姚琳,范庆娜,孔祥维

DOI: https://doi.org/10.3969/j.issn.1001-3695.2010.01.079

2010-01-01

Abstract:Traditional authorization with a variety of secure and privacy limitations,cannot satisfy the security needs of the internet environment,this paper proposed an identity authentication scheme based on biometric encryption.By adopting the biometric encryption,protected the biometric and key of the user well.The scheme could prevent unauthorized users from accessing and avoid unauthorized use of resources.The experiment results show that the scheme can distinguish the genuine users from imitated users though the face expressions very much.The scheme provided perfect authentication,and secure the communication well.

朱建新,杨小虎

DOI: https://doi.org/10.3969/j.issn.1001-3695.2001.12.004

2001-01-01

Abstract:Network security is an important research area in the application of information system now,How to implement effective access control based on user's identity is very important. This paper briefly introduces the concept and technology of authentication first,and analyze the technology of biometric identification,then points out that fingerprint-based biometric identification in networking environment combining data transfer encrypt is a reliable method for control user's access and protect information system,and describes the design and implementation of fingerprint-based authentication system in networking environment.

Lin Yao,Xiangwei Kong,Guowei Wu,Qingna Fan,Chi Lin

DOI: https://doi.org/10.1007/s11767-008-0089-5

2010-01-01

Abstract:In pervasive computing environments, users can get services anytime and anywhere, but the ubiquity and mobility of the environments bring new security challenges. The user and the service provider do not know each other in advance, they should mutually authenticate each other. The service provider prefers to authenticate the user based on his identity while the user tends to stay anonymous. Privacy and security are two important but seemingly contradictory objectives. As a result, a user prefers not to expose any sensitive information to the service provider such as his physical location, ID and so on when being authenticated. In this paper, a highly flexible mutual authentication and key establishment protocol scheme based on biometric encryption and Diffie-Hellman key exchange to secure interactions between a user and a service provider is proposed. Not only can a user’s anonymous authentication be achieved, but also the public key cryptography operations can be reduced by adopting this scheme. Different access control policies for different services are enabled by using biometric encryption technique. The correctness of the proposed authentication and key establishment protocol is formally verified based on SVO logic.

Jing Tian,Chengzhang Qu,Wenyuan Xu,Song Wang

2013-01-01

Abstract:Password-based authentication is easy to use but its security is bounded by how much a user can remember. Biometrics-based authentication requires no memorization but ‘resetting’ a biometric password may not always be possible. In this paper, we propose a user-friendly authentication system (KinWrite) that allows users to choose arbitrary, short and easy-to-memorize passwords while providing resilience to password cracking and password theft. KinWrite lets users write their passwords in 3D space and captures the handwriting motion using a low cost motion input sensing device—Kinect. The low resolution and noisy data captured by Kinect, combined with low consistency of in-space handwriting, have made it challenging to verify users. To overcome these challenges, we exploit the Dynamic Time Warping (DTW) algorithm to quantify similarities between handwritten passwords. Our experimental results involving 35 signatures from 18 subjects and a brute-force attacker have shown that KinWrite can achieve a 100% precision and a 70% recall (the worst case) for verifying honest users, encouraging us to carry out a much larger scale study towards designing a foolproof system.

Hai-Rong Lv,Wen-Yuan Wang

DOI: https://doi.org/10.1109/tce.2006.1706507

2006-01-01

IEEE Transactions on Consumer Electronics

Abstract:This paper presents a novel biologic verification method based on pressure sensor keyboards and classifier fusion techniques. The pressure sensor keyboard is a new product that occurs in the market recently. It produces a pressure sequence when keystroke occurs. The analysis of the pressure sequence should be a novel research area. In this paper, we use the pressure sequence and traditional keystroke dynamics in user authentication. Three methods (global features of pressure sequences, dynamic time warping, and traditional keystroke dynamics) are proposed for the authentication task. We combined the three methods together using a classifier fusion technique at last. Several experiments were performed on a database containing 5000 samples of 100 individuals and the best result were achieved utilizing all the method, obtaining an equal error rate of 1.41%. To make a comparison, the equal error rate is 2.04% when we use only the traditional keystroke dynamics. This approach can be used to improve the usual login-password authentication when the password is no more a secret

