Romain Giot,Mohamad El-Abed,Christophe Rosenberger

DOI: https://doi.org/10.48550/arXiv.0911.3304

IF: 5.414

2009-11-17

Machine Learning

Abstract:We present in this paper a study on the ability and the benefits of using a keystroke dynamics authentication method for collaborative systems. Authentication is a challenging issue in order to guarantee the security of use of collaborative systems during the access control step. Many solutions exist in the state of the art such as the use of one time passwords or smart-cards. We focus in this paper on biometric based solutions that do not necessitate any additional sensor. Keystroke dynamics is an interesting solution as it uses only the keyboard and is invisible for users. Many methods have been published in this field. We make a comparative study of many of them considering the operational constraints of use for collaborative systems.

Robert Cockell,Basel Halak

DOI: https://doi.org/10.48550/arXiv.1909.10841

2019-09-24

Abstract:This paper proposes a portable hardware token for user authentication, it is based on the use of keystroke dynamics to verify users in a bio-metric manner. The proposed approach allows for a multifactor authentication scheme in which users are not allowed access unless they provide the correct password and their unique bio-metric signature. The proposed system is implemented in hardware and its security is evaluated.

Cryptography and Security

Rashik Shadman,Ahmed Anu Wahab,Michael Manno,Matthew Lukaszewski,Daqing Hou,Faraz Hussain

2024-06-23

Abstract:Reliably identifying and verifying subjects remains integral to computer system security. Various novel authentication techniques such as biometric authentication systems have been devised in recent years. This paper surveys keystroke-based authentication systems and their applications. Keystroke dynamics is a behavioral biometric that is emerging as an important tool for cybersecurity as it promises to be non-intrusive and cost-effective. Also, no additional hardware is required, making it convenient to deploy. This survey covers novel keystroke datasets, state-of-the-art keystroke authentication algorithms, keystroke authentication on touch screen and mobile devices, and various prominent applications of such techniques beyond authentication. The paper covers all the significant aspects of keystroke dynamics and can be considered as a reference for future researchers in this domain. The paper includes a discussion of the latest keystroke datasets, providing researchers with up-to-date resources for analysis and experimentation. Additionally, we review the state-of-the-art algorithms adopted within this domain, offering insights into the cutting-edge techniques utilized for keystroke analysis. Moreover, our paper explains the diverse applications of keystroke dynamics, particularly focusing on security, verification and identification uses. Beyond these crucial areas, we mention other additional applications where keystroke dynamics can be applied, broadening the scope of understanding regarding its potential impact across various domains.

Cryptography and Security

Juan Liu,Baochang Zhang,Linlin Shen,Jianzhuang Liu,Jason Zhao

DOI: https://doi.org/10.48550/arxiv.1310.4485

2013-01-01

Abstract:Keystroke Dynamics is an important biometric solution for person authentication. Based upon keystroke dynamics, this paper designs an embedded password protection device, develops an online system, collects two public databases for promoting the research on keystroke authentication, exploits the Gabor filter bank to characterize keystroke dynamics, and provides benchmark results of three popular classification algorithms, one-class support vector machine, Gaussian classifier, and nearest neighbour classifier.

Maro Choi,Shincheol Lee,Minjae Jo,Ji Sun Shin

DOI: https://doi.org/10.3390/s21062242

2021-03-23

Abstract:Authentication methods using personal identification number (PIN) and unlock patterns are widely used in smartphone user authentication. However, these authentication methods are vulnerable to shoulder-surfing attacks, and PIN authentication, in particular, is poor in terms of security because PINs are short in length with just four to six digits. A wide range of research is currently underway to examine various biometric authentication methods, for example, using the user's face, fingerprint, or iris information. However, such authentication methods provide PIN-based authentication as a type of backup authentication to prepare for when the maximum set number of authentication failures is exceeded during the authentication process such that the security of biometric authentication equates to the security of PIN-based authentication. In order to overcome this limitation, research has been conducted on keystroke dynamics-based authentication, where users are classified by analyzing their typing patterns while they are entering their PIN. As a result, a wide range of methods for improving the ability to distinguish the normal user from abnormal ones have been proposed, using the typing patterns captured during the user's PIN input. In this paper, we propose unique keypads that are assigned to and used by only normal users of smartphones to improve the user classification performance capabilities of existing keypads. The proposed keypads are formed by randomly generated numbers based on the Mersenne Twister algorithm. In an attempt to demonstrate the superior classification performance of the proposed unique keypad compared to existing keypads, all tests except for the keypad type were conducted under the same conditions in earlier work, including collection-related features and feature selection methods. Our experimental results show that when the filtering rates are 10%, 20%, 30%, 40%, and 50%, the corresponding equal error rates (EERs) for the proposed keypads are improved by 4.15%, 3.11%, 2.77%, 3.37% and 3.53% on average compared to the classification performance outcomes in earlier work.

