Keystroke Biometrics for Freely Typed Text Based on CNN model

Keystroke biometrics, as an authentication method with advantages of no extra hardware cost, easy-to-integrate and high-security, has attracted much attention in user authentication. However, a mass of researches on keystroke biometrics have focused on the fixed-text analysis, while only a few took free-text analysis into consideration. And in the field of free-text analysis, most researchers usually devote their efforts to extracting the most appropriate keystroke features on their own experience. These methods were inevitably questionable due to their strong subjectivity. In this paper we proposed a multi-user keystroke authentication scheme based on CNN model, which can automatically figure out the appropriate features for the model, adjust and optimize the model constantly to further enhance the performance of model. In the experiment on a small sample set, the performance is improved more than 10% compared with the benchmark. Our model achieves an average recognition accuracy of 92.58%, with FAR of 0.24% and FRR of 7.34%

Free-text Keystroke Authentication using Transformers: A Comparative Study of Architectures and Loss Functions

Keystroke biometrics is a promising approach for user identification and verification, leveraging the unique patterns in individuals' typing behavior. In this paper, we propose a Transformer-based network that employs self-attention to extract informative features from keystroke sequences, surpassing the performance of traditional Recurrent Neural Networks. We explore two distinct architectures, namely bi-encoder and cross-encoder, and compare their effectiveness in keystroke authentication. Furthermore, we investigate different loss functions, including triplet, batch-all triplet, and WDCL loss, along with various distance metrics such as Euclidean, Manhattan, and cosine distances. These experiments allow us to optimize the training process and enhance the performance of our model. To evaluate our proposed model, we employ the Aalto desktop keystroke dataset. The results demonstrate that the bi-encoder architecture with batch-all triplet loss and cosine distance achieves the best performance, yielding an exceptional Equal Error Rate of 0.0186%. Furthermore, alternative algorithms for calculating similarity scores are explored to enhance accuracy. Notably, the utilization of a one-class Support Vector Machine reduces the Equal Error Rate to an impressive 0.0163%. The outcomes of this study indicate that our model surpasses the previous state-of-the-art in free-text keystroke authentication. These findings contribute to advancing the field of keystroke authentication and offer practical implications for secure user verification systems

TypeFormer: Transformers for Mobile Keystroke Biometrics

The broad usage of mobile devices nowadays, the sensitiveness of the information contained in them, and the shortcomings of current mobile user authentication methods are calling for novel, secure, and unobtrusive solutions to verify the users' identity. In this article, we propose TypeFormer, a novel Transformer architecture to model free-text keystroke dynamics performed on mobile devices for the purpose of user authentication. The proposed model consists in Temporal and Channel Modules enclosing two Long Short-Term Memory (LSTM) recurrent layers, Gaussian Range Encoding (GRE), a multi-head Self-Attention mechanism, and a Block-Recurrent structure. Experimenting on one of the largest public databases to date, the Aalto mobile keystroke database, TypeFormer outperforms current state-of-the-art systems achieving Equal Error Rate (EER) values of 3.25% using only 5 enrolment sessions of 50 keystrokes each. In such way, we contribute to reducing the traditional performance gap of the challenging mobile free-text scenario with respect to its desktop and fixed-text counterparts. Additionally, we analyse the behaviour of the model with different experimental configurations such as the length of the keystroke sequences and the amount of enrolment sessions, showing margin for improvement with more enrolment data. Finally, a cross-database evaluation is carried out, demonstrating the robustness of the features extracted by TypeFormer in comparison with existing approaches

Applying empirical thresholding algorithm for a keystroke dynamics based authentication system

Through the application of a password-based authentication technique, users are granted permission to access a secure system when the username and password matches with that logged in database of the system. Furthermore, anyone who provides the correct username and password of a valid user will be able to log in to the secure network. In current circumstances, impostors can hack the system to obtain a user’s password, while it has also been easy to find out a person’s private password. Thus, the existing structure is exceptionally flawed. One way to strengthen the password-based authentication technique, is by keystroke dynamics. In the proposed keystroke dynamics based authentication system, despite the password match, the similarity between the typing pattern of the typed password and password samples in the training database are verified. The timing features of the user’s keystroke dynamics are collected to calculate the threshold values. In this paper, a novel algorithm is proposed to authenticate the legal users based on the empirical threshold values. The first step involves the extraction of timing features from the typed password samples. The password training database for each user is constructed using the extracted features. Moreover, the empirical threshold limits are calculated from the timing features in the database. The second step involves user authentication by applying these threshold values. The experimental analyses are carried out in MATLAB simulation, and the results indicate a significant reduction in false rejection rate and false acceptance rate. The proposed methodology yields very low equal error rate of 0.5% and the authentication accuracy of 99.5%, which are considered suitable and efficient for real-time implementation. The proposed method can be a useful resource for identifying illegal invasion and is valuable in securing the system as a correlative or substitute form of client validation

Dynamic Keystroke Technique for a Secure Authentication System based on Deep Belief Nets