Xin Su,Bingying Wang,Xuewu Zhang,Yupeng Wang,Dongmin Choi

DOI: https://doi.org/10.1002/cpe.4150

2018-01-01

Abstract:Secure mechanisms have been adapted to satisfy the needs of mobile subscribers; however, the mobile environment is quite different from a desktop PC or laptop-based environment. The existing attack patterns in mobile environments are also quite different, and the countermeasures applied should be enhanced. In regards to usability, the mobile environment is based on mobility, and thus, mobile devices are designed and developed to enhance the owner's efficiency. To avoid forgetting passwords, people are willing to adopt simple alphanumeric-character combinations, which are easy to remember and convenient to enter. As a result, the passwords have a high probability of being cracked or exposed. In this paper, we study the potential security problems caused by simple and weak passwords, discuss drawbacks of some conventional works, and propose 3 creative schemes to increase the complexity and strength of passwords by applying the envisioned features. Note that our proposals are based on the assumption that the textual passwords are not difficult for users to remember or enter and do not cause inconvenience to users. In other words, the proposed methods can increase the complexity of simple passwords without the awareness of users.

Juan Liu,Baochang Zhang,Linlin Shen,Jianzhuang Liu,Jason Zhao

DOI: https://doi.org/10.48550/arxiv.1310.4485

2013-01-01

Abstract:Keystroke Dynamics is an important biometric solution for person authentication. Based upon keystroke dynamics, this paper designs an embedded password protection device, develops an online system, collects two public databases for promoting the research on keystroke authentication, exploits the Gabor filter bank to characterize keystroke dynamics, and provides benchmark results of three popular classification algorithms, one-class support vector machine, Gaussian classifier, and nearest neighbour classifier.

Yuanwei Hou,Yu Gu,Weiping Li,Zhi Liu

DOI: https://doi.org/10.1587/transfun.2021eap1119

2022-01-01

IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences

Abstract:The fast evolving credential attacks have been a great security challenge to current password-based information systems. Recently, biometrics factors like facial, iris, or fingerprint that are difficult to forge rise as key elements for designing passwordless authentication. However, capturing and analyzing such factors usually require special devices, hindering their feasibility and practicality. To this end, we present WiASK, a device-free WiFi sensing enabled Authentication System exploring Keystroke dynamics. More specifically, WiASK captures keystrokes of a user typing a pre-defined easy-to-remember string leveraging the existing WiFi infrastructure. But instead of focusing on the string itself which are vulnerable to password attacks, WiASK interprets the way it is typed, i.e., keystroke dynamics, into user identity, based on the biologically validated correlation between them. We prototype WiASK on the low-cost off-the-shelf WiFi devices and verify its performance in three real environments. Empirical results show thatWiASK achieves on average 93.7% authentication accuracy, 2.5% false accept rate, and 5.1% false reject rate.

Simon Parkinson,Saad Khan,Andrew Crampton,Qing Xu,Weizhi Xie,Na Liu,Kyle Dakin

DOI: https://doi.org/10.1049/bme2.12017

2021-01-25

IET Biometrics

Abstract:Behavioural biometrics have the potential to provide an additional or alternative authentication mechanism to those involving a shared secret (i.e. a password). Keystroke timings are the focus of this study, where key press and release timings are acquired whilst monitoring a user typing a known phrase. Many studies exist in keystroke biometrics, but there is an absence of literature aiming to understand the relationship between characteristics of password policies and the potential of keystroke biometrics. Furthermore, benchmark datasets used in keystroke biometric research do not enable useful insights into the relationship between their capability and password policy. Herein, substitutions of uppercase, numeric, special characters, and their combination of passwords derived from English words are considered. Timings for 42 participants for the same 40 passwords are acquired. A matching system using the Manhattan distance measure with seven different feature sets is implemented, culminating in an Equal Error Rate of between 6% and 11% and accuracy values between 89% and 94%, demonstrating comparable accuracy to other threshold‐based systems. Further analysis suggests that the best feature sets are those containing all timings and trigraph press to press. Evidence also suggests that phrases containing fewer characters have greater accuracy, except for those with special character substitutions.

