Keystroke Biometrics in Response to Fake News Propagation in a Global Pandemic

This work proposes and analyzes the use of keystroke biometrics for content de-anonymization. Fake news have become a powerful tool to manipulate public opinion, especially during major events. In particular, the massive spread of fake news during the COVID-19 pandemic has forced governments and companies to fight against missinformation. In this context, the ability to link multiple accounts or profiles that spread such malicious content on the Internet while hiding in anonymity would enable proactive identification and blacklisting. Behavioral biometrics can be powerful tools in this fight. In this work, we have analyzed how the latest advances in keystroke biometric recognition can help to link behavioral typing patterns in experiments involving 100,000 users and more than 1 million typed sequences. Our proposed system is based on Recurrent Neural Networks adapted to the context of content de-anonymization. Assuming the challenge to link the typed content of a target user in a pool of candidate profiles, our results show that keystroke recognition can be used to reduce the list of candidate profiles by more than 90%. In addition, when keystroke is combined with auxiliary data (such as location), our system achieves a Rank-1 identification performance equal to 52.6% and 10.9% for a background candidate list composed of 1K and 100K profiles, respectively.Comment: arXiv admin note: text overlap with arXiv:2004.0362

User clustering based on keystroke dynamics

The PAM clustering algorithm is applied on the Si6 keystroke dataset in order to identify sessions of the same users. A number of heuristical outlier lters based on statistical properties of keystroke latencies are proposed and run on the dataset. Di erent tests are performed varying the number of digraphs that compose each observation and its dimensionality, in order to verify the assumption that more data gives a better quality of clustering and to estimate the minimum required number of dimensions. The number of clusters is estimated through the silhouette algorithm. Resulting clustering accuracy is measured by means of the F-measure, showing the viability of user identi cation through keystroke analysis.Presentado en el V Workshop Arquitectura, Redes y Sistemas Operativos (WARSO)Red de Universidades con Carreras en Informática (RedUNCI

Biometric authentication via keystroke sound

Unlike conventional “one shot ” biometric authentica-tion schemes, continuous authentication has a number of advantages, such as longer time for sensing, ability to rec-tify authentication decisions, and persistent verification of a user’s identity, which are critical in applications de-manding enhanced security. However, traditional modali-ties such as face, fingerprint and keystroke dynamics, have various drawbacks in continuous authentication scenar-ios. In light of this, this paper proposes a novel non-intrusive and privacy-aware biometric modality that utilizes keystroke sound. Given the keystroke sound recorded by a low-cost microphone, our system extracts discriminative features and performs matching between a gallery and a probe sound stream. Motivated by the concept of digraphs used in modeling keystroke dynamics, we learn a virtual alphabet from keystroke sound segments, from which the digraph latency within pairs of virtual letters as well as other statistical features are used to generate match scores. The resultant multiple scores are indicative of the similar-ities between two sound streams, and are fused to make a final authentication decision. We collect a first-of-its-kind keystroke sound database of 45 subjects typing on a keyboard. Experiments on static text-based authentication, demonstrate the potential as well as limitations of this bio-metric modality. 1

Keystroke Biometrics for Freely Typed Text Based on CNN model

Keystroke biometrics, as an authentication method with advantages of no extra hardware cost, easy-to-integrate and high-security, has attracted much attention in user authentication. However, a mass of researches on keystroke biometrics have focused on the fixed-text analysis, while only a few took free-text analysis into consideration. And in the field of free-text analysis, most researchers usually devote their efforts to extracting the most appropriate keystroke features on their own experience. These methods were inevitably questionable due to their strong subjectivity. In this paper we proposed a multi-user keystroke authentication scheme based on CNN model, which can automatically figure out the appropriate features for the model, adjust and optimize the model constantly to further enhance the performance of model. In the experiment on a small sample set, the performance is improved more than 10% compared with the benchmark. Our model achieves an average recognition accuracy of 92.58%, with FAR of 0.24% and FRR of 7.34%

User clustering based on keystroke dynamics

The PAM clustering algorithm is applied on the Si6 keystroke dataset in order to identify sessions of the same users. A number of heuristical outlier lters based on statistical properties of keystroke latencies are proposed and run on the dataset. Di erent tests are performed varying the number of digraphs that compose each observation and its dimensionality, in order to verify the assumption that more data gives a better quality of clustering and to estimate the minimum required number of dimensions. The number of clusters is estimated through the silhouette algorithm. Resulting clustering accuracy is measured by means of the F-measure, showing the viability of user identi cation through keystroke analysis.Presentado en el V Workshop Arquitectura, Redes y Sistemas Operativos (WARSO)Red de Universidades con Carreras en Informática (RedUNCI

