Keystroke dynamics in the pre-touchscreen era

Biometric authentication seeks to measure an individual’s unique physiological attributes for the purpose of identity verification. Conventionally, this task has been realized via analyses of fingerprints or signature iris patterns. However, whilst such methods effectively offer a superior security protocol compared with password-based approaches for example, their substantial infrastructure costs, and intrusive nature, make them undesirable and indeed impractical for many scenarios. An alternative approach seeks to develop similarly robust screening protocols through analysis of typing patterns, formally known as keystroke dynamics. Here, keystroke analysis methodologies can utilize multiple variables, and a range of mathematical techniques, in order to extract individuals’ typing signatures. Such variables may include measurement of the period between key presses, and/or releases, or even key-strike pressures. Statistical methods, neural networks, and fuzzy logic have often formed the basis for quantitative analysis on the data gathered, typically from conventional computer keyboards. Extension to more recent technologies such as numerical keypads and touch-screen devices is in its infancy, but obviously important as such devices grow in popularity. Here, we review the state of knowledge pertaining to authentication via conventional keyboards with a view toward indicating how this platform of knowledge can be exploited and extended into the newly emergent type-based technological contexts

An investigation of the predictability of the Brazilian three-modal hand-based behavioural biometric: a feature selection and feature-fusion approach

Abstract: New security systems, methods or techniques need to have their performance evaluated in conditions that closely resemble a real-life situation. The effectiveness with which individual identity can be predicted in different scenarios can benefit from seeking a broad base of identity evidence. Many approaches to the implementation of biometric-based identification systems are possible, and different configurations are likely to generate significantly different operational characteristics. The choice of implementational structure is, therefore, very dependent on the performance criteria, which is most important in any particular task scenario. The issue of improving performance can be addressed in many ways, but system configurations based on integrating different information sources are widely adopted in order to achieve this. Thus, understanding how each data information can influence performance is very important. The use of similar modalities may imply that we can use the same features. However, there is no indication that very similar (such as keyboard and touch keystroke dynamics, for example) basic biometrics will perform well using the same set of features. In this paper, we will evaluate the merits of using a three-modal hand-based biometric database for user prediction focusing on feature selection as the main investigation point. To the best of our knowledge, this is the first thought-out analysis of a database with three modalities that were collected from the same users, containing keyboard keystroke, touch keystroke and handwritten signature. First, we will investigate how the keystroke modalities perform, and then, we will add the signature in order to understand if there is any improvement in the results. We have used a wide range of techniques for feature selection that includes filters and wrappers (genetic algorithms), and we have validated our findings using a clustering technique

KBOC: Keystroke Biometrics OnGoing Competition

Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other worksThis paper presents the first Keystroke Biometrics Ongoing evaluation platform and a Competition (KBOC) organized to promote reproducible research and establish a baseline in person authentication using keystroke biometrics. The ongoing evaluation tool has been developed using the BEAT platform and includes keystroke sequences (fixedtext) from 300 users acquired in 4 different sessions. In addition, the results of a parallel offline competition based on the same data and evaluation protocol are presented. The results reported have achieved EERs as low as 5.32%, which represent a challenging baseline for keystroke recognition technologies to be evaluated on the new publicly available KBOC benchmarkA.M. and M. G.-B. are supported by a JdC contract (JCI-2012- 12357) and a FPU Fellowship from Spanish MINECO and MCD, respectively. J.M. and J.C. are supported by CAPES and CNPq (grant 304853/2015-1). This work was partially funded by the projects: CogniMetrics (TEC2015-70627-R) from MINECO FEDER and BEAT (FP7-SEC-284989) from E

Keystroke and Touch-dynamics Based Authentication for Desktop and Mobile Devices

The most commonly used system on desktop computers is a simple username and password approach which assumes that only genuine users know their own credentials. Once broken, the system will accept every authentication trial using compromised credentials until the breach is detected. Mobile devices, such as smart phones and tablets, have seen an explosive increase for personal computing and internet browsing. While the primary mode of interaction in such devices is through their touch screen via gestures, the authentication procedures have been inherited from keyboard-based computers, e.g. a Personal Identification Number, or a gesture based password, etc.;This work provides contributions to advance two types of behavioral biometrics applicable to desktop and mobile computers: keystroke dynamics and touch dynamics. Keystroke dynamics relies upon the manner of typing rather than what is typed to authenticate users. Similarly, a continual touch based authentication that actively authenticates the user is a more natural alternative for mobile devices.;Within the keystroke dynamics domain, habituation refers to the evolution of user typing pattern over time. This work details the significant impact of habituation on user behavior. It offers empirical evidence of the significant impact on authentication systems attempting to identify a genuine user affected by habituation, and the effect of habituation on similarities between users and impostors. It also proposes a novel effective feature for the keystroke dynamics domain called event sequences. We show empirically that unlike features from traditional keystroke dynamics literature, event sequences are independent of typing speed. This provides a unique advantage in distinguishing between users when typing complex text.;With respect to touch dynamics, an immense variety of mobile devices are available for consumers, differing in size, aspect ratio, operating systems, hardware and software specifications to name a few. An effective touch based authentication system must be able to work with one user model across a spectrum of devices and user postures. This work uses a locally collected dataset to provide empirical evidence of the significant effect of posture, device size and manufacturer on user authentication performance. Based on the results of this strand of research, we suggest strategies to improve the performance of continual touch based authentication systems