computer science, artificial intelligence

Yu Gu,Yantong Wang,Meng Wang,Zulie Pan,Zhihao Hu,Zhi Liu,Fan Shi,Mianxiong Dong

DOI: https://doi.org/10.1109/tii.2021.3108850

IF: 12.3

2022-04-01

IEEE Transactions on Industrial Informatics

Abstract:User authentication plays a critical role in access control of a man-machine system, where the knowledge factor, such as a personal identification number, constitutes the most widely used authentication element. However, knowledge factors are usually vulnerable to the spoofing attack. Recently, the inheritance factor, such as fingerprints, emerges as an efficient alternative resilient to malicious users, but it normally requires special equipment. To this end, in this article, we propose WiPass, a device-free authentication system only leveraging the pervasive Wi-Fi infrastructure to explore keystroke dynamics (manner and rhythm of keystrokes) captured by the channel state information to recognize legitimate users while rejecting spoofers. However, it remains an open challenge to characterize the behavioral features hidden in the human subtle motions, such as keystrokes. Therefore, we build a signal enhancement model using Ricean distribution to amplify user keystroke dynamics and a hybrid learning model for user authentication, which consists of two parts, i.e., convolutional neural network based feature extraction and support vector machine based classification. The former relies on visualizing the channel responses into time-series images to learn the behavioral features of keystrokes in energy and spectrum domains, whereas the latter exploits such behavioral features for user authentication. We prototype WiPass on the low-cost off-the-shelf Wi-Fi devices and verify its performance. Empirical results show that WiPass achieves on average 92.1% authentication accuracy, 5.9% false accept rate, and 6.3% false reject rate in three real environments.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Juan Liu,Baochang Zhang,Haoran Zeng,Linlin Shen,Jianzhuang Liu,Jason Zhao

DOI: https://doi.org/10.1016/j.neucom.2014.04.044

IF: 6

2014-01-01

Neurocomputing

Abstract:Keystroke dynamics is an important biometric branch for person authentication. Based upon keystroke dynamics, this paper designs an embedded password protection device, develops an online system, collects two public databases for promoting the research on keystroke authentication, exploits transformation methods to characterize keystroke dynamics, and provides benchmark results of several popular classification algorithms, one-class support vector machine, Gaussian classifier, and nearest neighbor classifier.

Ping Wang,Ding Wang,Xinyi Huang

DOI: https://doi.org/10.7544/issn1000-1239.2016.20160483

2016-01-01

Abstract:Identity authentication is the first line of defense for information systems ,and passwords are the most widely used authentication method .Though there are a number of issues in passwords regarding security and usability , and various alternative authentication methods have also been successively proposed , password‐based authentication will remain the dominant method in the foreseeable future due to its simplicity ,low cost and easiness to change .T hus ,this topic has attracted extensive interests from worldwide researchers ,and many important results have been revealed .This work begins with the introduction of users’ vulnerable behaviors and details the password characteristics ,distribution and reuse rate .Next we summarize the primary cracking algorithms that have appeared in the past 30 years , and classify them into groups in terms of the difference in dependence on what information is exploited by the attacker .Then ,we revisit the various statistical‐based evaluation metrics for measuring the strength of password distributions .Further ,we compare the state‐of‐the‐art password strength meters .Finally ,we summarize our results and outline some future research trends .

Anbiao Huang,Shuo Gao,Junliang Chen,Lijun Xu,Arokia Nathan

DOI: https://doi.org/10.1109/jsen.2020.3001382

IF: 4.3

2020-01-01

IEEE Sensors Journal

Abstract:With the rapid development of electric and information technologies, security issues are becoming a pressing concern. This has given rise to a plethora of authentication techniques, leading among them being the fixed-password method due to its simple mechanism and independence from any specific hardware in the modern smartphone. While fixed-password methods enjoy benefits such as ease of use, potential security issues associated with password leakage cannot be ignored. This article, investigates an alternative strategy based on user keystrokes. Here, the user touch times and force features are extracted from a piezoelectric force touch panel which is an integral part of the hardware. Three broadly adopted machine learning classifiers are used for the collected data set, finally achieving an Equal Error Rate (EER) of 0.720%.

Zhangyu Meng,Jun Kong,Juan Li

DOI: https://doi.org/10.1016/j.cose.2021.102187

2021-04-01

Abstract:<p>Due to its invisibility feature, pressure is useful to enhance the security of authentication, especially preventing the shoulder surfing attack. However, users are more familiar with digital passwords than pressure-based passwords. In order to improve the usability of pressure-based authentication, this paper instantiates a pressure-based password (i.e., a sequence of pressures) to a decimal number. In addition, our approach features personalized pressure detection. The personalization further enhances security since an attacker must have a pressure habit that is consistent with the user. We conducted a series of user studies to compare the traditional four-digit password with our pressure-based password. The empirical result indicates that a pressure-based password is more resistant to the shoulder surfing attack than a four-digit password. However, it takes more time to input a pressure-based password on the first-time usage. The slowdown is caused by a modality change from vision to pressure. A field study that lasted for 10 days revealed that the side effect of modality change can be overcome through regular usages.</p>

computer science, information systems

Anastasia Dimaratos,Daniela Pöhn

DOI: https://doi.org/10.5220/0011626100003405

2024-07-23

Abstract:Password authentication is a weak point for security as passwords are easily stolen and a user may ignore the security by using a simple password. Therefore, services increasingly demand a second factor. While this may enhance security, it comes with a lower level of usability and another factor to be forgotten. A smartphone is an important device in daily life. With the growing number of sensors and features in a smartphone, keystroke dynamics may provide an easy-to-use method. In this paper, we introduce requirements for biometric authentication and keystroke dynamics. This results in an evaluation scheme, which is applied to three selected approaches. Based on the comparison, keystroke dynamics and the evaluation scheme are discussed. The obtained results indicate that keystroke dynamics can be used as another authentication method but can be bypassed by stronger adversaries. For further research, a common data set would improve the comparability.

