Li Lü,Jiadi Yu,Yingying Chen,Yan Wang

DOI: https://doi.org/10.1145/3397320

2020-01-01

Proceedings of the ACM on Interactive Mobile Wearable and Ubiquitous Technologies

Abstract:Recent years have witnessed the surge of biometric-based user authentication for mobile devices due to its promising security and convenience. As a natural and widely-existed behavior, human speaking has been exploited for user authentication. Existing voice-based user authentication explores the unique characteristics from either the voiceprint or mouth movements, which is vulnerable to replay attacks and mimic attacks. During speaking, the vocal tract, including the static shape and dynamic movements, also exhibits the individual uniqueness, and they are hardly eavesdropped and imitated by adversaries. Hence, our work aims to employ the individual uniqueness of vocal tract to realize user authentication on mobile devices. Moreover, most voice-based user authentications are passphrase-dependent, which significantly degrade the user experience. Thus, such user authentications are pressed to be implemented in a passphrase-independent manner while being able to resist various attacks. In this paper, we propose a user authentication system, VocalLock, which senses the whole vocal tract during speaking to identify different individuals in a passphrase-independent manner on smartphones leveraging acoustic signals. VocalLock first utilizes FMCW on acoustic signals to characterize both the static shape and dynamic movements of the vocal tract during speaking, and then constructs a passphrase-independent user authentication model based on the unique characteristics of vocal tract through GMM-UBM. The proposed VocalLock can resist various spoofing attacks, while achieving a satisfactory user experience. Extensive experiments in real environments demonstrate VocalLock can accurately authenticate user identity in a passphrase-independent manner and successfully resist various attacks.

Jing Tian,Chengzhang Qu,Wenyuan Xu,Song Wang

2013-01-01

Abstract:Password-based authentication is easy to use but its security is bounded by how much a user can remember. Biometrics-based authentication requires no memorization but ‘resetting’ a biometric password may not always be possible. In this paper, we propose a user-friendly authentication system (KinWrite) that allows users to choose arbitrary, short and easy-to-memorize passwords while providing resilience to password cracking and password theft. KinWrite lets users write their passwords in 3D space and captures the handwriting motion using a low cost motion input sensing device—Kinect. The low resolution and noisy data captured by Kinect, combined with low consistency of in-space handwriting, have made it challenging to verify users. To overcome these challenges, we exploit the Dynamic Time Warping (DTW) algorithm to quantify similarities between handwritten passwords. Our experimental results involving 35 signatures from 18 subjects and a brute-force attacker have shown that KinWrite can achieve a 100% precision and a 70% recall (the worst case) for verifying honest users, encouraging us to carry out a much larger scale study towards designing a foolproof system.

Qianqian Zhou,Yanni Yang,Feng Hong,Yuan Feng,Zhongwen Guo

DOI: https://doi.org/10.1109/msn.2016.082

2016-01-01

Abstract:This paper combines keystroke dynamics features with recently proposed keystroke acoustic features for user identification and authentication. Traditional keystroke dynamics uses temporal features. This paper explores the discriminative capability of the fusion of temporal features and acoustic features. This paper also explores the influence of filtering keystroke sound which turns out to be harmful for the performance of keystroke acoustic features. We collected a total of 824 samples from 7 subjects for experiments. 46 features including 38 acoustic features are extracted for the proposed user identification and authentication system. C-Support Vector Classification (C-SVC) and one-class Support Vector Machine (1-SVM) are applied for user identification and authentication respectively. Extensive experiments are carried out to verify the proposed system. Our work achieves 92.8% accuracy for user identification. The FRR (False Rejection Rate) and FAR (False Acceptance Rate) are only 12% and 11% for user authentication.