USER AUTHENTICATION ACROSS DEVICES, MODALITIES AND REPRESENTATION: BEHAVIORAL BIOMETRIC METHODS

Biometrics eliminate the need for a person to remember and reproduce complex secretive information or carry additional hardware in order to authenticate oneself. Behavioral biometrics is a branch of biometrics that focuses on using a person’s behavior or way of doing a task as means of authentication. These tasks can be any common, day to day tasks like walking, sleeping, talking, typing and so on. As interactions with computers and other smart-devices like phones and tablets have become an essential part of modern life, a person’s style of interaction with them can be used as a powerful means of behavioral biometrics. In this dissertation, we present insights from the analysis of our proposed set of contextsensitive or word-specific keystroke features on desktop, tablet and phone. We show that the conventional features are not highly discriminatory on desktops and are only marginally better on hand-held devices for user identification. By using information of the context, our proposed word-specific features offer superior discrimination among users on all devices. Classifiers, built using our proposed features, perform user identification with high accuracies in range of 90% to 97%, average precision and recall values of 0.914 and 0.901 respectively. Analysis of the word-based impact factors reveal that four or five character words, words with about 50% vowels, and those that are ranked higher on the frequency lists might give better results for the extraction and use of the proposed features for user identification. We also examine a large umbrella of behavioral biometric data such as; keystroke latencies, gait and swipe data on desktop, phone and tablet for the assumption of an underlying normal distribution, which is common in many research works. Using suitable nonparametric normality tests (Lilliefors test and Shapiro-Wilk test) we show that a majority of the features from all activities and all devices, do not follow a normal distribution. In most cases less than 25% of the samples that were tested had p values \u3e 0.05. We discuss alternate solutions to address the non-normality in behavioral biometric data. Openly available datasets did not provide the wide range of modalities and activities required for our research. Therefore, we have collected and shared an open access, large benchmark dataset for behavioral biometrics on IEEEDataport. We describe the collection and analysis of our Syracuse University and Assured Information Security - Behavioral Biometrics Multi-device and multi -Activity data from Same users (SU-AIS BB-MAS) Dataset. Which is an open access dataset on IEEEdataport, with data from 117 subjects for typing (both fixed and free text), gait (walking, upstairs and downstairs) and touch on Desktop, Tablet and Phone. The dataset consists a total of about: 3.5 million keystroke events; 57.1 million data-points for accelerometer and gyroscope each; 1.7 million datapoints for swipes and is listed as one of the most popular datasets on the portal (through IEEE emails to all members on 05/13/2020 and 07/21/2020). We also show that keystroke dynamics (KD) on a desktop can be used to classify the type of activity, either benign or adversarial, that a text sample originates from. We show the inefficiencies of popular temporal features for this task. With our proposed set of 14 features we achieve high accuracies (93% to 97%) and low Type 1 and Type 2 errors (3% to 8%) in classifying text samples of different sizes. We also present exploratory research in (a) authenticating users through musical notes generated by mapping their keystroke latencies to music and (b) authenticating users through the relationship between their keystroke latencies on multiple devices

