Assentication: User Deauthentication and Lunchtime Attack Mitigation with Seated Posture Biometric

Biometric techniques are often used as an extra security factor in authenticating human users. Numerous biometrics have been proposed and evaluated, each with its own set of benefits and pitfalls. Static biometrics (such as fingerprints) are geared for discrete operation, to identify users, which typically involves some user burden. Meanwhile, behavioral biometrics (such as keystroke dynamics) are well suited for continuous, and sometimes more unobtrusive, operation. One important application domain for biometrics is deauthentication, a means of quickly detecting absence of a previously authenticated user and immediately terminating that user's active secure sessions. Deauthentication is crucial for mitigating so called Lunchtime Attacks, whereby an insider adversary takes over (before any inactivity timeout kicks in) authenticated state of a careless user who walks away from her computer. Motivated primarily by the need for an unobtrusive and continuous biometric to support effective deauthentication, we introduce PoPa, a new hybrid biometric based on a human user's seated posture pattern. PoPa captures a unique combination of physiological and behavioral traits. We describe a low cost fully functioning prototype that involves an office chair instrumented with 16 tiny pressure sensors. We also explore (via user experiments) how PoPa can be used in a typical workplace to provide continuous authentication (and deauthentication) of users. We experimentally assess viability of PoPa in terms of uniqueness by collecting and evaluating posture patterns of a cohort of users. Results show that PoPa exhibits very low false positive, and even lower false negative, rates. In particular, users can be identified with, on average, 91.0% accuracy. Finally, we compare pros and cons of PoPa with those of several prominent biometric based deauthentication techniques

Keystroke Dynamics as Part of Lifelogging

In this paper we present the case for including keystroke dynamics in lifelogging. We describe how we have used a simple keystroke logging application called Loggerman, to create a dataset of longitudinal keystroke timing data spanning a period of more than 6 months for 4 participants. We perform a detailed analysis of this data by examining the timing information associated with bigrams or pairs of adjacently-typed alphabetic characters. We show how there is very little day-on-day variation of the keystroke timing among the top-200 bigrams for some participants and for others there is a lot and this correlates with the amount of typing each would do on a daily basis. We explore how daily variations could correlate with sleep score from the previous night but find no significant relation-ship between the two. Finally we describe the public release of this data as well including as a series of pointers for future work including correlating keystroke dynamics with mood and fatigue during the day.Comment: Accepted to 27th International Conference on Multimedia Modeling, Prague, Czech Republic, June 202

Behavioral biometrics and ambient intelligence: New opportunities for context-aware applications

Ambient Intelligence has always been associated with the promise of exciting new applications, aware of the users' needs and state, and proactive towards their goals. However, the acquisition of the necessary information for supporting such high-level learning and decision-making processes is not always straightforward. In this chapter we describe a multi-faceted smart environment for the acquisition of relevant contextual information about its users. This information, acquired transparently through the technological devices in the environment, supports the building of high-level knowledge about the users, including a quantification of aspects such as performance, attention, mental fatigue and stress. The environment described is particularly suited for milieus such as workplaces and classrooms, in which this kind of information may be very important for the effective management of human resources, with advantages for organizations and individuals alike.(UID/CEC/00319/2013)info:eu-repo/semantics/publishedVersio

Smartphone-derived keystroke dynamics are sensitive to relevant changes in multiple sclerosis

