Hardware design, development and evaluation of a pressure-based typing biometrics authentication system

The hardware design of a pressure based typing biometrics authentication system (BAS) is discussed in this paper. The dynamic keystroke is represented by its time duration (t) and force (F) applied to constitute a waveform, which when concatenated compose a complete pattern for the entered password. Hardware design is the first part in designing the complete pressure-based typing (BAS) in order to ensure that the best data to represent the keystroke pattern of the user is captured. The system has been designed using LabVIEW software. Several data preprocessing techniques have been used to improve the acquired waveforms. An experiment was conducted to show the validity of the design in representing keystroke dynamics and preliminary results have shown that the designed system can successfully capture password patterns

Dynamic Keystroke Technique for a Secure Authentication System based on Deep Belief Nets

The rapid growth of electronic assessment in various fields has led to the emergence of issues such as user identity fraud and cheating. One potential solution to these problems is to use a complementary authentication method, such as a behavioral biometric characteristic that is unique to each individual. One promising approach is keystroke dynamics, which involves analyzing the typing patterns of users. In this research, the Deep Belief Nets (DBN) model is used to implement a dynamic keystroke technique for secure e-assessment. The proposed system extracts various features from the pressure-time measurements, digraphs (dwell time and flight time), trigraphs, and n-graphs, and uses these features to classify the user's identity by applying the DBN algorithm to a dataset collected from participants who typed free text using a standard QWERTY keyboard in a neutral state without inducing specific emotions. The DBN model is designed to detect cheating attempts and is tested on a dataset collected from the proposed e-assessment system using free text. The implementation of the DBN results in an error rate of 5% and an accuracy of 95%, indicating that the system is effective in identifying users' identities and cheating, providing a secure e-assessment approach

Poisoning Attacks on Learning-Based Keystroke Authentication and a Residue Feature Based Defense

Behavioral biometrics, such as keystroke dynamics, are characterized by relatively large variation in the input samples as compared to physiological biometrics such as fingerprints and iris. Recent advances in machine learning have resulted in behaviorbased pattern learning methods that obviate the effects of variation by mapping the variable behavior patterns to a unique identity with high accuracy. However, it has also exposed the learning systems to attacks that use updating mechanisms in learning by injecting imposter samples to deliberately drift the data to impostors’ patterns. Using the principles of adversarial drift, we develop a class of poisoning attacks, named Frog-Boiling attacks. The update samples are crafted with slow changes and random perturbations so that they can bypass the classifiers detection. Taking the case of keystroke dynamics which includes motoric and neurological learning, we demonstrate the success of our attack mechanism. We also present a detection mechanism for the frog-boiling attack that uses correlation between successive training samples to detect spurious input patterns. To measure the effect of adversarial drift in frog-boiling attack and the effectiveness of the proposed defense mechanism, we use traditional error rates such as FAR, FRR, and EER and the metric in terms of shifts in biometric menagerie

Autenticación y verificación de usuarios mediante dinámica del tecleo

Dentro del área de la autenticación biométrica, uno de los campos que ha suscitado mayor interés en los últimos años ha sido la dinámica del tecleo. En él, se estudian multitud de técnicas de clasificación de usuarios con el objetivo de encontrar un sistema de autenticación alternativo a las contraseñas utilizadas en la actualidad. Todas ellas se basan en las diferentes características biométricas que las personas mostramos al utilizar un teclado informático. Por tanto, se propone realizar un estudio de distintas técnicas de clasificación de usuarios mediante dinámica del tecleo e implementar un sistema que utilice algunas de ellas

Identificação biométrica e comportamental de utilizadores em cenários de intrusão

