10 research outputs found
Hardware design, development and evaluation of a pressure-based typing biometrics authentication system
The hardware design of a pressure based typing biometrics authentication system (BAS) is discussed in this paper. The dynamic keystroke is represented by its time duration (t) and force (F) applied to constitute a waveform, which when concatenated compose a complete pattern for the entered password. Hardware design is the first part in designing the complete pressure-based typing (BAS) in order to ensure that the best data to represent the keystroke pattern of the user is captured. The system has been designed using LabVIEW software. Several data preprocessing techniques have been used to improve the acquired waveforms. An experiment was conducted to show the validity of the design in representing keystroke dynamics and preliminary results have shown that the designed system can successfully capture password patterns
Dynamic Keystroke Technique for a Secure Authentication System based on Deep Belief Nets
The rapid growth of electronic assessment in various fields has led to the emergence of issues such as user identity fraud and cheating. One potential solution to these problems is to use a complementary authentication method, such as a behavioral biometric characteristic that is unique to each individual. One promising approach is keystroke dynamics, which involves analyzing the typing patterns of users. In this research, the Deep Belief Nets (DBN) model is used to implement a dynamic keystroke technique for secure e-assessment. The proposed system extracts various features from the pressure-time measurements, digraphs (dwell time and flight time), trigraphs, and n-graphs, and uses these features to classify the user's identity by applying the DBN algorithm to a dataset collected from participants who typed free text using a standard QWERTY keyboard in a neutral state without inducing specific emotions. The DBN model is designed to detect cheating attempts and is tested on a dataset collected from the proposed e-assessment system using free text. The implementation of the DBN results in an error rate of 5% and an accuracy of 95%, indicating that the system is effective in identifying users' identities and cheating, providing a secure e-assessment approach
Poisoning Attacks on Learning-Based Keystroke Authentication and a Residue Feature Based Defense
Behavioral biometrics, such as keystroke dynamics, are characterized by relatively large variation in the input samples as compared to physiological biometrics such as fingerprints and iris. Recent advances in machine learning have resulted in behaviorbased pattern learning methods that obviate the effects of variation by mapping the variable behavior patterns to a unique identity with high accuracy. However, it has also exposed the learning systems to attacks that use updating mechanisms in learning by injecting imposter samples to deliberately drift the data to impostors’ patterns. Using the principles of adversarial drift, we develop a class of poisoning attacks, named Frog-Boiling attacks. The update samples are crafted with slow changes and random perturbations so that they can bypass the classifiers detection. Taking the case of keystroke dynamics which includes motoric and neurological learning, we demonstrate the success of our attack mechanism. We also present a detection mechanism for the frog-boiling attack that uses correlation between successive training samples to detect spurious input patterns. To measure the effect of adversarial drift in frog-boiling attack and the effectiveness of the proposed defense mechanism, we use traditional error rates such as FAR, FRR, and EER and the metric in terms of shifts in biometric menagerie
Autenticación y verificación de usuarios mediante dinámica del tecleo
Dentro del área de la autenticación biométrica, uno de los campos que ha suscitado mayor interés en los últimos años ha sido la dinámica del tecleo. En él, se estudian multitud de técnicas de clasificación de usuarios con el objetivo de encontrar un sistema de autenticación alternativo a las contraseñas utilizadas en la actualidad. Todas ellas se basan en las diferentes caracterÃsticas biométricas que las personas mostramos al utilizar un teclado informático. Por tanto, se propone realizar un estudio de distintas técnicas de clasificación de usuarios mediante dinámica del tecleo e implementar un sistema que utilice algunas de ellas
Identificação biométrica e comportamental de utilizadores em cenários de intrusão
Dissertação de mestrado em Engenharia InformáticaA usurpação de contas e o roubo de identidade são problemas muito frequentes nos atuais
sistemas informáticos. A facilidade de acesso à internet e a exposição das pessoas a este meio,
torna muito frequente a utilização indevida e a usurpação de contas (tais como: e-mail, redes
sociais, contas bancárias) por outras pessoas que não as suas legÃtimas proprietárias.
Atualmente o método de autenticação dominante é o da combinação nome de utilizador e
palavra-chave. No entanto, este método pode não ser fiável, pois estas credenciais podem ser
partilhadas, roubadas ou até esquecidas. Por outro lado podem-se combinar várias técnicas para
reforçar a segurança dos sistemas. Cartões de acesso (tokens), certificados digitais e biometrias são
algumas delas. Os cartões de acesso, por exemplo os das caixas multibanco, podem ser roubados
ou duplicados, como é frequentemente noticiado em fraudes bancárias. Os certificados seguem o
mesmo caminho dos tokens uma vez que estes podem ser distribuÃdos por correio eletrónico ou em
dispositivos USB. As biometrias fÃsicas (impressão digital, Ãris, retina ou geometria da mão por
exemplo), para além de serem um pouco intrusivas, requerem a aquisição de equipamento caro.
