Fighting Coercion Attacks in Key Generation using Skin Conductance
Conference Proceeding Article
Many techniques have been proposed to generate keys including text passwords, graphical passwords, biometric data and etc. Most of these techniques are not resistant to coercion attacks in which the user is forcefully asked by an attacker to generate the key to gain access to the system or to decrypt the encrypted file. We present a novel approach in generating cryptographic keys to fight against coercion attacks. Our novel technique incorporates the user’s emotional status, which changes when the user is under coercion, into the key generation through measurements of the user’s skin conductance. We present a model that generates cryptographic keys with one’s voice and skin conductance. In order to explore more, a preliminary user study with 39 subjects was done which shows that our approach has moderate falsepositive and false-negative rates. We also present the attacker’s strategy in guessing the cryptographic keys, and show that the resulting change in the password space under such attacks is small.
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
City or Country
Washington, DC, USA
GUPTA, Payas and GAO, Debin.
Fighting Coercion Attacks in Key Generation using Skin Conductance. (2010). USENIX Security'10 Proceedings of the 19th USENIX conference on Security. 30-30. Research Collection School Of Information Systems.
Available at: http://ink.library.smu.edu.sg/sis_research/1317