Simon Parkinson,Saad Khan,Andrew Crampton,Qing Xu,Weizhi Xie,Na Liu,Kyle Dakin

DOI: https://doi.org/10.1049/bme2.12017

2021-01-25

IET Biometrics

Abstract:Behavioural biometrics have the potential to provide an additional or alternative authentication mechanism to those involving a shared secret (i.e. a password). Keystroke timings are the focus of this study, where key press and release timings are acquired whilst monitoring a user typing a known phrase. Many studies exist in keystroke biometrics, but there is an absence of literature aiming to understand the relationship between characteristics of password policies and the potential of keystroke biometrics. Furthermore, benchmark datasets used in keystroke biometric research do not enable useful insights into the relationship between their capability and password policy. Herein, substitutions of uppercase, numeric, special characters, and their combination of passwords derived from English words are considered. Timings for 42 participants for the same 40 passwords are acquired. A matching system using the Manhattan distance measure with seven different feature sets is implemented, culminating in an Equal Error Rate of between 6% and 11% and accuracy values between 89% and 94%, demonstrating comparable accuracy to other threshold‐based systems. Further analysis suggests that the best feature sets are those containing all timings and trigraph press to press. Evidence also suggests that phrases containing fewer characters have greater accuracy, except for those with special character substitutions.

computer science, artificial intelligence

Joseph Roth,Xiaoming Liu,Arun Ross,Dimitris Metaxas

DOI: https://doi.org/10.1109/icb.2013.6613015

2013-06-01

Abstract:Unlike conventional “one shot” biometric authentication schemes, continuous authentication has a number of advantages, such as longer time for sensing, ability to rectify authentication decisions, and persistent verification of a user's identity, which are critical in applications demanding enhanced security. However, traditional modalities such as face, fingerprint and keystroke dynamics, have various drawbacks in continuous authentication scenarios. In light of this, this paper proposes a novel nonintrusive and privacy-aware biometric modality that utilizes keystroke sound. Given the keystroke sound recorded by a low-cost microphone, our system extracts discriminative features and performs matching between a gallery and a probe sound stream. Motivated by the concept of digraphs used in modeling keystroke dynamics, we learn a virtual alphabet from keystroke sound segments, from which the digraph latency within pairs of virtual letters as well as other statistical features are used to generate match scores. The resultant multiple scores are indicative of the similarities between two sound streams, and are fused to make a final authentication decision. We collect a first-of-its-kind keystroke sound database of 45 subjects typing on a keyboard. Experiments on static text-based authentication, demonstrate the potential as well as limitations of this biometric modality.

Anbiao Huang,Shuo Gao,Junliang Chen,Lijun Xu,Arokia Nathan

DOI: https://doi.org/10.1109/jsen.2020.3001382

IF: 4.3

2020-01-01

IEEE Sensors Journal

Abstract:With the rapid development of electric and information technologies, security issues are becoming a pressing concern. This has given rise to a plethora of authentication techniques, leading among them being the fixed-password method due to its simple mechanism and independence from any specific hardware in the modern smartphone. While fixed-password methods enjoy benefits such as ease of use, potential security issues associated with password leakage cannot be ignored. This article, investigates an alternative strategy based on user keystrokes. Here, the user touch times and force features are extracted from a piezoelectric force touch panel which is an integral part of the hardware. Three broadly adopted machine learning classifiers are used for the collected data set, finally achieving an Equal Error Rate (EER) of 0.720%.

Ahmed Fraz Baig,Sigurd Eskeland

DOI: https://doi.org/10.5220/0011141400003283

2022-09-14

Abstract:Continuous authentication utilizes automatic recognition of certain user features for seamless and passive authentication without requiring user attention. Such features can be divided into categories of physiological biometrics and behavioral biometrics. Keystroke dynamics is proposed for behavioral biometrics-oriented authentication by recognizing users by means of their typing patterns. However, it has been pointed out that continuous authentication using physiological biometrics and behavior biometrics incur privacy risks, revealing personal characteristics and activities. In this paper, we consider a previously proposed keystroke dynamics-based authentication scheme that has no privacy-preserving properties. In this regard, we propose a generic privacy-preserving version of this authentication scheme in which all user features are encrypted -- preventing disclosure of those to the authentication server. Our scheme is generic in the sense that it assumes homomorphic cryptographic primitives. Authentication is conducted on the basis of encrypted data due to the homomorphic cryptographic properties of our protocol.