Cryptography and Security

Ying Zhang,Guiran Chang,Lin Liu,Jie Jia

DOI: https://doi.org/10.1109/icgec.2010.148

2010-01-01

Abstract:In this paper, we use statistical methods to establish a keystroke biometrics model to authenticate a user’s identity by predicting the user’s keystroke behavior characteristics. We use HMM for keystroke sequence analysis and time series to compute the state output probability of HMM used in keystroke biometrics model. At the authentication phase, we use modified forward algorithm to compute the users’ typing behavior state. We also collect the users’ keystroke data to establish the authentication model. Then using fixed text analysis and digraph’s keystroke duration time, we implement the authentication mechanism. Extensive experiments have verified the effectiveness of the proposed solutions.

Bin YI,Xiao-qin HU

DOI: https://doi.org/10.3969/j.issn.1007-1423(p).2015.02.004

2015-01-01

Abstract:Biological keystroke is an identity authentication technology based on people's behavior characteristics. Under the background of naive Bayesian classification theory, proposes an improved weighted Bayesian method. Experimental results show that the error rate after weight-ed is greatly reduced compared to naive Bayesian method, false rejection rate and false pass rate are 2.5%and 1.4%respectively.

Zhaohang Chen,Hongming Cai,Lihong Jiang,WenYun Zou,Wendong Zhu,Xiang Fei

DOI: https://doi.org/10.1109/CSCWD49262.2021.9437721

2021-01-01

Abstract:Currently user authentication and identity monitoring are required in various collaborative computer supported systems, such as online assessments and examinations. However, existing authentication methods such as passwords checking are less reliable. In addition, identity monitoring is hard to be realized effectively and efficiently f or a pplications b ased on collaborative architecture. In this paper, we leverage keystroke dynamics to explore biometrics security and propose a user authentication framework based on edge computing architecture to address these issues. To support both static and continuous authentications with high accuracy and efficiency, dynamically improved keystroke profiles, G aussian m odel b ased anomaly detector and keystroke stream processing are designed in the framework. The feasibility and effectiveness of the framework are verified by three representative public data sets and a real-world case study. The results show that the authentication can proceeds efficiently t o e nable a n u ndisturbed a nd s ecure e nvironment for online examinations.

Robert Cockell,Basel Halak

DOI: https://doi.org/10.48550/arXiv.1909.10841

2019-09-24

Abstract:This paper proposes a portable hardware token for user authentication, it is based on the use of keystroke dynamics to verify users in a bio-metric manner. The proposed approach allows for a multifactor authentication scheme in which users are not allowed access unless they provide the correct password and their unique bio-metric signature. The proposed system is implemented in hardware and its security is evaluated.

Cryptography and Security

高艳,管晓宏,孙国基,冯力

DOI: https://doi.org/10.3321/j.issn:0254-4164.2004.03.017

2004-01-01

Chinese Journal of Computers

Abstract:This paper presents an intrusion detection method based on the information obtained from real time key sequences. By analyzing the keystroke characteristics and algorithms for keystroke identification with a large numbers of experiments,a weighted Bayesian method using stroke sequences of particular keys as data source is developed. The keystroke models of normal users are established first and then applied to match the keystroke sequences of all users in real time to determine if intrusion taking place. This method can not only perform user authentication beyond login names and passwords, but also constantly monitor the dynamic behaviors of users’ keystroke processes to prevent abusive usage of a particular account of the false users. The paper also discusses the key issues of system implementation and presents the detection results from a real system. Experiments on 1912 login keystroke sequences of 15 users show that the weighted Bayesian method can achieve a false negative ratio of 0.58% and a false positive ratio of 1.64% for user verification, in comparison with the traditional Bayesian method with the about ratios of 2.90% and 6.38%,respectively.The experiments are also performed to test the capability for monitoring the dynamic behaviors of users’ keystroke processes.The results for 1147 keystroke sequences of the same 15 users show that authors’ method is better with the false negative ratios of 2.61% and false positive 5.73% in comparison with 3.77% and 7.36% for traditional Bayesian method.