Non-conventional keystroke dynamics for user authentication

This paper introduces an approach for user authentication using free-text keystroke dynamics which incorporates the use of non-conventional keystroke features. Semi-timing features along with editing features are extracted from the user’s typing stream. Decision trees were exploited to classify each of the user’s data. In parallel for comparison, support vector machines (SVMs) were also used for classification in association with an ant colony optimization (ACO) feature selection technique. The results obtained from this study are encouraging as low false accept rates (FAR) and false reject rates (FRR) were achieved in the experimentation phase. This signifies that satisfactory overall system performance was achieved by using the typing attributes in the proposed approach. Thus, the use of non-conventional typing features improves the understanding of human typing behavior and therefore, provides significant contribution to the authentication system

A survey on touch dynamics authentication in mobile devices

© 2016 Elsevier Ltd. All rights reserved. There have been research activities in the area of keystroke dynamics biometrics on physical keyboards (desktop computers or conventional mobile phones) undertaken in the past three decades. However, in terms of touch dynamics biometrics on virtual keyboards (modern touchscreen mobile devices), there has been little published work. Particularly, there is a lack of an extensive survey and evaluation of the methodologies adopted in the area. Owing to the widespread use of touchscreen mobile devices, it is necessary for us to examine the techniques and their effectiveness in the domain of touch dynamics biometrics. The aim of this paper is to provide some insights and comparative analysis of the current state of the art in the topic area, including data acquisition protocols, feature data representations, decision making techniques, as well as experimental settings and evaluations. With such a survey, we can gain a better understanding of the current state of the art, thus identifying challenging issues and knowledge gaps for further research

Free-text keystroke dynamics authentication for Arabic language

This study introduces an approach for user authentication using free-text keystroke dynamics which incorporates text in Arabic language. The Arabic language has completely different characteristics to those of English. The approach followed in this study involves the use of the keyboard's key-layout. The method extracts timing features from specific key-pairs in the typed text. Decision trees were exploited to classify each of the users' data. In parallel for comparison, support vector machines were also used for classification in association with an ant colony optimisation feature selection technique. The results obtained from this study are encouraging as low false accept rates and false reject rates were achieved in the experimentation phase. This signifies that satisfactory overall system performance was achieved by using the typing attributes in the proposed approach, while typing Arabic text

A Correlation Framework for Continuous User Authentication Using Data Mining

Merged with duplicate records: 10026.1/572, 10026.1/334 and 10026.1/724 on 01.02.2017 by CS (TIS)The increasing security breaches revealed in recent surveys and security threats reported in the media reaffirms the lack of current security measures in IT systems. While most reported work in this area has focussed on enhancing the initial login stage in order to counteract against unauthorised access, there is still a problem detecting when an intruder has compromised the front line controls. This could pose a senous threat since any subsequent indicator of an intrusion in progress could be quite subtle and may remain hidden to the casual observer. Having passed the frontline controls and having the appropriate access privileges, the intruder may be in the position to do virtually anything without further challenge. This has caused interest'in the concept of continuous authentication, which inevitably involves the analysis of vast amounts of data. The primary objective of the research is to develop and evaluate a suitable correlation engine in order to automate the processes involved in authenticating and monitoring users in a networked system environment. The aim is to further develop the Anoinaly Detection module previously illustrated in a PhD thesis [I] as part of the conceptual architecture of an Intrusion Monitoring System (IMS) framework

Credential hardening by using touchstroke dynamics

Today, reliance on digital devices for daily routines has been shifted towards portable mobile devices. Therefore, the need for security enhancements within this platform is imminent. Numerous research works have been performed on strengthening password authentication by using keystroke dynamics biometrics, which involve computer keyboards and cellular phones as input devices. Nevertheless, experiments performed specifically on touch screen devices are relatively lacking. This paper describes a novel technique to strengthen security authentication systems on touch screen devices via a new sub variant behavioural biometrics called touchstroke dynamics. We capitalize on the high resolution timing latency and the pressure information on touch screen panel as feature data. Following this a light weight algorithm is introduced to calculate the similarity between feature vectors. In addition, a fusion approach is proposed to enhance the overall performance of the system to an equal error rate of 7.71% (short input) and 6.27% (long input)

Age Detection Through Keystroke Dynamics From User Authentication Failures

In this paper an incident response approach is proposed for handling detections of authentication failures in systems that employ dynamic biometric authentication and more specifically keystroke user recognition. The main component of the approach is a multi layer perceptron focusing on the age classification of a user. Empirical findings show that the classifier can detect the age of the subject with a probability that is far from the uniform random distribution, making the proposed method suitable for providing supporting yet circumstantial evidence during e-discovery