Cryptography and Security

Yanyan Li,Junshuang Yang,Mengjun Xie,Dylan Carlson,Han Gil Jang,Jiang Bian

DOI: https://doi.org/10.1109/milcom.2015.7357627

2015-01-01

Abstract:Personal identification numbers (PIN) and unlock patterns are highly popular authentication mechanisms on smart mobile devices but they are not sufficiently secure. PIN or pattern mechanisms enhanced by additional, implicit behavioral biometric authentication can offer stronger authentication assurance while preserving usability, therefore becoming very attractive. Individual studies on PIN- and pattern-based behavioral biometric authentication on smartphones were conducted but their results cannot be directly compared. In this work, we present a comparison study on the authentication accuracy between PIN-based and pattern-based behavioral biometric authentication using both smartphone and tablet. We developed a uniform framework for both PIN-based and pattern-based schemes and used two representative methods-Histogram and DTW-for user verification. We recruited 15 users and collected behavioral biometric data for both simple and complex PINs and patterns. Our experimental results show that PIN-based and pattern-based behavioral biometric authentication schemes can achieve about the same level of accuracy but not all verification methods are equal. The Histogram method can achieve more consistent results and handle template aging better than the DTW method based on our results. Our findings are expected to shed light on the exploration and analysis of effective behavioral biometric verification methods and facilitate more comprehensive investigation on behavioral biometric authentication for mobile devices.

Yuanwei Hou,Yu Gu,Weiping Li,Zhi Liu

DOI: https://doi.org/10.1587/transfun.2021eap1119

2022-01-01

IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences

Abstract:The fast evolving credential attacks have been a great security challenge to current password-based information systems. Recently, biometrics factors like facial, iris, or fingerprint that are difficult to forge rise as key elements for designing passwordless authentication. However, capturing and analyzing such factors usually require special devices, hindering their feasibility and practicality. To this end, we present WiASK, a device-free WiFi sensing enabled Authentication System exploring Keystroke dynamics. More specifically, WiASK captures keystrokes of a user typing a pre-defined easy-to-remember string leveraging the existing WiFi infrastructure. But instead of focusing on the string itself which are vulnerable to password attacks, WiASK interprets the way it is typed, i.e., keystroke dynamics, into user identity, based on the biologically validated correlation between them. We prototype WiASK on the low-cost off-the-shelf WiFi devices and verify its performance in three real environments. Empirical results show thatWiASK achieves on average 93.7% authentication accuracy, 2.5% false accept rate, and 5.1% false reject rate.

Zhaohang Chen,Hongming Cai,Lihong Jiang,WenYun Zou,Wendong Zhu,Xiang Fei

DOI: https://doi.org/10.1109/CSCWD49262.2021.9437721

2021-01-01

Abstract:Currently user authentication and identity monitoring are required in various collaborative computer supported systems, such as online assessments and examinations. However, existing authentication methods such as passwords checking are less reliable. In addition, identity monitoring is hard to be realized effectively and efficiently f or a pplications b ased on collaborative architecture. In this paper, we leverage keystroke dynamics to explore biometrics security and propose a user authentication framework based on edge computing architecture to address these issues. To support both static and continuous authentications with high accuracy and efficiency, dynamically improved keystroke profiles, G aussian m odel b ased anomaly detector and keystroke stream processing are designed in the framework. The feasibility and effectiveness of the framework are verified by three representative public data sets and a real-world case study. The results show that the authentication can proceeds efficiently t o e nable a n u ndisturbed a nd s ecure e nvironment for online examinations.

