Using ML (originally RL) to simulate user's typing patterns in order to compromise biometic security systems.
We present SNARL, a suite of tools that is able to simulate a user's typing pattern with the goal of exposing the vulnerabilities of new biometric based identification techniques. Researchers have known for many years that password based verification systems are insecure, in part due to security holes in applications, and in part due to users (e.g. password reuse). In an effort to bolster security, some applications leverage additional data; we are particularly interested in the merits and drawbacks of biometric data. Biometric identification schemes are in some aspects very secure, because a person can often be uniquely identified by some combination of biometric factors. On the other hand, if somehow this information were to be stolen, akin to a password being leaked, it is nearly impossible to change, since they are often either physical traits that exist from birth or habits developed over many years. Our paper demonstrates a system that is able to rapidly learn and simulate user password typing habits, and suggests that keypress timings should only be used as an inexpensive technique that does not significantly boost security.
The proposal for this project can be found here.
The final paper for this project can be found here.