Dissertação de mestrado em Engenharia InformáticaA usurpação de contas e o roubo de identidade são problemas muito frequentes nos atuais sistemas informáticos. A facilidade de acesso à internet e a exposição das pessoas a este meio, torna muito frequente a utilização indevida e a usurpação de contas (tais como: e-mail, redes sociais, contas bancárias) por outras pessoas que não as suas legítimas proprietárias. Atualmente o método de autenticação dominante é o da combinação nome de utilizador e palavra-chave. No entanto, este método pode não ser fiável, pois estas credenciais podem ser partilhadas, roubadas ou até esquecidas. Por outro lado podem-se combinar várias técnicas para reforçar a segurança dos sistemas. Cartões de acesso (tokens), certificados digitais e biometrias são algumas delas. Os cartões de acesso, por exemplo os das caixas multibanco, podem ser roubados ou duplicados, como é frequentemente noticiado em fraudes bancárias. Os certificados seguem o mesmo caminho dos tokens uma vez que estes podem ser distribuídos por correio eletrónico ou em dispositivos USB. As biometrias físicas (impressão digital, íris, retina ou geometria da mão por exemplo), para além de serem um pouco intrusivas, requerem a aquisição de equipamento caro. Uma possível solução para os problemas inumerados são as biometrias comportamentais. A forma como nos comportamos e agimos num computador pode ser usada como informação biométrica. Esta informação pode ser utilizada à posteriori, geralmente complementada com mais dados, para identificar, inequivocamente, (ou pelo menos com um determinado grau de confiança) um indivíduo. A informação recolhida pode variar desde o tipo de escrita no teclado, habilidade com o rato, hábitos, cliques, número de páginas abertas, origem do acesso, etc., que depois será sujeita à utilização de algoritmos comportamentais para autenticar, de forma inequívoca, um utilizador. Neste trabalho pretende-se implementar como reforço aos atuais sistemas de autenticação e de deteção de intrusões, a verificação de perfis comportamentais do proprietário da conta. Este sistema não irá apresentar grandes custos, já que só serão usados equipamentos básicos, e será completamente invisível para o utilizador, ou seja este será continuamente autenticado de forma silenciosa e não intrusiva.Session hijacking and identity theft are a problem increasingly common in computer systems nowadays. With the growing usage of online services, people become more exposed to different techniques, technological or social, that can be used to easy to their personal accounts, from services such as Emails, Facebook, bank accounts, among others. Currently, the dominant method of authentication is the combination of username and password. This method can be unreliable, because these credentials can be shared, forgotten or stolen. To offer better authentication mechanisms, other techniques are used; among then are the tokens or digital certificates and biometrics. None of them completely solve the problem once they can be duplicated or stolen. Moreover the physiological biometrics (fingerprint, iris, retina, hand geometry, etc.) are intrusive, require the purchase of expensive equipment and may not work in all the scenarios. The way we behave and act in a computer can be used as biometric information. This information supplemented with more data (i.e. contextual data) can be used to identify unequivocally (or at least with a certain degree of confidence) an individual. The information collected may vary from the way of typing on a keyboard (keystroke dynamics), skill with the mouse (mouse dynamics), habits, clicks, number of pages open, source access, etc., which will then be subject to the use of behavioral algorithms to identify and authenticate, unequivocally, the user. In this work we present the implementation of a system that strengthens existing authentication and intrusion detection systems, helping them by checking behavioral profiles of the account owner. This system will not be costly, since it only uses basic hardware. Additionally, it will be completely invisible to the user, i.e., it will be working in an unobtrusive way, collecting data in background mode. The aim of this paper is to present a system capable of recognizing biometric patterns and, through behavioral algorithms and complex event processing, create user profiles that are used as identification and continuously authentication to services

Free-text keystroke dynamics authentication with a reduced need for training and language independency

This research aims to overcome the drawback of the large amount of training data required for free-text keystroke dynamics authentication. A new key-pairing method, which is based on the keyboard’s key-layout, has been suggested to achieve that. The method extracts several timing features from specific key-pairs. The level of similarity between a user’s profile data and his or her test data is then used to decide whether the test data was provided by the genuine user. The key-pairing technique was developed to use the smallest amount of training data in the best way possible which reduces the requirement for typing long text in the training stage. In addition, non-conventional features were also defined and extracted from the input stream typed by the user in order to understand more of the users typing behaviours. This helps the system to assemble a better idea about the user’s identity from the smallest amount of training data. Non-conventional features compute the average of users performing certain actions when typing a whole piece of text. Results were obtained from the tests conducted on each of the key-pair timing features and the non-conventional features, separately. An FAR of 0.013, 0.0104 and an FRR of 0.384, 0.25 were produced by the timing features and non-conventional features, respectively. Moreover, the fusion of these two feature sets was utilized to enhance the error rates. The feature-level fusion thrived to reduce the error rates to an FAR of 0.00896 and an FRR of 0.215 whilst decision-level fusion succeeded in achieving zero FAR and FRR. In addition, keystroke dynamics research suffers from the fact that almost all text included in the studies is typed in English. Nevertheless, the key-pairing method has the advantage of being language-independent. This allows for it to be applied on text typed in other languages. In this research, the key-pairing method was applied to text in Arabic. The results produced from the test conducted on Arabic text were similar to those produced from English text. This proves the applicability of the key-pairing method on a language other than English even if that language has a completely different alphabet and characteristics. Moreover, experimenting with texts in English and Arabic produced results showing a direct relation between the users’ familiarity with the language and the performance of the authentication system