Rasana Manandhar,Shaya Wolf,Mike Borowczak

DOI: https://doi.org/10.48550/arXiv.1903.03132

2019-03-08

Abstract:Emerging technology demands reliable authentication mechanisms, particularly in interconnected systems. Current systems rely on a single moment of authentication, however continuous authentication systems assess a users identity utilizing a constant biometric analysis. Spy Hunter, a continuous authentication mechanism uses keystroke dynamics to validate users over blocks of data. This easily-incorporated periodic biometric authentication system validates genuine users and detects intruders quickly. Because it verifies users in the background, Spy Hunter is not constrained to a password box. Instead, it is flexible and can be layered with other mechanisms to provide high-level security. Where other continuous authentication techniques rely on scripted typing, Spy Hunter validates over free text in authentic environments. This is accomplished in two phases, one where the user is provided a prompt and another where the user is allowed free access to their computer. Additionally, Spy Hunter focuses on the timing of different keystrokes rather than the specific key being pressed. This allows for anonymous data to authenticate users and avoids holding personal data. Utilizing a couple K-fold cross-validation techniques, Spy Hunter is assessed based on how often the system falsely accepts an intruder, how often the system falsely rejects a genuine user, and the time it takes to validate a users identity. Spy Hunter maintains error rates below 6% and identifies users in minimal numbers of keystrokes. Continuous authentication provides higher level security than one-time verification processes and Spy Hunter expands on the possibilities for behavioral analysis based on keystroke dynamics.

Cryptography and Security,Machine Learning

Soumyatattwa Kar,Abhishek Bamotra,Bhavya Duvvuri,Radhika Mohanan

2023-04-08

Abstract:Cyber attacks has always been of a great concern. Websites and services with poor security layers are the most vulnerable to such cyber attacks. The attackers can easily access sensitive data like credit card details and social security number from such vulnerable services. Currently to stop cyber attacks, various different methods are opted from using two-step verification methods like One-Time Password and push notification services to using high-end bio-metric devices like finger print reader and iris scanner are used as security layers. These current security measures carry a lot of cons and the worst is that user always need to carry the authentication device on them to access their data. To overcome this, we are proposing a technique of using keystroke dynamics (typing pattern) of a user to authenticate the genuine user. In the method, we are taking a data set of 51 users typing a password in 8 sessions done on alternate days to record mood fluctuations of the user. Developed and implemented anomaly-detection algorithm based on distance metrics and machine learning algorithms like Artificial Neural networks (ANN) and convolutional neural network (CNN) to classify the users. In ANN, we implemented multi-class classification using 1-D convolution as the data was correlated and multi-class classification with negative class which was used to classify anomaly based on all users put together. We were able to achieve an accuracy of 95.05% using ANN with Negative Class. From the results achieved, we can say that the model works perfectly and can be bought into the market as a security layer and a good alternative to two-step verification using external devices. This technique will enable users to have two-step security layer without worrying about carry an authentication device.

Computer Vision and Pattern Recognition,Cryptography and Security

Yooshin Kim,Namhyeok Kwon,Donghoon Shin

2024-05-03

Abstract:In contemporary mobile user authentication systems, verifying user legitimacy has become paramount due to the widespread use of smartphones. Although fingerprint and facial recognition are widely used for mobile authentication, PIN-based authentication is still employed as a fallback option if biometric authentication fails after multiple attempts. Consequently, the system remains susceptible to attacks targeting the PIN when biometric methods are unsuccessful. In response to these concerns, two-factor authentication has been proposed, albeit with the caveat of increased user effort. To address these challenges, this paper proposes a passive authentication system that utilizes keystroke data, a byproduct of primary authentication methods, for background user authentication. Additionally, we introduce a novel image encoding technique to capture the temporal dynamics of keystroke data, overcoming the performance limitations of deep learning models. Furthermore, we present a methodology for selecting suitable behavioral biometric features for image representation. The resulting images, depicting the user's PIN input patterns, enhance the model's ability to uniquely identify users through the secondary channel with high accuracy. Experimental results demonstrate that the proposed imaging approach surpasses existing methods in terms of information capacity. In self-collected dataset experiments, incorporating features from prior research, our method achieved an Equal Error Rate (EER) of 6.7%, outperforming the existing method's 47.7%. Moreover, our imaging technique attained a True Acceptance Rate (TAR) of 94.4% and a False Acceptance Rate (FAR) of 8% for 17 users.

Cryptography and Security

Najla Alavi,Kasim K

DOI: https://doi.org/10.32628/cseit1953137

2019-05-15

Abstract:Due to the expanding vulnerabilities in cyber forensics, security alone is not sufficient to forestall a rupture; however, cyber security is additionally required to anticipate future assaults or to distinguish the potential aggressor. Keystroke Dynamics has high use in cyber intelligence. The paper examines the helpfulness of keystroke dynamics to build up the individual personality. Three schemes are proposed for recognizing an individual while typing on keyboard. Lib SVM and binary SVM are proposed and their performance are shown. Lib SVM is showing a better performance when comparing with binary SVM. As the number of samples are increased it shows an increase in the accuracy. Pair wise user coupling technique is proposed. The proposed procedures are approved by utilizing keystroke information. In any case, these systems could similarly well be connected to other examples of pattern identification problems. This system is applicable in highly confidential areas like military.

