Fighting Coercion Attacks in Key Generation using Skin Conductance

Publication Type

Conference Proceeding Article

Publication Date

8-2010

Abstract

Many techniques have been proposed to generate keys including text passwords, graphical passwords, biometric data and etc. Most of these techniques are not resistant to coercion attacks in which the user is forcefully asked by an attacker to generate the key to gain access to the system or to decrypt the encrypted file. We present a novel approach in generating cryptographic keys to fight against coercion attacks. Our novel technique incorporates the user’s emotional status, which changes when the user is under coercion, into the key generation through measurements of the user’s skin conductance. We present a model that generates cryptographic keys with one’s voice and skin conductance. In order to explore more, a preliminary user study with 39 subjects was done which shows that our approach has moderate falsepositive and false-negative rates. We also present the attacker’s strategy in guessing the cryptographic keys, and show that the resulting change in the password space under such attacks is small.

Discipline

Information Security

Research Areas

Cybersecurity

Publication

USENIX Security'10 Proceedings of the 19th USENIX conference on Security

First Page

30

Last Page

30

ISBN

8887666655554

City or Country

Washington, DC, USA

This document is currently not available here.

Share

COinS