Fr, 04. Dez. 2020   Grünefeld, Uwe

Projektgruppe: MirrorMe (SoSe 2020)

Im Sommersemester 2021 bieten wir erneut eine Projektgruppe für Masterstudierende an. In dieser Projektgruppe sollen Verhaltensbasierte Authentifizierungsverfahren durch Nachahmung des Verhaltens überlistet werden. Dazu werden wir in der Projektgruppe Computerspiele für die erweiterte und virtuelle Realität erstellen, die Nutzer darin unterstützen, dass Verhalten einer anderen Person nachzuahmen. Weitere Informationen folgen zeitnah. Im Nachfolgenden einmal die englische Kurzbeschreibung der Projektgruppe.

MirrorMe: Mimicry to Attack Behavioral Biometrics with Games in Mixed Reality

With the increasing number of ubiquitous devices, authentication and identification remain critical for data privacy protection. Typical authentication techniques such as PIN/Passwords do not scale to different computing environments with several users (e.g., authentication on smart glasses using alphanumeric passwords is cumbersome). Looking for an easier and more pleasant solution, previous studies showed that each human has unique body movements that can distinctively identify them among other people. Such behaviors include but are not limited to walking patterns (e.g., gait), keystroke dynamics (e.g., how a user types on a keyboard), touch screen interactions (e.g., where and how the phone is touched), and many others. Considering behaviors as biometric features is a promising approach due to their scalability among several devices and multiple users.

However, it is still an open question of how robust these techniques are against malicious attacks, specifically mimicry attacks (i.e., an attack in which the user tries to copy a certain behavior). For example, an attacker attempting to penetrate the system might study and imitate user’s walk.

In this project, we target behavioral biometrics as robust identification features, and investigate how such systems can be tricked by attackers to receive unauthorized access. The idea is to build a training application that supports an attacker in a playful way. By creating games in Virtual and Augmented Reality, we explore how such games can be used to support an attacker and trick an authentication system based on behavioral biometrics.