Soumik Mondal,Patrick Bours

DOI: https://doi.org/10.1016/j.neucom.2016.11.031

IF: 6

2017-03-01

Neurocomputing

Abstract:In this paper we focus on a context independent continuous authentication system that reacts on every separate action performed by a user. We contribute with a robust dynamic trust model algorithm that can be applied to any continuous authentication system, irrespective of the biometric modality. We also contribute a novel performance reporting technique for continuous authentication. Our proposed approach was validated with extensive experiments with a unique behavioural biometric dataset. This dataset was collected under complete uncontrolled condition from 53 users by using our data collection software. We considered both keystroke and mouse usage behaviour patterns to prevent a situation where an attacker avoids detection by restricting to one input device because the system only checks the other input device. During our research, we developed a feature selection technique that could be applied to other pattern recognition problems.The best result obtained in this research is that 50 out of 53 genuine users are never inadvertently locked out by the system, while the remaining 3 genuine users (i. e. 5.7%) are sometimes locked out, on average after 2265 actions. Furthermore, there are only 3 out of 2756 impostors not been detected, i.e. only 0.1% of the impostors go undetected. Impostors are detected on average after 252 actions.

computer science, artificial intelligence

朱明,周津,王继康

DOI: https://doi.org/10.3969/j.issn.1000-3428.2002.10.053

2002-01-01

Abstract:Password plays an important part in security management for most computers and networks. How to prevent illegal intrusion due to password stealing is always one open question. A new approach which identifies user by utilizing keystroke features is proposed when user inputs his password. The key pressure and keystroke frequency when user strikes the keyboard to enter his password are used to construct a peculiar keystroke vector representing each user respectively. A new algorithm is put forward to classify positive and negative examples only by a limited positive examples. The related experiment indicates this approach has a good discerning ability.

Arafat Rahman,Muhammad E. H. Chowdhury,Amith Khandakar,Serkan Kiranyaz,Kh Shahriya Zaman,Mamun Bin Ibne Reaz,Mohammad Tariqul Islam,Muhammad Abdul Kadir

DOI: https://doi.org/10.1109/ACCESS.2021.3092840

2021-06-26

Abstract:With the rapid advancement of technology, different biometric user authentication, and identification systems are emerging. Traditional biometric systems like face, fingerprint, and iris recognition, keystroke dynamics, etc. are prone to cyber-attacks and suffer from different disadvantages. Electroencephalography (EEG) based authentication has shown promise in overcoming these limitations. However, EEG-based authentication is less accurate due to signal variability at different psychological and physiological conditions. On the other hand, keystroke dynamics-based identification offers high accuracy but suffers from different spoofing attacks. To overcome these challenges, we propose a novel multimodal biometric system combining EEG and keystroke dynamics. Firstly, a dataset was created by acquiring both keystroke dynamics and EEG signals from 10 users with 500 trials per user at 10 different sessions. Different statistical, time, and frequency domain features were extracted and ranked from the EEG signals and key features were extracted from the keystroke dynamics. Different classifiers were trained, validated, and tested for both individual and combined modalities for two different classification strategies - personalized and generalized. Results show that very high accuracy can be achieved both in generalized and personalized cases for the combination of EEG and keystroke dynamics. The identification and authentication accuracies were found to be 99.80% and 99.68% for Extreme Gradient Boosting (XGBoost) and Random Forest classifiers, respectively which outperform the individual modalities with a significant margin (around 5 percent). We also developed a binary template matching-based algorithm, which gives 93.64% accuracy 6X faster. The proposed method is secured and reliable for any kind of biometric authentication.

Cryptography and Security,Signal Processing

Ying Zhang,Guiran Chang,Lin Liu,Jie Jia

DOI: https://doi.org/10.1109/icgec.2010.148

2010-01-01

Abstract:In this paper, we use statistical methods to establish a keystroke biometrics model to authenticate a user’s identity by predicting the user’s keystroke behavior characteristics. We use HMM for keystroke sequence analysis and time series to compute the state output probability of HMM used in keystroke biometrics model. At the authentication phase, we use modified forward algorithm to compute the users’ typing behavior state. We also collect the users’ keystroke data to establish the authentication model. Then using fixed text analysis and digraph’s keystroke duration time, we implement the authentication mechanism. Extensive experiments have verified the effectiveness of the proposed solutions.