
• 91% of impostor data rejected after first 1.5 seconds
• 100% of rejected by 45 seconds

26

5/25/2019 14

Overview

• Introduction, Motivation and Background
• Assentication Biometric
• Adversarial Model
• Assentication Prototype Setup and User Study
• Conclusion/Future Work

27

Conclusions

• Assentication biometric can be used for de-authentication
• 94.2% accuracy for identification
• 100% accuracy for continuous authentication
• Casual impersonation unlikely
• 90% imposters immediately rejected
• 100% imposters rejected by 45 seconds
• Determined impersonation logistically difficult

28

5/25/2019 15

Future Work

• Longitudinal study
• Understand longevity of Posture Patterns
• Workplace evaluation
• Adversarial study
• Both casual and determined

29

References

• S. Eberz, K. B. Rasmussen, V. Lenders, and I. Martinovic, Preventing lunchtime attacks: Fighting insider

threats with eye movement biometrics." in Network and Distributed System Security Symposium 2015 (NDSS), Internet Society, San Diego, 2015.

• A. A. Ahmed and I. Traore, “Biometric recognition based on free-text keystroke dynamics,“ in IEEE

Transactions on cybernetics, vol. 44, no. 4, pp. 458-472, 2014.

• M. Conti, G. Lovisotto, I. Martinovic, and G. Tsudik, Fadewich: Fast deauthentication over the wireless

channel," in 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS). IEEE, 2017,

• pp. 2294-2301.
• S. Mare, A. M. Markham, C. Cornelius, R. Peterson, and D. Kotz, Zebra: zero-effort bilateral recurring

authentication," in 2014 IEEE Symposium on Security and Privacy (S&P). IEEE, 2014, pp. 705-720.

• Huhta , O , Shrestha , P , Udar , S , Juuti , M , Saxena , N & Asokan , N 2016 , Pitfalls in Designing Zero-Effort

Deauthentication: Opportunistic Human Observation Attacks . in Network and Distributed System Security Symposium 2016 (NDSS). Internet Society , San Diego , pp. 1-14 , Network and Distributed System Security Symposium , San Diego , United States , 21/02/2016 . DOI: 10.14722/ndss.2016.23199

30