Li Lu,Jiadi Yu,Yingying Chen,Hongbo Liu,Yanmin Zhu,Linghe Kong,Minglu Li

DOI: https://doi.org/10.1109/tnet.2019.2891733

2019-01-01

IEEE/ACM Transactions on Networking

Abstract:To prevent users’ privacy from leakage, more and more mobile devices employ biometric-based authentication approaches, such as fingerprint, face recognition, voiceprint authentications, and so on, to enhance the privacy protection. However, these approaches are vulnerable to replay attacks. Although the state-of-art solutions utilize liveness verification to combat the attacks, existing approaches are sensitive to ambient environments, such as ambient lights and surrounding audible noises. Toward this end, we explore liveness verification of user authentication leveraging users’ mouth movements, which are robust to noisy environments. In this paper, we propose a lip reading-based user authentication system, LipPass, which extracts unique behavioral characteristics of users’ speaking mouths through acoustic sensing on smartphones for user authentication. We first investigate Doppler profiles of acoustic signals caused by users’ speaking mouths and find that there are unique mouth movement patterns for different individuals. To characterize the mouth movements, we propose a deep learning-based method to extract efficient features from Doppler profiles and employ softmax function, support vector machine, and support vector domain description to construct multi-class identifier, binary classifiers, and spoofer detectors for mouth state identification, user identification, and spoofer detection, respectively. Afterward, we develop a balanced binary tree-based authentication approach to accurately identify each individual leveraging these binary classifiers and spoofer detectors with respect to registered users. Through extensive experiments involving 48 volunteers in four real environments, LipPass can achieve 90.2% accuracy in user identification and 93.1% accuracy in spoofer detection.

Li Lu,Jiadi Yu,Yingying Chen,Hongbo Liu,Yanmin Zhu,Yunfei Liu,Minglu Li

DOI: https://doi.org/10.1109/infocom.2018.8486283

2018-01-01

Abstract:To prevent users' privacy from leakage, more and more mobile devices employ biometric-based authentication approaches, such as fingerprint, face recognition, voiceprint authentications, etc., to enhance the privacy protection. However, these approaches are vulnerable to replay attacks. Although state-of-art solutions utilize liveness verification to combat the attacks, existing approaches are sensitive to ambient environments, such as ambient lights and surrounding audible noises. Towards this end, we explore liveness verification of user authentication leveraging users' lip movements, which are robust to noisy environments. In this paper, we propose a lip reading-based user authentication system, LipPass, which extracts unique behavioral characteristics of users' speaking lips leveraging build-in audio devices on smartphones for user authentication. We first investigate Doppler profiles of acoustic signals caused by users' speaking lips, and find that there are unique lip movement patterns for different individuals. To characterize the lip movements, we propose a deep learning-based method to extract efficient features from Doppler profiles, and employ Support Vector Machine and Support Vector Domain Description to construct binary classifiers and spoofer detectors for user identification and spoofer detection, respectively. Afterwards, we develop a binary tree-based authentication approach to accurately identify each individual leveraging these binary classifiers and spoofer detectors with respect to registered users. Through extensive experiments involving 48 volunteers in four real environments, LipPass can achieve 90.21% accuracy in user identification and 93.1% accuracy in spoofer detection.

Ying Zhang,Guiran Chang,Lin Liu,Jie Jia

DOI: https://doi.org/10.1109/icgec.2010.148

2010-01-01

Abstract:In this paper, we use statistical methods to establish a keystroke biometrics model to authenticate a user’s identity by predicting the user’s keystroke behavior characteristics. We use HMM for keystroke sequence analysis and time series to compute the state output probability of HMM used in keystroke biometrics model. At the authentication phase, we use modified forward algorithm to compute the users’ typing behavior state. We also collect the users’ keystroke data to establish the authentication model. Then using fixed text analysis and digraph’s keystroke duration time, we implement the authentication mechanism. Extensive experiments have verified the effectiveness of the proposed solutions.

Romain Giot,Mohamad El-Abed,Christophe Rosenberger

DOI: https://doi.org/10.48550/arXiv.0911.3304

IF: 5.414

2009-11-17

Machine Learning

Abstract:We present in this paper a study on the ability and the benefits of using a keystroke dynamics authentication method for collaborative systems. Authentication is a challenging issue in order to guarantee the security of use of collaborative systems during the access control step. Many solutions exist in the state of the art such as the use of one time passwords or smart-cards. We focus in this paper on biometric based solutions that do not necessitate any additional sensor. Keystroke dynamics is an interesting solution as it uses only the keyboard and is invisible for users. Many methods have been published in this field. We make a comparative study of many of them considering the operational constraints of use for collaborative systems.

Robert Cockell,Basel Halak

DOI: https://doi.org/10.48550/arXiv.1909.10841

2019-09-24

Abstract:This paper proposes a portable hardware token for user authentication, it is based on the use of keystroke dynamics to verify users in a bio-metric manner. The proposed approach allows for a multifactor authentication scheme in which users are not allowed access unless they provide the correct password and their unique bio-metric signature. The proposed system is implemented in hardware and its security is evaluated.