BACKGROUND: To investigate smartphone keystroke dynamics (KD), derived from regular typing, on sensitivity to relevant change in disease activity, fatigue, and clinical disability in multiple sclerosis (MS). METHODS: Preplanned interim analysis of a cohort study with 102 MS patients assessed at baseline and 3-month follow-up for gadolinium-enhancing lesions on MRI, relapses, fatigue and clinical disability outcomes. Keyboard interactions were unobtrusively collected during typing using the Neurokeys App. From these interactions 15 keystroke features were derived and aggregated using 16 summary and time series statistics. Responsiveness of KD to clinical anchor-based change was assessed by calculating the area under the receiver operating characteristic curve (AUC). The optimal cut-point was used to determine the minimal clinically important difference (MCID) and compared to the smallest real change (SRC). Commonly used clinical measures were analyzed for comparison. RESULTS: 94 patients completed the follow-up. The five best performing keystroke features had AUC-values ranging from 0.72 to 0.78 for change in gadolinium-enhancing lesions, 0.67-0.70 for the Checklist Individual Strength Fatigue subscale, 0.66-0.79 for the Expanded Disability Status Scale, 0.69-0.73 for the Ambulation Functional System, and 0.72-0.75 for Arm function in MS Questionnaire. The MCID of these features exceeded the SRC on group level. KD had higher AUC-values than comparative clinical measures for the study outcomes, aside from ambulatory function. CONCLUSIONS: KD demonstrated good responsiveness to changes in disease activity, fatigue, and clinical disability in MS, and detected important change beyond measurement error on group level. Responsiveness of KD was better than commonly used clinical measures

Passphrase and keystroke dynamics authentication: security and usability

It was found that employees spend a total 2.25 days within a 60 day period on password related activities. Another study found that over 85 days an average user will create 25 accounts with an average of 6.5 unique passwords. These numbers are expected to increase over time as more systems become available. In addition, the use of 6.5 unique passwords highlight that passwords are being reused which creates security concerns as multiple systems will be accessible by an unauthorised party if one of these passwords is leaked. Current user authentication solutions either increase security or usability. When security increases, usability decreases, or vice versa. To add to this, stringent security protocols encourage unsecure behaviours by the user such as writing the password down on a piece of paper to remember it. It was found that passphrases require less cognitive effort than passwords and because passphrases are stronger than passwords, they don’t need to be changed as frequently as passwords. This study aimed to assess a two-tier user authentication solution that increases security and usability. The proposed solution uses passphrases in conjunction with keystroke dynamics to address this research problem. The design science research approach was used to guide this study. The study’s theoretical foundation includes three theories. The Shannon entropy formula was used to calculate the strength of passwords, passphrases and keystroke dynamics. The chunking theory assisted in assessing password and passphrase memorisation issues and the keystroke-level model was used to assess password and passphrase typing issues. Two primary data collection methods were used to evaluate the findings and to ensure that gaps in the research were filled. A login assessment experiment collected data on user authentication and user-system interaction for passwords and passphrases. Plus, an expert review was conducted to verify findings and assess the research artefact in the form of a model. The model can be used to assist with the implementation of a two-tier user authentication solution which involves passphrases and keystroke dynamics. There are a number of components that need to be considered to realise the benefits of this solution and ensure successful implementation

Psychomotor Impairment Detection via Finger Interactions with a Computer Keyboard During Natural Typing

Modern digital devices and appliances are capable of monitoring the timing of button presses, or finger interactions in general, with a sub-millisecond accuracy. However, the massive amount of high resolution temporal information that these devices could collect is currently being discarded. Multiple studies have shown that the act of pressing a button triggers well defined brain areas which are known to be affected by motor-compromised conditions. In this study, we demonstrate that the daily interaction with a computer keyboard can be employed as means to observe and potentially quantify psychomotor impairment. We induced a psychomotor impairment via a sleep inertia paradigm in 14 healthy subjects, which is detected by our classifier with an Area Under the ROC Curve (AUC) of 0.93/0.91. The detection relies on novel features derived from key-hold times acquired on standard computer keyboards during an uncontrolled typing task. These features correlate with the progression to psychomotor impairment (p < 0.001) regardless of the content and language of the text typed, and perform consistently with different keyboards. The ability to acquire longitudinal measurements of subtle motor changes from a digital device without altering its functionality may allow for early screening and follow-up of motor-compromised neurodegenerative conditions, psychological disorders or intoxication at a negligible cost in the general population.Comunidad de Madri