The rapid growth of electronic assessment in various fields has led to the emergence of issues such as user identity fraud and cheating. One potential solution to these problems is to use a complementary authentication method, such as a behavioral biometric characteristic that is unique to each individual. One promising approach is keystroke dynamics, which involves analyzing the typing patterns of users. In this research, the Deep Belief Nets (DBN) model is used to implement a dynamic keystroke technique for secure e-assessment. The proposed system extracts various features from the pressure-time measurements, digraphs (dwell time and flight time), trigraphs, and n-graphs, and uses these features to classify the user's identity by applying the DBN algorithm to a dataset collected from participants who typed free text using a standard QWERTY keyboard in a neutral state without inducing specific emotions. The DBN model is designed to detect cheating attempts and is tested on a dataset collected from the proposed e-assessment system using free text. The implementation of the DBN results in an error rate of 5% and an accuracy of 95%, indicating that the system is effective in identifying users' identities and cheating, providing a secure e-assessment approach

Novelty detection for risk-based user authentication on mobile devices

User authentication acts as the first line of defense verifying the identity of a mobile user, often as a prerequisite to allow access to resources in a mobile device. For several decades, user authentication was based on the “something the user knows”, known also as knowledge-based user authentication. Recent studies state that although knowledge-based user authentication has been the most popular for authenticating an individual, nowadays it is no more considered secure and convenient for the mobile user as it is imposing several limitations. These limitations stress the need for the development and implementation of more secure and usable user authentication methods. Toward this direction, user authentication based on the “something the user is” has caught the attention. This category includes authentication methods which make use of human physical characteristics (also referred to as physiological biometrics), or involuntary actions (also referred to as behavioral biometrics). In particular, risk-based user authentication based on behavioral biometrics appears to have the potential to increase mobile authentication security without sacrificing usability. In this context, we, firstly, present an overview of user authentication on mobile devices and discuss risk-based user authentication for mobile devices as a suitable approach to deal with the security vs. usability challenge. Afterwards, a set of novelty detection algorithms for risk estimation is tested and evaluated to identify the most appropriate ones for risk-based user authentication on mobile devices

Multimodal Behavioral Biometric Authentication in Smartphones for Covid-19 Pandemic

The usage of mobile phones has increased multi-fold in recent decades, mostly because of their utility in most aspects of daily life, such as communications, entertainment, and financial transactions. In use cases where users’ information is at risk from imposter attacks, biometrics-based authentication systems such as fingerprint or facial recognition are considered the most trustworthy in comparison to PIN, password, or pattern-based authentication systems in smartphones. Biometrics need to be presented at the time of power-on, they cannot be guessed or attacked through brute force and eliminate the possibility of shoulder surfing. However, fingerprints or facial recognition-based systems in smartphones may not be applicable in a pandemic situation like Covid-19, where hand gloves or face masks are mandatory to protect against unwanted exposure of the body parts. This paper investigates the situations in which fingerprints cannot be utilized due to hand gloves and hence presents an alternative biometric system using the multimodal Touchscreen swipe and Keystroke dynamics pattern. We propose a HandGlove mode of authentication where the system will automatically be triggered to authenticate a user based on Touchscreen swipe and Keystroke dynamics patterns. Our experimental results suggest that the proposed multimodal biometric system can operate with high accuracy. We experiment with different classifiers like Isolation Forest Classifier, SVM, k-NN Classifier, and fuzzy logic classifier with SVM to obtain the best authentication accuracy of 99.55% with 197 users on the Samsung Galaxy S20. We further study the problem of untrained external factors which can impact the user experience of authentication system and propose a model based on fuzzy logic to extend the functionality of the system to improve under novel external effects. In this experiment, we considered the untrained external factor of ‘sanitized hands’ with which the user tries to authenticate and achieved 93.5% accuracy in this scenario. The proposed multimodal system could be one of the most sought approaches for biometrics-based authentication in smartphones in a COVID-19 pandemic situation

Behavioral biometric based personal authentication in feature phones

The usage of mobile phones has increased multifold in the recent decades mostly because of its utility in most of the aspects of daily life, such as communications, entertainment, and financial transactions. Feature phones are generally the keyboard based or lower version of touch based mobile phones, mostly targeted for efficient calling and messaging. In comparison to smart phones, feature phones have no provision of a biometrics system for the user access. The literature, have shown very less attempts in designing a biometrics system which could be most suitable to the low-cost feature phones. A biometric system utilizes the features and attributes based on the physiological or behavioral properties of the individual. In this research, we explore the usefulness of keystroke dynamics for feature phones which offers an efficient and versatile biometric framework. In our research, we have suggested an approach to incorporate the user’s typing patterns to enhance the security in the feature phone. We have applied k-nearest neighbors (k-NN) with fuzzy logic and achieved the equal error rate (EER) 1.88% to get the better accuracy. The experiments are performed with 25 users on Samsung On7 Pro C3590. On comparison, our proposed technique is competitive with almost all the other techniques available in the literature