Application of Keystroke Dynamics Modelling Techniques to Strengthen the User Identification in the Context of E-commerce

Keystroke dynamics is a biometric technique to identify users based on analysing habitual rhythm patterns in their typing behaviour. In e-commerce, this technique brings benefits to both security and the analysis of patterns of consumer behaviour. This paper focuses on analysing the keystroke dynamics against an e-commerce site for personal identification. This paper is an empirical reinforcement of previous works, with data extracted from realistic conditions that are of most interest for the practical application of modelling keystroke dynamics in free texts. It was a collaborative work with one of the leading e-commerce companies in Latin America. Experimental results showed that it was possible to identify typists with an accuracy of 89% from a sampling of 300 randomly selected users just by reading comment field keystrokes.VII Workshop Seguridad Informática (WSI)Red de Universidades con Carreras en Informática (RedUNCI

Application of Keystroke Dynamics Modelling Techniques to Strengthen the User Identification in the Context of E-commerce

Keystroke dynamics is a biometric technique to identify users based on analysing habitual rhythm patterns in their typing behaviour. In e-commerce, this technique brings benefits to both security and the analysis of patterns of consumer behaviour. This paper focuses on analysing the keystroke dynamics against an e-commerce site for personal identification. This paper is an empirical reinforcement of previous works, with data extracted from realistic conditions that are of most interest for the practical application of modelling keystroke dynamics in free texts. It was a collaborative work with one of the leading e-commerce companies in Latin America. Experimental results showed that it was possible to identify typists with an accuracy of 89% from a sampling of 300 randomly selected users just by reading comment field keystrokes.VII Workshop Seguridad Informática (WSI)Red de Universidades con Carreras en Informática (RedUNCI

Recent advances in mobile touch screen security authentication methods: a systematic literature review

The security of the smartphone touch screen has attracted considerable attention from academics as well as industry and security experts. The maximum security of the mobile phone touch screen is necessary to protect the user’s stored information in the event of loss. Previous reviews in this research domain have focused primarily on biometrics and graphical passwords while leaving out PIN, gesture/pattern and others. In this paper, we present a comprehensive literature review of the recent advances made in mobile touch screen authentication techniques covering PIN, pattern/gesture, biometrics, graphical password and others. A new comprehensive taxonomy of the various multiple class authentication techniques is presented in order to expand the existing taxonomies on single class authentication techniques. The review reveals that the most recent studies that propose new techniques for providing maximum security to smartphone touch screen reveal multi-objective optimization problems. In addition, open research problems and promising future research directions are presented in the paper. Expert researchers can benefit from the review by gaining new insights into touch screen cyber security, and novice researchers may use this paper as a starting point of their inquir

Using Keystroke Dynamics and Location Verification Method for Mobile Banking Authentication.

With the rise of security attacks on mobile phones, traditional methods to authentication such as Personal Identification Numbers (PIN) and Passwords are becoming ineffective due to their limitations such as being easily forgettable, discloser, lost or stolen. Keystroke dynamics is a form of behavioral biometric based authentication where an analysis of how users type is monitored and used in authenticating users into a system. The use of location data provides a verification mechanism based on user’s location which can be obtained via their phones Global Positioning System (GPS) facility. This study evaluated existing authentication methods and their performance summarized. To address the limitations of traditional authentication methods this paper proposed an alternative authentication method that uses Keystroke dynamics and location data. To evaluate the proposed authentication method experiments were done through use of a prototype android mobile banking application that captured the typing behavior while logging in and location data from 60 users. The experiment results were lower compared to the previous studies provided in this paper with a False Rejection Rate (FRR) of 5.33% which is the percentage of access attempts by legitimate users that have been rejected by the system and a False Acceptance Rate (FAR) of 3.33% which is the percentage of access attempts by imposters that have been accepted by the system incorrectly, giving an Equal Error Rate (EER) of 4.3%.The outcome of this study demonstrated keystroke dynamics and location verification on PINs as an alternative authentication of mobile banking transactions building on current smartphones features with less implementation costs with no additional hardware compared to other biometric methods. Keywords: smartphones, biometric, mobile banking, keystroke dynamics, location verification, securit