Vulnerability analysis of cyber-behavioral biometric authentication

Research on cyber-behavioral biometric authentication has traditionally assumed naïve (or zero-effort) impostors who make no attempt to generate sophisticated forgeries of biometric samples. Given the plethora of adversarial technologies on the Internet, it is questionable as to whether the zero-effort threat model provides a realistic estimate of how these authentication systems would perform in the wake of adversity. To better evaluate the efficiency of these authentication systems, there is need for research on algorithmic attacks which simulate the state-of-the-art threats. To tackle this problem, we took the case of keystroke and touch-based authentication and developed a new family of algorithmic attacks which leverage the intrinsic instability and variability exhibited by users\u27 behavioral biometric patterns. For both fixed-text (or password-based) keystroke and continuous touch-based authentication, we: 1) Used a wide range of pattern analysis and statistical techniques to examine large repositories of biometrics data for weaknesses that could be exploited by adversaries to break these systems, 2) Designed algorithmic attacks whose mechanisms hinge around the discovered weaknesses, and 3) Rigorously analyzed the impact of the attacks on the best verification algorithms in the respective research domains. When launched against three high performance password-based keystroke verification systems, our attacks increased the mean Equal Error Rates (EERs) of the systems by between 28.6% and 84.4% relative to the traditional zero-effort attack. For the touch-based authentication system, the attacks performed even better, as they increased the system\u27s mean EER by between 338.8% and 1535.6% depending on parameters such as the failure-to-enroll threshold and the type of touch gesture subjected to attack. For both keystroke and touch-based authentication, we found that there was a small proportion of users who saw considerably greater performance degradation than others as a result of the attack. There was also a sub-set of users who were completely immune to the attacks. Our work exposes a previously unexplored weakness of keystroke and touch-based authentication and opens the door to the design of behavioral biometric systems which are resistant to statistical attacks

Free-text keystroke dynamics authentication with a reduced need for training and language independency

This research aims to overcome the drawback of the large amount of training data required for free-text keystroke dynamics authentication. A new key-pairing method, which is based on the keyboard’s key-layout, has been suggested to achieve that. The method extracts several timing features from specific key-pairs. The level of similarity between a user’s profile data and his or her test data is then used to decide whether the test data was provided by the genuine user. The key-pairing technique was developed to use the smallest amount of training data in the best way possible which reduces the requirement for typing long text in the training stage. In addition, non-conventional features were also defined and extracted from the input stream typed by the user in order to understand more of the users typing behaviours. This helps the system to assemble a better idea about the user’s identity from the smallest amount of training data. Non-conventional features compute the average of users performing certain actions when typing a whole piece of text. Results were obtained from the tests conducted on each of the key-pair timing features and the non-conventional features, separately. An FAR of 0.013, 0.0104 and an FRR of 0.384, 0.25 were produced by the timing features and non-conventional features, respectively. Moreover, the fusion of these two feature sets was utilized to enhance the error rates. The feature-level fusion thrived to reduce the error rates to an FAR of 0.00896 and an FRR of 0.215 whilst decision-level fusion succeeded in achieving zero FAR and FRR. In addition, keystroke dynamics research suffers from the fact that almost all text included in the studies is typed in English. Nevertheless, the key-pairing method has the advantage of being language-independent. This allows for it to be applied on text typed in other languages. In this research, the key-pairing method was applied to text in Arabic. The results produced from the test conducted on Arabic text were similar to those produced from English text. This proves the applicability of the key-pairing method on a language other than English even if that language has a completely different alphabet and characteristics. Moreover, experimenting with texts in English and Arabic produced results showing a direct relation between the users’ familiarity with the language and the performance of the authentication system

Biometrics

Biometrics uses methods for unique recognition of humans based upon one or more intrinsic physical or behavioral traits. In computer science, particularly, biometrics is used as a form of identity access management and access control. It is also used to identify individuals in groups that are under surveillance. The book consists of 13 chapters, each focusing on a certain aspect of the problem. The book chapters are divided into three sections: physical biometrics, behavioral biometrics and medical biometrics. The key objective of the book is to provide comprehensive reference and text on human authentication and people identity verification from both physiological, behavioural and other points of view. It aims to publish new insights into current innovations in computer systems and technology for biometrics development and its applications. The book was reviewed by the editor Dr. Jucheng Yang, and many of the guest editors, such as Dr. Girija Chetty, Dr. Norman Poh, Dr. Loris Nanni, Dr. Jianjiang Feng, Dr. Dongsun Park, Dr. Sook Yoon and so on, who also made a significant contribution to the book