Combined scaled manhattan distance and mean of horner’s rules for keystroke dynamic authentication

Account security was determined by how well the security techniques applied by the system were used. There had been many security methods that guaranteed the security of their accounts, one of which was Keystroke Dynamic Authentication. Keystroke Dynamic Authentication was an authentication technique that utilized the typing habits of a person as a security measurement tool for the user account. From several research, the average use in the Keystroke Dynamic Authentication classification is not suitable, because a user's typing speed will change over time, maybe faster or slower depending on certain conditions. So, in this research, we proposed a combination of the Scaled Manhattan Distance method and the Mean of Horner's Rules as a classification method between the user and attacker against the Keystroke Dynamic Authentication. The reason for using Mean of Horner’s Rules can adapt to changes in values over time and based on the results can improve the accuracy of the previous method

A survey on touch dynamics authentication in mobile devices

© 2016 Elsevier Ltd. All rights reserved. There have been research activities in the area of keystroke dynamics biometrics on physical keyboards (desktop computers or conventional mobile phones) undertaken in the past three decades. However, in terms of touch dynamics biometrics on virtual keyboards (modern touchscreen mobile devices), there has been little published work. Particularly, there is a lack of an extensive survey and evaluation of the methodologies adopted in the area. Owing to the widespread use of touchscreen mobile devices, it is necessary for us to examine the techniques and their effectiveness in the domain of touch dynamics biometrics. The aim of this paper is to provide some insights and comparative analysis of the current state of the art in the topic area, including data acquisition protocols, feature data representations, decision making techniques, as well as experimental settings and evaluations. With such a survey, we can gain a better understanding of the current state of the art, thus identifying challenging issues and knowledge gaps for further research

Keystroke Dynamics Analysis to Enhance Password Security of Mobile Banking Applications

Nowadays, there are many cases where users’ personal accounts get hacked using their own password. The factors for such cases can vary depending on password strength and obvious passwords which are similar to the user’s details such as usernames and emails. For that, there are new ways of preventing such incidents to happen and to strengthen the security of the accounts. This paper studies the usage of keystroke analysis to enhance password security which includes biometrics and typing patterns. This paper will also discuss the previous researches regarding this method on many platforms including touch screen devices. After that, this paper will look deeply into the implementation process of this technique followed by a detailed experiments and analysis. using keystroke dynamics analysis to enhance password security on mobile devices proved to have a great chance of success and how it can affect the everyday users of banking applications

Sensing Your Touch: Strengthen User Authentication via Touch Dynamic Biometrics

© 2019 IEEE. Mobile devices are increasingly used to store private and sensitive data, and this has led to an increased demand for more secure and usable authentication services. Currently, mobile device authentication services mainly use a knowledge-based method, e.g. a PIN-based authentication method, and, in some cases, a fingerprint-based authentication method is also supported. The knowledge-based method is vulnerable to impersonation attacks, while the fingerprint-based method can be unreliable sometimes. To make the authentication service more secure and reliable for mobile device users, this paper describes our efforts in investigating the benefits of integrating a touch dynamics authentication method into a PIN-based authentication method. It describes the design, implementation and evaluation of this method. Experimental results show that this approach can significantly reduce the success rate of impersonation attempts; in the case of a 4-digit PIN, the success rate is reduced from 100% (if only the PIN is used) to 9.9% (if both the PIN and the touch dynamics are used)

Perceiving is Believing. Authentication with Behavioural and Cognitive Factors

Most computer users have experienced login problems such as, forgetting passwords, loosing token cards and authentication dongles, failing that complicated screen pattern once again, as well as, interaction difficulties in usability. Facing the difficulties of non-flexible strong authentication solutions, users tend to react with poor acceptance or to relax the assumed correct use of authentication procedures and devices, rendering the intended security useless. Biometrics can, sort of, solve some of those problems. However, despite the vast research, there is no perfect solution into designing a secure strong authentication procedure, falling into a trade off between intrusiveness, effectiveness, contextual adequacy and security guarantees. Taking advantage of new technology, recent research onmulti-modal, behavioural and cognitive oriented authentication proposals have sought to optimize trade off towards precision and convenience, reducing intrusiveness for the same amount of security. But these solutions also fall short with respect to different scenarios. Users perform currently multiple authentications everyday, through multiple devices, in panoply of different situations, involving different resources and diverse usage contexts, with no "better authentication solution" for all possible purposes. The proposed framework enhances the recent research in user authentication services with a broader view on the problems involving each solution, towards an usable secure authentication methodology combining and exploring the strengths of each method. It will than be used to prototype instances of new dynamic multifactor models (including novel models of behavioural and cognitive biometrics), materializing the PiB (perceiving is believing) authentication. Ultimately we show how the proposed framework can be smoothly integrated in applications and other authentication services and protocols, namely in the context of SSO Authentication Services and OAuth

AI-based user authentication reinforcement by continuous extraction of behavioral interaction features