Monitorización de patrones biométricos para aplicaciones web

El desarrollo tecnológico de los últimos años ha contribuido al acceso y almacenamiento masivo de información digital. Este creciente desarrollo junto con la proliferación de los servicios web, conllevan la necesidad de sistemas de gestión de identidades a gran escala. La seguridad cibernética es un asunto de gran importancia que concierne a gobiernos, empresas y usuarios. Frente a las numerosas desventajas que presentan los actuales sistemas de autenticación basados en contraseñas, como la pérdida, el robo o el hackeo, los sistemas de autenticación basados en reconocimiento biométrico se presentan como potenciales sustitutos. La dinámica de tecleo se ha convertido en un área de investigación activa debido a su bajo coste y su fácil integración en los dispositivos. Al tratarse de un rasgo biométrico de comportamiento, sus datos y resultados presentan una gran variabilidad. La normalización de resultados ha demostrado ser una técnica útil para mitigar estos efectos. En este trabajo se estudia la utilidad de la normalización de resultados en un sistema basado en dinámica de tecleo. Se realiza una evaluación de diferentes algoritmos de clasificación en dos bases de datos de características diferentes, una de desarrollo propio y otra de disponibilidad pública, estudiando el impacto de la normalización en cada una de ellas y el rendimiento de cada algoritmo. Finalmente se presentan posibles objetivos para mejorar los resultados obtenidos y línea de trabajo futuras.Technological development in recent years has contributed to the access and massive storage of digital information. This increasing development along with the proliferation ofWeb services, involve the need of management systems of large-scale identities. Cyber Security is a matter of great importance that concerns governments, companies and users. Because of the many disadvantages of the current password-based authentication systems, such as loss, theft or hacking, systems based on biometric authentication are potencial substitutes of them. Keystroke dynamics has become an active area of research because of its low cost and easy integration into devices. Due to being a behavioural biometric feature, data and results are highly variable. Score normalization has proved a useful technique to mitigate this e↵ects. This work studies the usefulness of the score normalization in a system based on keystroke dynamics. It assesses di↵erents algorithms in two di↵erent databases, one of own development and other public database. It studies the normalization impact in each database and evaluates the performance of each algorithm. Finally, potencial targets, to improve the results, and future research are presented

Identifying users using Keystroke Dynamics and contextual information

Biometric identification systems based on Keystroke Dynamics have been around for almost forty years now. There has always been a lot of interest in identifying individuals using their physiological or behavioral traits. Keystroke Dynamics focuses on the particular way a person types on a keyboard. The objective of the proposed research is to determine how well the identity of users can be established when using this biometric trait and when contextual information is also taken into account. The proposed research focuses on free text. Users were never told what to type, how or when. This particular field of Keystroke Dynamics has not been as thoroughly studied as the fixed text alternative where a plethora of methods have been tried. The proposed methods focus on the hypothesis that the position of a particular letter, or combination of letters, in a word is of high importance. Other studies have not taken into account if these letter combinations had occurred at the beginning, the middle, or the end of a word. A template of the user will be built using the context of the written words and the latency between successive keystrokes. Other features, like word length, minimum number of needed words to consider a session valid, frequency of words, model building parameters, as well as age group and gender have also been studied to determine those that better help ascertain the identity of an individual. The results of the proposed research should help determine if using Keystroke Dynamics and the proposed methodology are enough to identify users from the content they type with a good enough level of certainty. From this moment, it could be used as a method to ensure that a user is not supplanted, in authentication schemes, or even to help determine the authorship of different parts of a document written by more than one user.Els sistemes d’identificació biomètrica basades en la cadència de tecleig fa gairebé quaranta anys que s’estudien. Hi ha hagut molt interès en identificar les persones a partir de les seves característiques fisiològiques o de comportament. La cadència de tecleig és la manera en la que una persona escriu en un teclat. L’objectiu de la recerca proposada és determinar com de bé es pot arribar a identificar un individu mitjançant aquesta característica biomètrica i quan també es prenen en consideració dades contextuals. Aquesta recerca es basa en text lliure. Als usuaris mai se’ls va dir què, quan o com havien d’escriure. Aquest camp de la cadència de tecleig no ha estat tan estudiat com l’alternativa de text fix on un gran ventall de mètodes s’han provat. Els mètodes d’identificació proposats es basen en la hipòtesi que la posició d’una lletra, o combinació de lletres teclejades, en una paraula és de gran importància. Altres estudis no prenen en consideració aquesta informació, és a dir, si la combinació de lletres s’ha produït al principi, al mig o al final de la paraula. Es crearà una empremta de l’usuari tenint en compte el context de les lletres en les paraules escrites i les latències entre pulsacions successives. Altres característiques com la mida de les paraules, el nombre mínim de paraules necessari per considerar una sessió vàlida, la freqüència de mots, els paràmetres de construcció dels models, així com el grup d’edat i el gènere també s’han estudiat per determinar quines són les que millor ajuden a identificar un individu. Els resultats de la recerca proposada haurien de permetre determinar si l’ús de la cadència de tecleig i els mètodes proposats són suficients per identificar els usuaris a partir del contingut que generen, sempre amb un cert marge d’error. En cas afirmatiu es podria introduir la tècnica proposada com un mètode més per assegurar que un usuari no és suplantat, en sistemes d’autenticació, o fins i tot per ajudar a determinar l’autoria de diferents parts d’un document que ha estat escrit per més d’un usuari

Investigación reproducible: uso de la plataforma BEAT para la evaluación tecnológica de algoritmos de reconocimiento biométrico