Uma possÃvel solução para os problemas inumerados são as biometrias comportamentais.
A forma como nos comportamos e agimos num computador pode ser usada como
informação biométrica. Esta informação pode ser utilizada à posteriori, geralmente complementada
com mais dados, para identificar, inequivocamente, (ou pelo menos com um determinado grau de
confiança) um indivÃduo. A informação recolhida pode variar desde o tipo de escrita no teclado,
habilidade com o rato, hábitos, cliques, número de páginas abertas, origem do acesso, etc., que
depois será sujeita à utilização de algoritmos comportamentais para autenticar, de forma
inequÃvoca, um utilizador.
Neste trabalho pretende-se implementar como reforço aos atuais sistemas de autenticação
e de deteção de intrusões, a verificação de perfis comportamentais do proprietário da conta. Este
sistema não irá apresentar grandes custos, já que só serão usados equipamentos básicos, e será
completamente invisÃvel para o utilizador, ou seja este será continuamente autenticado de forma
silenciosa e não intrusiva.Session hijacking and identity theft are a problem increasingly common in computer
systems nowadays. With the growing usage of online services, people become more exposed to
different techniques, technological or social, that can be used to easy to their personal accounts,
from services such as Emails, Facebook, bank accounts, among others.
Currently, the dominant method of authentication is the combination of username and
password. This method can be unreliable, because these credentials can be shared, forgotten or
stolen. To offer better authentication mechanisms, other techniques are used; among then are the
tokens or digital certificates and biometrics. None of them completely solve the problem once they
can be duplicated or stolen. Moreover the physiological biometrics (fingerprint, iris, retina, hand
geometry, etc.) are intrusive, require the purchase of expensive equipment and may not work in all
the scenarios.
The way we behave and act in a computer can be used as biometric information. This
information supplemented with more data (i.e. contextual data) can be used to identify unequivocally
(or at least with a certain degree of confidence) an individual. The information collected may vary
from the way of typing on a keyboard (keystroke dynamics), skill with the mouse (mouse dynamics),
habits, clicks, number of pages open, source access, etc., which will then be subject to the use of
behavioral algorithms to identify and authenticate, unequivocally, the user.
In this work we present the implementation of a system that strengthens existing
authentication and intrusion detection systems, helping them by checking behavioral profiles of the
account owner. This system will not be costly, since it only uses basic hardware. Additionally, it will
be completely invisible to the user, i.e., it will be working in an unobtrusive way, collecting data in
background mode. The aim of this paper is to present a system capable of recognizing biometric
patterns and, through behavioral algorithms and complex event processing, create user profiles that
are used as identification and continuously authentication to services
Recommended from our members
Free-text keystroke dynamics authentication with a reduced need for training and language independency
This research aims to overcome the drawback of the large amount of training data required
for free-text keystroke dynamics authentication. A new key-pairing method, which is based
on the keyboard’s key-layout, has been suggested to achieve that. The method extracts
several timing features from specific key-pairs. The level of similarity between a user’s
profile data and his or her test data is then used to decide whether the test data was provided
by the genuine user. The key-pairing technique was developed to use the smallest amount of
training data in the best way possible which reduces the requirement for typing long text in
the training stage. In addition, non-conventional features were also defined and extracted
from the input stream typed by the user in order to understand more of the users typing
behaviours. This helps the system to assemble a better idea about the user’s identity from the
smallest amount of training data. Non-conventional features compute the average of users
performing certain actions when typing a whole piece of text. Results were obtained from the
tests conducted on each of the key-pair timing features and the non-conventional features,
separately. An FAR of 0.013, 0.0104 and an FRR of 0.384, 0.25 were produced by the timing
features and non-conventional features, respectively. Moreover, the fusion of these two
feature sets was utilized to enhance the error rates. The feature-level fusion thrived to reduce
the error rates to an FAR of 0.00896 and an FRR of 0.215 whilst decision-level fusion
succeeded in achieving zero FAR and FRR. In addition, keystroke dynamics research suffers
from the fact that almost all text included in the studies is typed in English. Nevertheless, the
key-pairing method has the advantage of being language-independent. This allows for it to be
applied on text typed in other languages. In this research, the key-pairing method was applied
to text in Arabic. The results produced from the test conducted on Arabic text were similar to
those produced from English text. This proves the applicability of the key-pairing method on
a language other than English even if that language has a completely different alphabet and
characteristics. Moreover, experimenting with texts in English and Arabic produced results
showing a direct relation between the users’ familiarity with the language and the
performance of the authentication system