Conditional Generative Adversarial Network for keystroke presentation attack

TL;DR

This paper explores using Conditional GANs to generate synthetic keystroke data for impersonation attacks, revealing vulnerabilities in keystroke authentication systems against such synthetic data.

Contribution

It introduces a novel approach employing cGANs to create realistic keystroke data for presentation attacks, highlighting a new threat to behavioral biometric security.

Findings

cGAN effectively generates realistic keystroke patterns

Synthetic data can deceive keystroke authentication systems

Vulnerabilities in current biometric systems are demonstrated

Abstract

Cybersecurity is a crucial step in data protection to ensure user security and personal data privacy. In this sense, many companies have started to control and restrict access to their data using authentication systems. However, these traditional authentication methods, are not enough for ensuring data protection, and for this reason, behavioral biometrics have gained importance. Despite their promising results and the wide range of applications, biometric systems have shown to be vulnerable to malicious attacks, such as Presentation Attacks. For this reason, in this work, we propose to study a new approach aiming to deploy a presentation attack towards a keystroke authentication system. Our idea is to use Conditional Generative Adversarial Networks (cGAN) for generating synthetic keystroke data that can be used for impersonating an authorized user. These synthetic data are generated following two different real use cases, one in which the order of the typed words is known (ordered dynamic) and the other in which this order is unknown (no-ordered dynamic). Finally, both keystroke dynamics (ordered and no-ordered) are validated using an external keystroke authentication system. Results indicate that the cGAN can effectively generate keystroke dynamics patterns that can be used for deceiving keystroke authentication systems.