Publication Date

3-2014

Abstract

Usability is an important aspect of security, because poor usability motivates users to find shortcuts that bypass the system. Existing studies on keystroke biometrics evaluate the usability issue in terms of the average false rejection rate (FRR). We show in this paper that such an approach underestimates the user impact in two ways. First, the FRR of keystroke biometrics changes for the worse under a range of common conditions such as background music, exercise and even game playing. In a user study involving 111 participants, the average penalties (increases) in FRR are 0.0360 and 0.0498, respectively, for two different classifiers. Second, presenting the FRR as an average obscures the fact that not everyone is suitable for keystroke biometrics deployment. For example, using a Monte Carlo simulation, we found that 30% of users would encounter an account lockout before their 50th authentication session (given a lockout policy of 3 attempts) if they are affected by external influences 50% of the time when authenticating.

Discipline

Computer Sciences | Information Security

Research Areas

Cybersecurity

Publication

CODASPY'14: Proceedings of the 4th ACM Conference on Data and Application Security and Privacy: March 3-5, 2014, San Antonio, Texas

First Page

289

Last Page

296

ISBN

9781450322782

Identifier

10.1145/2557547.2557573

Publisher

ACM

City or Country

New York

Additional URL

http://dx.doi.org/10.1145/2557547.2557573

Share

COinS