{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,13]],"date-time":"2026-01-13T22:14:02Z","timestamp":1768342442074,"version":"3.49.0"},"reference-count":28,"publisher":"Association for Computing Machinery (ACM)","issue":"4","license":[{"start":{"date-parts":[[2017,5,6]],"date-time":"2017-05-06T00:00:00Z","timestamp":1494028800000},"content-version":"vor","delay-in-days":365,"URL":"http:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000185","name":"Defense Advanced Research Projects Agency","doi-asserted-by":"publisher","award":["FA8750-13-2-0274"],"award-info":[{"award-number":["FA8750-13-2-0274"]}],"id":[{"id":"10.13039\/100000185","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["1527795"],"award-info":[{"award-number":["1527795"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Inf. Syst. Secur."],"published-print":{"date-parts":[[2016,5,6]]},"abstract":"<jats:p>Despite the tremendous amount of research fronting the use of touch gestures as a mechanism of continuous authentication on smart phones, very little research has been conducted to evaluate how these systems could behave if attacked by sophisticated adversaries. In this article, we present two Lego-driven robotic attacks on touch-based authentication: a population statistics--driven attack and a user-tailored attack. The population statistics--driven attack is based on patterns gleaned from a large population of users, whereas the user-tailored attack is launched based on samples stolen from the victim. Both attacks are launched by a Lego robot that is trained on how to swipe on the touch screen. Using seven verification algorithms and a large dataset of users, we show that the attacks cause the system\u2019s mean false acceptance rate (FAR) to increase by up to fivefold relative to the mean FAR seen under the standard zero-effort impostor attack. The article demonstrates the threat that robots pose to touch-based authentication and provides compelling evidence as to why the zero-effort attack should cease to be used as the benchmark for touch-based authentication systems.<\/jats:p>","DOI":"10.1145\/2898353","type":"journal-article","created":{"date-parts":[[2016,5,6]],"date-time":"2016-05-06T08:59:12Z","timestamp":1462525152000},"page":"1-25","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":23,"title":["Toward Robotic Robbery on the Touch Screen"],"prefix":"10.1145","volume":"18","author":[{"given":"Abdul","family":"Serwadda","sequence":"first","affiliation":[{"name":"Texas Tech University, TX"}]},{"given":"Vir V.","family":"Phoha","sequence":"additional","affiliation":[{"name":"Syracuse University, NY"}]},{"given":"Zibo","family":"Wang","sequence":"additional","affiliation":[{"name":"Louisiana Tech University, Ruston, LA"}]},{"given":"Rajesh","family":"Kumar","sequence":"additional","affiliation":[{"name":"Syracuse University, NY"}]},{"given":"Diksha","family":"Shukla","sequence":"additional","affiliation":[{"name":"Syracuse University, NY"}]}],"member":"320","published-online":{"date-parts":[[2016,5,6]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/2208516.2208544"},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.5555\/1925004.1925009"},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455801"},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSMCB.2007.903539"},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.5555\/1267336.1267339"},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICPR.2000.906204"},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1023\/A:1010933404324"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1023\/A:1022627411411"},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIT.1967.1053964"},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","unstructured":"R. Duda P. Hart and D. Stork. 2002. Pattern Classification (2nd ed.). John Wiley & Sons.","DOI":"10.5555\/954544"},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/THS.2012.6459891"},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2012.2225048"},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1080\/01621459.1976.10481562"},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/BTAS.2013.6712742"},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2013.2244091"},{"key":"e_1_2_1_16_1","volume-title":"Proceedings of the 39th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN\u201909)","author":"Kevin","unstructured":"Kevin S. Killourhy and Roy A. Maxion. 2009. Comparing anomaly-detection algorithms for keystroke dynamics. In Proceedings of the 39th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN\u201909). 125--134."},{"key":"e_1_2_1_17_1","volume-title":"Proceedings of the 20th Network and Distributed System Security Symposium (NDSS\u201913)","author":"Li Lingjun","year":"2013","unstructured":"Lingjun Li, Xinxin Zhao, and Guoliang Xue. 2013. Unobservable reauthentication for smart phones. In Proceedings of the 20th Network and Distributed System Security Symposium (NDSS\u201913)."},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1080\/00098650109599193"},{"key":"e_1_2_1_19_1","volume-title":"Proceedings of the 20th Annual Network and Distributed System Security Symposium (NDSS\u201913)","author":"Meng Tey Chee","year":"2013","unstructured":"Tey Chee Meng, Payas Gupta, and Debin Gao. 2013. I can be you: Questioning the use of keystroke dynamics as a biometric. In Proceedings of the 20th Annual Network and Distributed System Security Symposium (NDSS\u201913)."},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/2162081.2162095"},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/2516960"},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516659"},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/BTAS.2013.6712758"},{"key":"e_1_2_1_24_1","volume-title":"Jain","author":"Uludag Umut","year":"2004","unstructured":"Umut Uludag and Anil K. Jain. 2004. Attacks on biometric systems: A case study in fingerprints. In Proceedings of SPIE5306: Security, Steganography, and Watermarking of Multimedia Contents VI. 622--633."},{"key":"e_1_2_1_25_1","volume-title":"Timeless Toys: Classic Toys and the Playmakers Who Created Them","author":"Walsh Tim","year":"2005","unstructured":"Tim Walsh. 2005. Timeless Toys: Classic Toys and the Playmakers Who Created Them. McMeel Publishing."},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/BTAS.2012.6374591"},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.5555\/1205860"},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/BTAS.2013.6712747"}],"container-title":["ACM Transactions on Information and System Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2898353","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2898353","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2898353","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T09:16:09Z","timestamp":1763457369000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2898353"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016,5,6]]},"references-count":28,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2016,5,6]]}},"alternative-id":["10.1145\/2898353"],"URL":"https:\/\/doi.org\/10.1145\/2898353","relation":{},"ISSN":["1094-9224","1557-7406"],"issn-type":[{"value":"1094-9224","type":"print"},{"value":"1557-7406","type":"electronic"}],"subject":[],"published":{"date-parts":[[2016,5,6]]},"assertion":[{"value":"2015-03-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2016-02-01","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2016-05-06","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}