On the Inference of Soft Biometrics from Typing Patterns Collected in a Multi-device Environment

In this paper, we study the inference of gender, major/minor (computer science, non-computer science), typing style, age, and height from the typing patterns collected from 117 individuals in a multi-device environment. The inference of the first three identifiers was considered as classification tasks, while the rest as regression tasks. For classification tasks, we benchmark the performance of six classical machine learning (ML) and four deep learning (DL) classifiers. On the other hand, for regression tasks, we evaluated three ML and four DL-based regressors. The overall experiment consisted of two text-entry (free and fixed) and four device (Desktop, Tablet, Phone, and Combined) configurations. The best arrangements achieved accuracies of 96.15%, 93.02%, and 87.80% for typing style, gender, and major/minor, respectively, and mean absolute errors of 1.77 years and 2.65 inches for age and height, respectively. The results are promising considering the variety of application scenarios that we have listed in this work.Comment: The first two authors contributed equally. The code is available upon request. Please contact the last autho

Dynamic Keystroke Technique for a Secure Authentication System based on Deep Belief Nets

The rapid growth of electronic assessment in various fields has led to the emergence of issues such as user identity fraud and cheating. One potential solution to these problems is to use a complementary authentication method, such as a behavioral biometric characteristic that is unique to each individual. One promising approach is keystroke dynamics, which involves analyzing the typing patterns of users. In this research, the Deep Belief Nets (DBN) model is used to implement a dynamic keystroke technique for secure e-assessment. The proposed system extracts various features from the pressure-time measurements, digraphs (dwell time and flight time), trigraphs, and n-graphs, and uses these features to classify the user's identity by applying the DBN algorithm to a dataset collected from participants who typed free text using a standard QWERTY keyboard in a neutral state without inducing specific emotions. The DBN model is designed to detect cheating attempts and is tested on a dataset collected from the proposed e-assessment system using free text. The implementation of the DBN results in an error rate of 5% and an accuracy of 95%, indicating that the system is effective in identifying users' identities and cheating, providing a secure e-assessment approach

Investigating keystroke dynamics as a two-factor biometric security

Thesis submitted in partial fulfillment of the requirements for the Degree of Master of Science in Information Systems Security (MSc.ISS) at Strathmore UniversityKeystroke dynamics is the study of how people can be distinguished based on their typing rhythms. This proposal aims at investigating user authentication approaches and how keystroke dynamics can be used to enhance user authentication and access control. With more users embracing technologies and using applications without necessarily understanding the security repercussions, a further protection mechanism needs to be employed. It emphasizes on the need of an additional layer of security, through keystroke dynamics, on top of the traditional username-password combination to enhance security during authentication. It also proposes the use of a machine learning classifier for possible application in keystroke dynamics to verify and validate the legitimacy of a user during authentication

Vulnerability analysis of cyber-behavioral biometric authentication

Research on cyber-behavioral biometric authentication has traditionally assumed naïve (or zero-effort) impostors who make no attempt to generate sophisticated forgeries of biometric samples. Given the plethora of adversarial technologies on the Internet, it is questionable as to whether the zero-effort threat model provides a realistic estimate of how these authentication systems would perform in the wake of adversity. To better evaluate the efficiency of these authentication systems, there is need for research on algorithmic attacks which simulate the state-of-the-art threats. To tackle this problem, we took the case of keystroke and touch-based authentication and developed a new family of algorithmic attacks which leverage the intrinsic instability and variability exhibited by users\u27 behavioral biometric patterns. For both fixed-text (or password-based) keystroke and continuous touch-based authentication, we: 1) Used a wide range of pattern analysis and statistical techniques to examine large repositories of biometrics data for weaknesses that could be exploited by adversaries to break these systems, 2) Designed algorithmic attacks whose mechanisms hinge around the discovered weaknesses, and 3) Rigorously analyzed the impact of the attacks on the best verification algorithms in the respective research domains. When launched against three high performance password-based keystroke verification systems, our attacks increased the mean Equal Error Rates (EERs) of the systems by between 28.6% and 84.4% relative to the traditional zero-effort attack. For the touch-based authentication system, the attacks performed even better, as they increased the system\u27s mean EER by between 338.8% and 1535.6% depending on parameters such as the failure-to-enroll threshold and the type of touch gesture subjected to attack. For both keystroke and touch-based authentication, we found that there was a small proportion of users who saw considerably greater performance degradation than others as a result of the attack. There was also a sub-set of users who were completely immune to the attacks. Our work exposes a previously unexplored weakness of keystroke and touch-based authentication and opens the door to the design of behavioral biometric systems which are resistant to statistical attacks