Keystroke dynamics authentication using a small number of samples

The verification of a person’s identity is very important in today’s information society, especially in e-commerce systems and directly affects user account management and administration. Although present e-commerce systems use many modern sophisticated methods of authentication, large numbers of e-commerce systems use passwords for this purpose incessantly. However, passwords are not considered be too secure because users usually do not adhere to security policies for creating and managing theirs passwords. This problem can be solved by security policies that require the user to change the password frequently, select a completely new password, and structure the password, which places additional demands on the user. The solution is a two-factor authentication where a user needs to know the right password and at the same time, he must write this password in the correct way. Indeed, many different methods for keystroke dynamics authentication exist nowadays, but unfortunately, many of them need a large number of samples to create a stable template and therefore it is impossible use them in systems whose security policy requires frequent password change. The authors suggest a completely new method for these purposes that is enough stable even with a small number of measurements to create a template. This proposed method of keystroke dynamics authentication is validated and results are compared with existing methods both over the own dataset and the existing reference datasets. The authors believe that the proposed method will simplify the management and administration of user accounts as well as their security

Keystroke Biometrics for Freely Typed Text Based on CNN model

Keystroke biometrics, as an authentication method with advantages of no extra hardware cost, easy-to-integrate and high-security, has attracted much attention in user authentication. However, a mass of researches on keystroke biometrics have focused on the fixed-text analysis, while only a few took free-text analysis into consideration. And in the field of free-text analysis, most researchers usually devote their efforts to extracting the most appropriate keystroke features on their own experience. These methods were inevitably questionable due to their strong subjectivity. In this paper we proposed a multi-user keystroke authentication scheme based on CNN model, which can automatically figure out the appropriate features for the model, adjust and optimize the model constantly to further enhance the performance of model. In the experiment on a small sample set, the performance is improved more than 10% compared with the benchmark. Our model achieves an average recognition accuracy of 92.58%, with FAR of 0.24% and FRR of 7.34%

Applying empirical thresholding algorithm for a keystroke dynamics based authentication system

Through the application of a password-based authentication technique, users are granted permission to access a secure system when the username and password matches with that logged in database of the system. Furthermore, anyone who provides the correct username and password of a valid user will be able to log in to the secure network. In current circumstances, impostors can hack the system to obtain a user’s password, while it has also been easy to find out a person’s private password. Thus, the existing structure is exceptionally flawed. One way to strengthen the password-based authentication technique, is by keystroke dynamics. In the proposed keystroke dynamics based authentication system, despite the password match, the similarity between the typing pattern of the typed password and password samples in the training database are verified. The timing features of the user’s keystroke dynamics are collected to calculate the threshold values. In this paper, a novel algorithm is proposed to authenticate the legal users based on the empirical threshold values. The first step involves the extraction of timing features from the typed password samples. The password training database for each user is constructed using the extracted features. Moreover, the empirical threshold limits are calculated from the timing features in the database. The second step involves user authentication by applying these threshold values. The experimental analyses are carried out in MATLAB simulation, and the results indicate a significant reduction in false rejection rate and false acceptance rate. The proposed methodology yields very low equal error rate of 0.5% and the authentication accuracy of 99.5%, which are considered suitable and efficient for real-time implementation. The proposed method can be a useful resource for identifying illegal invasion and is valuable in securing the system as a correlative or substitute form of client validation

Идентификация пользователей компьютерных систем на основе динамических характеристик клавиатурного почерка

В процессе исследования проводились работы по исследованию существующих алгоритмов и методик анализа клавиатурного почерка. В результате работы был создан алгоритм, а также спроектирована и реализована система идентификации пользователей компьютерных сетей на основе динамических характеристик клавиатурного почерка.In this research I have investigated existing algorithms and methods for analyzing keystroke dynamics. As a result, an algorithm for learning and recognition was created, as well as a system for identifying users of computer networks based on characteristics of keystroke dynamics was developed and deployed