Table 1 More examples of existing Keystroke Dynamics attacks
Publications | Medium | Objective | Evaluation method | Evaluation result |
|---|---|---|---|---|
Malboard [21] | Malicious USB keylogger installed on the victim’s computer keyboard | Steal a victim’s typing behavior via malicious USB keylogger and use them to impersonate the victim on a keystroke dynamics authentication | Evasion Rate (ER) | KeyTrac: ± 90% ER TypingDNA: ± 85% ER DuckHunt: ± 100% ER |
SILK-TV [8] | A video that records physical screen (i.e., ATM and Computer screen) which displays password/pin input | Extract passwords and PINs typing delays and use them to infer the plaintext behind the masked password and PINs | Reduced Search-space | Reduced the password’s search space by 25% to 385% depending on the complexity of the password |
Mimicry [30] | A video that records the victim’s typing activities and their finger movements on a smartphone | Extract a victim’s typing behaviour by observing the fingers’ movements and create an interface for an attacker to mimic the typing behaviour | Evasion Rate (ER) | ± 97% ER for ≤ 3 attack attempts against Touchalytics |
EyeTell [31] | A video that records the victim’s face and gaze while typing their PIN on a touch-screen device | Extract a victim’s keystrokes by capturing and analyzing his eye movements and use them to infer the typed PINs | Reduced Search-space | 4-digit PIN: 74% of the PINs are located in the Top-10 PIN wordlist 6-digit PIN: 80% of the PINs are located in the Top-10 PIN wordlist |