Cryptography and Security

Soumik Mondal,Patrick Bours

DOI: https://doi.org/10.1016/j.neucom.2016.11.031

IF: 6

2017-03-01

Neurocomputing

Abstract:In this paper we focus on a context independent continuous authentication system that reacts on every separate action performed by a user. We contribute with a robust dynamic trust model algorithm that can be applied to any continuous authentication system, irrespective of the biometric modality. We also contribute a novel performance reporting technique for continuous authentication. Our proposed approach was validated with extensive experiments with a unique behavioural biometric dataset. This dataset was collected under complete uncontrolled condition from 53 users by using our data collection software. We considered both keystroke and mouse usage behaviour patterns to prevent a situation where an attacker avoids detection by restricting to one input device because the system only checks the other input device. During our research, we developed a feature selection technique that could be applied to other pattern recognition problems.The best result obtained in this research is that 50 out of 53 genuine users are never inadvertently locked out by the system, while the remaining 3 genuine users (i. e. 5.7%) are sometimes locked out, on average after 2265 actions. Furthermore, there are only 3 out of 2756 impostors not been detected, i.e. only 0.1% of the impostors go undetected. Impostors are detected on average after 252 actions.

computer science, artificial intelligence

Rashik Shadman,Ahmed Anu Wahab,Michael Manno,Matthew Lukaszewski,Daqing Hou,Faraz Hussain

2024-06-23

Abstract:Reliably identifying and verifying subjects remains integral to computer system security. Various novel authentication techniques such as biometric authentication systems have been devised in recent years. This paper surveys keystroke-based authentication systems and their applications. Keystroke dynamics is a behavioral biometric that is emerging as an important tool for cybersecurity as it promises to be non-intrusive and cost-effective. Also, no additional hardware is required, making it convenient to deploy. This survey covers novel keystroke datasets, state-of-the-art keystroke authentication algorithms, keystroke authentication on touch screen and mobile devices, and various prominent applications of such techniques beyond authentication. The paper covers all the significant aspects of keystroke dynamics and can be considered as a reference for future researchers in this domain. The paper includes a discussion of the latest keystroke datasets, providing researchers with up-to-date resources for analysis and experimentation. Additionally, we review the state-of-the-art algorithms adopted within this domain, offering insights into the cutting-edge techniques utilized for keystroke analysis. Moreover, our paper explains the diverse applications of keystroke dynamics, particularly focusing on security, verification and identification uses. Beyond these crucial areas, we mention other additional applications where keystroke dynamics can be applied, broadening the scope of understanding regarding its potential impact across various domains.

Cryptography and Security

Borui Li,Han Sun,Yang Gao,Vir V. Phoha,Zhanpeng Jin

DOI: https://doi.org/10.1109/WIFS.2017.8267642

2017-01-01

Abstract:Free-text keystroke is a form of behavioral biometrics which has great potential for addressing the security limitations of conventional one-time authentication by continuously monitoring the user's typing behaviors. This paper presents a new, enhanced continuous authentication approach by incorporating the dynamics of both keystrokes and wrist motions. Based upon two sets of features (free-text keystroke latency features and statistical wrist motion patterns extracted from the wrist-worn smartwatches), two one-vs-all Random Forest Ensemble Classifiers (RFECs) are constructed and trained respectively. A Dynamic Trust Model (DTM) is then developed to fuse the two classifiers' decisions and realize non-time-blocked real-time authentication. In the free-text typing experiments involving 25 human subjects, an imposter/intruder can be detected within no more than one sentence (average 56 keystrokes) with an FRR of 1.82% and an FAR of 1.94%. Compared with the scheme relying on only keystroke latency which has an FRR of 4.66%, an FAR of 17.92% and the required number of keystroke of 162, the proposed authentication system shows significant improvements in terms of accuracy, efficiency, and usability.