Open Access funding provided thanks to the CRUE-CSIC agreement with Springer Nature.[Abstract]: In this work, we conduct an experiment to analyze the feasibility of a continuous authentication method based on the monitorization of the users' activity to verify their identities through specific user profiles modeled via Artificial Intelligence techniques. In order to conduct the experiment, a custom application was developed to gather user records in a guided scenario where some predefined actions must be completed. This dataset has been anonymized and will be available to the community. Additionally, a public dataset was also used for benchmarking purposes so that our techniques could be validated in a non-guided scenario. Such data were processed to extract a number of key features that could be used to train three different Artificial Intelligence techniques: Support Vector Machines, Multi-Layer Perceptrons, and a Deep Learning approach. These techniques demonstrated to perform well in both scenarios, being able to authenticate users in an effective manner. Finally, a rejection test was conducted, and a continuous authentication system was proposed and tested using weighted sliding windows, so that an impostor could be detected in a real environment when a legitimate user session is hijacked.Xunta de Galicia; ED431G 2019/01Xunta de Galicia; ED431B 2021/36Xunta de Galicia; ED481A-2019/155This work made use of the infrastructures acquired with Grants provided by the State Research Agency (AEI) of the Spanish Government and the European Regional Development Fund (FEDER), through RTI2018-095076-B-C22, and PID2019-525 111388GB-I00. We acknowledge support from CIGUS-CITIC, funded by Xunta de Galicia and the European Union (FEDER Galicia 2014-2020 Program) through Grant ED431G 2019/01; research consolidation Grant ED431B 2021/36; Art.83 collaboration F19/03 with the enterprise Odeene S.L.; and scholarship from Xunta de Galicia and the European Union (European Social Fund - ESF) ED481A-2019/155

Biometric-Based Human Recognition Systems: An Overview

With the proliferation of automated systems for reliable and highly secure human authentication and identification, the importance of technological solutions in biometrics is growing along with security awareness. Indeed, conventional authentication methodologies, consisting of knowledge-based systems that make use of something you know (e.g., username and password) and token-based systems that make use of something you have (e.g., identification card), are not able to meet the strict requirements of reliable security applications. Conversely, biometric systems make use of behavioral (extrinsic) and/or physiological (intrinsic) human characteristics, overcoming the security issues affecting the conventional methods for personal authentication. This book chapter provides an overview of the most commonly used biometric traits along with their properties, the various biometric system operating modalities as well as various security aspects related to these systems. In particular, it will be discussed the different stages involved in a biometric recognition process and further discuss various threats that can be exploited to compromise the security of a biometric system. Finally, in order to evaluate the systems’ performance, metrics must be adopted. The most widely used metrics are, therefore, discussed in relation to the provided system accuracy and security, and applicability in real-world deployments

Integrating a usable security protocol for user authentication into the requirements and design process

L'utilisabilité et la sécurité sont des éléments cruciaux dans le processus d'authentification des utilisateurs. L'un des défis majeurs auquel font face les organisations aujourd'hui est d'offrir des systèmes d'accès aux ressources logiques (par exemple, une application informatique) et physiques (par exemple, un bâtiment) qui soient à la fois sécurisées et utilisables. Afin d'atteindre ces objectifs, il faut d'abord mettre en œuvre les trois composantes indispensables que sont l'identification (c.-à-d., définir l'identité d'un utilisateur), l'authentification (c.-à-d., vérifier l'identité d'un utilisateur) et l'autorisation (c.-à-d., accorder des droits d'accès à un utilisateur). Plus particulièrement, la recherche en authentification de l'utilisateur est essentielle. Sans authentification, par exemple, des systèmes informatiques ne sont pas capables de vérifier si un utilisateur demandant l'accès à une ressource possède les droits de le faire. Bien que plusieurs travaux de recherche aient porté sur divers mécanismes de sécurité, très peu de recherches jusqu'à présent ont porté sur l'utilisabilité et la sécurité des méthodes d'authentification des utilisateurs. Pour cette raison, il nous paraît nécessaire de développer un protocole d'utilisabilité et de sécurité pour concevoir les méthodes d'authentification des utilisateurs. La thèse centrale de ce travail de recherche soutient qu'il y a un conflit intrinsèque entre la création de systèmes qui soient sécurisés et celle de systèmes qui soient facile d'utilisation. Cependant, l'utilisabilité et la sécurité peuvent être construites de manière synergique en utilisant des outils d'analyse et de conception qui incluent des principes d'utilisabilité et de sécurité dès l'étape d'Analyse et de Conception de la méthode d'authentification. Dans certaines situations il est possible d'améliorer simultanément l'utilisabilité et la sécurité en revisitant les décisions de conception prises dans le passé. Dans d'autres cas, il est plus avantageux d'aligner l'utilisabilité et la sécurité en changeant l'environnement régulateur dans lequel les ordinateurs opèrent. Pour cette raison, cette thèse a comme objectif principal non pas d'adresser l'utilisabilité et la sécurité postérieurement à la fabrication du produit final, mais de faire de la sécurité un résultat naturel de l'étape d'Analyse et de Conception du cycle de vie de la méthode d'authentification. \ud ______________________________________________________________________________ \ud MOTS-CLÉS DE L’AUTEUR : authentification de l'utilisateur, utilisabilité, sécurité informatique, contrôle d'accès