Projektgruppe MirrorMe (Mimicry to Attack Behavioral Biometrics with Games in Mixed Reality)
With the increasing number of ubiquitous devices, authentication and identification remain critical for data privacy protection. Typical authentication techniques such as PIN/Passwords do not scale to different computing environments with several users (e.g., authentication on smart glasses using alphanumeric passwords is cumbersome). Looking for an easier and more pleasant solution, previous studies showed that each human has unique body movements that can distinctively identify them among other people. Such behaviors include but are not limited to walking patterns (e.g., gait), keystroke dynamics (e.g., how a user types on a keyboard), touch screen interactions (e.g., where and how the phone is touched), and many others. Considering behaviors as biometric features is a promising approach due to their scalability among several devices and multiple users.
However, it is still an open question of how robust these techniques are against malicious attacks, specifically mimicry attacks (i.e., an attack in which the user tries to copy a certain behavior). For example, an attacker attempting to penetrate the system might study and imitate user’s walk.
In this project, we target behavioral biometrics as robust identification features, and investigate how such systems can be tricked by attackers to receive unauthorized access. The idea is to build a training application that supports an attacker in a playful way. By creating games in Virtual and Augmented Reality, we explore how such games can be used to support an attacker and trick an authentication system based on behavioral biometrics.