Anastasia Dimaratos,Daniela Pöhn

DOI: https://doi.org/10.5220/0011626100003405

2024-07-23

Abstract:Password authentication is a weak point for security as passwords are easily stolen and a user may ignore the security by using a simple password. Therefore, services increasingly demand a second factor. While this may enhance security, it comes with a lower level of usability and another factor to be forgotten. A smartphone is an important device in daily life. With the growing number of sensors and features in a smartphone, keystroke dynamics may provide an easy-to-use method. In this paper, we introduce requirements for biometric authentication and keystroke dynamics. This results in an evaluation scheme, which is applied to three selected approaches. Based on the comparison, keystroke dynamics and the evaluation scheme are discussed. The obtained results indicate that keystroke dynamics can be used as another authentication method but can be bypassed by stronger adversaries. For further research, a common data set would improve the comparability.

Cryptography and Security

Juan Liu,Baochang Zhang,Linlin Shen,Jianzhuang Liu,Jason Zhao

DOI: https://doi.org/10.48550/arxiv.1310.4485

2013-01-01

Abstract:Keystroke Dynamics is an important biometric solution for person authentication. Based upon keystroke dynamics, this paper designs an embedded password protection device, develops an online system, collects two public databases for promoting the research on keystroke authentication, exploits the Gabor filter bank to characterize keystroke dynamics, and provides benchmark results of three popular classification algorithms, one-class support vector machine, Gaussian classifier, and nearest neighbour classifier.

Simon Parkinson,Saad Khan,Andrew Crampton,Qing Xu,Weizhi Xie,Na Liu,Kyle Dakin

DOI: https://doi.org/10.1049/bme2.12017

2021-01-25

IET Biometrics

Abstract:Behavioural biometrics have the potential to provide an additional or alternative authentication mechanism to those involving a shared secret (i.e. a password). Keystroke timings are the focus of this study, where key press and release timings are acquired whilst monitoring a user typing a known phrase. Many studies exist in keystroke biometrics, but there is an absence of literature aiming to understand the relationship between characteristics of password policies and the potential of keystroke biometrics. Furthermore, benchmark datasets used in keystroke biometric research do not enable useful insights into the relationship between their capability and password policy. Herein, substitutions of uppercase, numeric, special characters, and their combination of passwords derived from English words are considered. Timings for 42 participants for the same 40 passwords are acquired. A matching system using the Manhattan distance measure with seven different feature sets is implemented, culminating in an Equal Error Rate of between 6% and 11% and accuracy values between 89% and 94%, demonstrating comparable accuracy to other threshold‐based systems. Further analysis suggests that the best feature sets are those containing all timings and trigraph press to press. Evidence also suggests that phrases containing fewer characters have greater accuracy, except for those with special character substitutions.

computer science, artificial intelligence

Joseph Roth,Xiaoming Liu,Dimitris Metaxas

DOI: https://doi.org/10.1109/TIP.2014.2348802

Abstract:We hypothesize that an individual computer user has a unique and consistent habitual pattern of hand movements, independent of the text, while typing on a keyboard. As a result, this paper proposes a novel biometric modality named typing behavior (TB) for continuous user authentication. Given a webcam pointing toward a keyboard, we develop real-time computer vision algorithms to automatically extract hand movement patterns from the video stream. Unlike the typical continuous biometrics, such as keystroke dynamics (KD), TB provides a reliable authentication with a short delay, while avoiding explicit key-logging. We collect a video database where 63 unique subjects type static text and free text for multiple sessions. For one typing video, the hands are segmented in each frame and a unique descriptor is extracted based on the shape and position of hands, as well as their temporal dynamics in the video sequence. We propose a novel approach, named bag of multi-dimensional phrases, to match the cross-feature and cross-temporal pattern between a gallery sequence and probe sequence. The experimental results demonstrate a superior performance of TB when compared with KD, which, together with our ultrareal-time demo system, warrant further investigation of this novel vision application and biometric modality.

Chenhao Lin,Jingyi He,Chao Shen,Qi Li,Qian Wang

DOI: https://doi.org/10.1109/tdsc.2022.3179603

2022-01-01

Abstract:Behavioral biometrics has been widely investigated and deployed in real world scenarios for human authentication. However, there has been almost nil attempt to identify behavior patterns in a cross-scenario setting, which is common in practice and needs urgent attention. This paper defines and investigates cross-scenario behavioral biometrics authentication using keystroke dynamics. A novel system called CrossBehaAuth is presented for extending keystroke dynamics-based behavior authentication to new scenarios and extensive problems. We design a temporal-aware learning mechanism based deep neural network for cross-scenario keystroke dynamics authentication. This mechanism selectively learns and encodes temporal information for efficient behavioral pattern transfer in cross-scenario settings. A local Gaussian data augmentation approach is proposed to increase the diversity of behavioral data and therefore, further improve the performance. We evaluate the proposed approach on two publicly available datasets. The extensive experimental results confirm the efficacy of our CrossBehaAuth for cross-scenario keystroke dynamics authentication. Our approach significantly improves the authentication accuracy in cross-scenario settings and even achieves comparable performance on single-scenario authentication tasks. In addition, our approach shows its generalizability and advantages in both single and cross scenario keystroke dynamics authentication.