La reproducibilidad es un tema de gran preocupación dentro de la comunidad científica. Gran cantidad de los artículos científicos que se publican en la actualidad carecen del suficiente detalle, código o datos para garantizar la reproducibilidad de los mismos por otros investigadores. En este trabajo se presenta una herramienta de evaluación tecnológica desarrollada a partir de la plataforma Biometric Evaluation and Testing (BEAT) orientada a fomentar la experimentación reproducible dentro del área del reconocimiento biométrico. Para ello, se ha propuesto una competición internacional (Keystroke Biometric Ongoing Competition - KBOC) centrada en la evaluación de sistemas de reconocimiento de usuarios a través de dinámica de tecleo. Los principales objetivos de esta competición son impulsar la investigación en dinámica de tecleo (atraer a nuevos investigadores), impulsar la plataforma BEAT y ser una base común donde comparar los sistemas biométricos. La competición incluye una de la mayores base de datos en dinámica de tecleo con más de 300 usuarios y 4 sesiones diferentes (escriben nombre y apellido). Hay dos maneras de participar en KBOC (misma base de datos para las dos): Competición Ongoing (permanecerá activa por tiempo indefinido), desarrollada en la plataforma BEAT y competición Offline que sirve de referencia para la competición Ongoing. En este TFG se introduce la plataforma (los recursos creados para la competición, etc.), se detallan las características de la competición y se presentan los resultados ongoing (experimentos facilitados por la competición) y los resultados y sistemas de los participantes en la competición offline.The reproducibility of the research is a worrisome topic among the scientific community. In this work, a tool developed under BEAT platform for technological evaluation is presented, which fosters the reproducible research inside the biometric field. In order to do that, an international competition (Keystroke Biometric Ongoing Competition) focused on the assessment of the recognition systems has been proposed by means of keystrokes dynamic. The ongoing evaluation tool has been developed using the BEAT platform and includes keystroke sequences (fixed-text) from 300 users acquired in 4 different sessions under realistic conditions. In this work, we introduce the platform, we detail the features of the competition and we present the results. In addition, the results of a parallel offline competition based on the same data and evaluation protocol are presented. The results reported have achieved EERs as low as 5.32%, which represent a challenging baseline for keystroke recognition technologies to be evaluated on the new publicly available KBOC platform

Secure entity authentication

According to Wikipedia, authentication is the act of confirming the truth of an attribute of a single piece of a datum claimed true by an entity. Specifically, entity authentication is the process by which an agent in a distributed system gains confidence in the identity of a communicating partner (Bellare et al.). Legacy password authentication is still the most popular one, however, it suffers from many limitations, such as hacking through social engineering techniques, dictionary attack or database leak. To address the security concerns in legacy password-based authentication, many new authentication factors are introduced, such as PINs (Personal Identification Numbers) delivered through out-of-band channels, human biometrics and hardware tokens. However, each of these authentication factors has its own inherent weaknesses and security limitations. For example, phishing is still effective even when using out-of-band-channels to deliver PINs (Personal Identification Numbers). In this dissertation, three types of secure entity authentication schemes are developed to alleviate the weaknesses and limitations of existing authentication mechanisms: (1) End user authentication scheme based on Network Round-Trip Time (NRTT) to complement location based authentication mechanisms; (2) Apache Hadoop authentication mechanism based on Trusted Platform Module (TPM) technology; and (3) Web server authentication mechanism for phishing detection with a new detection factor NRTT. In the first work, a new authentication factor based on NRTT is presented. Two research challenges (i.e., the secure measurement of NRTT and the network instabilities) are addressed to show that NRTT can be used to uniquely and securely identify login locations and hence can support location-based web authentication mechanisms. The experiments and analysis show that NRTT has superior usability, deploy-ability, security, and performance properties compared to the state-of-the-art web authentication factors. In the second work, departing from the Kerb eros-centric approach, an authentication framework for Hadoop that utilizes Trusted Platform Module (TPM) technology is proposed. It is proven that pushing the security down to the hardware level in conjunction with software techniques provides better protection over software only solutions. The proposed approach provides significant security guarantees against insider threats, which manipulate the execution environment without the consent of legitimate clients. Extensive experiments are conducted to validate the performance and the security properties of the proposed approach. Moreover, the correctness and the security guarantees are formally proved via Burrows-Abadi-Needham (BAN) logic. In the third work, together with a phishing victim identification algorithm, NRTT is used as a new phishing detection feature to improve the detection accuracy of existing phishing detection approaches. The state-of-art phishing detection methods fall into two categories: heuristics and blacklist. The experiments show that the combination of NRTT with existing heuristics can improve the overall detection accuracy while maintaining a low false positive rate. In the future, to develop a more robust and efficient phishing detection scheme, it is paramount for phishing detection approaches to carefully select the features that strike the right balance between detection accuracy and robustness in the face of potential manipulations. In addition, leveraging Deep Learning (DL) algorithms to improve the performance of phishing detection schemes could be a viable alternative to traditional machine learning algorithms (e.g., SVM, LR), especially when handling complex and large scale datasets