Behavioural biometrics for PIN authentication
V. Wassenaar (TU Delft - Electrical Engineering, Mathematics and Computer Science)
D. de Laat (TU Delft - Discrete Mathematics and Optimization)
More Info
expand_more
Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.
Abstract
A PIN pad is a common way to authenticate, in particular for mobile applications. To strengthen PIN authentication we utilize behavioural biometrics in the form of keystroke dynamics. For authentication we require new PIN entries from the actual user to be accepted, while entries from an adversary to be rejected. Hence we strive to capture a user profile as compact as possible, such that false acceptance rates (FAR) are low, while the true acceptance rate (TAR) remains high. We estimate a user profile P by training one-class classification methods on user data U. We compare three one-class classification methods, namely Multivariate Gaussian Estimation (MGE), Support Vector Data Description (SVDD) and k-Minimal Enclosing Ball (k-MEB). We collected PIN data and analysed nine users which entered their PIN correctly at least 50 times. We find all methods outperform dummy classifiers. In most cases, a TAR score of over 0.8 combined with a maximum FAR score of at most 0.1 is achieved after tuning. Therefore, we conclude adding a behavioural biometric check does increase security of PIN authentication substantially.
Files
File under embargo until 31-12-2025