Matúš Pleva,Patrick Bours,Stanislav Ondáš,Jozef Juhár

DOI: https://doi.org/10.1007/s11042-017-4571-7

IF: 2.577

2017-03-29

Multimedia Tools and Applications

Abstract:In this paper we investigate the capacity of sound & timing information during typing of a password for the user identification and authentication task. The novelty of this paper lies in the comparison of performance between improved timing-based and audio-based keystroke dynamics analysis and the fusion for the keystroke authentication. We collected data of 50 people typing the same given password 100 times, divided into 4 sessions of 25 typings and tested how well the system could recognize the correct typist. Using fusion of timing (9.73%) and audio calibration scores (8.99%) described in the paper we achieved 4.65% EER (Equal Error Rate) for the authentication task. The results show the potential of using Audio Keystroke Dynamics information as a way to authenticate or identify users during log-on.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Hai-Rong Lv,Wen-Yuan Wang

DOI: https://doi.org/10.1109/tce.2006.1706507

2006-01-01

IEEE Transactions on Consumer Electronics

Abstract:This paper presents a novel biologic verification method based on pressure sensor keyboards and classifier fusion techniques. The pressure sensor keyboard is a new product that occurs in the market recently. It produces a pressure sequence when keystroke occurs. The analysis of the pressure sequence should be a novel research area. In this paper, we use the pressure sequence and traditional keystroke dynamics in user authentication. Three methods (global features of pressure sequences, dynamic time warping, and traditional keystroke dynamics) are proposed for the authentication task. We combined the three methods together using a classifier fusion technique at last. Several experiments were performed on a database containing 5000 samples of 100 individuals and the best result were achieved utilizing all the method, obtaining an equal error rate of 1.41%. To make a comparison, the equal error rate is 2.04% when we use only the traditional keystroke dynamics. This approach can be used to improve the usual login-password authentication when the password is no more a secret

Amith K. Belman,Tirthankar Paul,Li Wang,S. S. Iyengar,Pawel Sniatala,Zhanpeng Jin,Vir V. Phoha,Seppo Vainio,Juha Roning

DOI: https://doi.org/10.1109/aisp48273.2020.9073125

2020-01-01

Abstract:Expressing Keystroke Dynamics (KD) in form of sound opens new avenues to apply sound analysis techniques on KD. However this mapping is not straight-forward as varied feature space, differences in magnitudes of features and human interpretability of the music bring in complexities. We present a musical interface to KD by mapping keystroke features to music features. Music elements like melody, harmony, rhythm, pitch and tempo are varied with respect to the magnitude of their corresponding keystroke features. A pitch embedding technique makes the music discernible among users. Using the data from 30 users, who typed fixed strings multiple times on a desktop, shows that these auditory signals are distinguishable between users by both standard classifiers (SVM, Random Forests and Naive Bayes) and humans alike.

Ahmed Fraz Baig,Sigurd Eskeland

DOI: https://doi.org/10.5220/0011141400003283

2022-09-14

Abstract:Continuous authentication utilizes automatic recognition of certain user features for seamless and passive authentication without requiring user attention. Such features can be divided into categories of physiological biometrics and behavioral biometrics. Keystroke dynamics is proposed for behavioral biometrics-oriented authentication by recognizing users by means of their typing patterns. However, it has been pointed out that continuous authentication using physiological biometrics and behavior biometrics incur privacy risks, revealing personal characteristics and activities. In this paper, we consider a previously proposed keystroke dynamics-based authentication scheme that has no privacy-preserving properties. In this regard, we propose a generic privacy-preserving version of this authentication scheme in which all user features are encrypted -- preventing disclosure of those to the authentication server. Our scheme is generic in the sense that it assumes homomorphic cryptographic primitives. Authentication is conducted on the basis of encrypted data due to the homomorphic cryptographic properties of our protocol.

Cryptography and Security