On the Design and Analysis of a Biometric Authentication System using Keystroke Dynamics

This paper proposes a portable hardware token for user authentication, it is based on the use of keystroke dynamics to verify users in a bio-metric manner. The proposed approach allows for a multifactor authentication scheme in which users are not allowed access unless they provide the correct password and their unique bio-metric signature. The proposed system is implemented in hardware and its security is evaluated

Literature Survey on Keystroke Dynamics for User Authentication

Behavioural biometrics is the field of study related to the measure of uniquely identifying and measuring the patterns in human activities. Computer security plays a vital role as most of the sensitive data is stored on computers. Keystrokes Dynamics is a technique based on human behaviour for typing the password. Whenever any user logins into the system, username and password combinations are used for authenticating the users. The username is not secret, and the imposter acts as user to guess the password also because of simplicity of password, the system is prone to more attacks. In this case biometrics provide secure and convenient authentication. Our system uses a Support Vector Machine (SVM) which is one of the best known classifications and regression algorithm. Support Vectors (SV) that fall under different regions is separated using hyper planes linear as well as non-linear. Researchers have proved that SVM will converge to the best possible solution in very less time

Conceivable security risks and authentication techniques for smart devices

With the rapidly escalating use of smart devices and fraudulent transaction of users’ data from their devices, efficient and reliable techniques for authentication of the smart devices have become an obligatory issue. This paper reviews the security risks for mobile devices and studies several authentication techniques available for smart devices. The results from field studies enable a comparative evaluation of user-preferred authentication mechanisms and their opinions about reliability, biometric authentication and visual authentication techniques

Using Keystroke Dynamics and Location Verification Method for Mobile Banking Authentication.

With the rise of security attacks on mobile phones, traditional methods to authentication such as Personal Identification Numbers (PIN) and Passwords are becoming ineffective due to their limitations such as being easily forgettable, discloser, lost or stolen. Keystroke dynamics is a form of behavioral biometric based authentication where an analysis of how users type is monitored and used in authenticating users into a system. The use of location data provides a verification mechanism based on user’s location which can be obtained via their phones Global Positioning System (GPS) facility. This study evaluated existing authentication methods and their performance summarized. To address the limitations of traditional authentication methods this paper proposed an alternative authentication method that uses Keystroke dynamics and location data. To evaluate the proposed authentication method experiments were done through use of a prototype android mobile banking application that captured the typing behavior while logging in and location data from 60 users. The experiment results were lower compared to the previous studies provided in this paper with a False Rejection Rate (FRR) of 5.33% which is the percentage of access attempts by legitimate users that have been rejected by the system and a False Acceptance Rate (FAR) of 3.33% which is the percentage of access attempts by imposters that have been accepted by the system incorrectly, giving an Equal Error Rate (EER) of 4.3%.The outcome of this study demonstrated keystroke dynamics and location verification on PINs as an alternative authentication of mobile banking transactions building on current smartphones features with less implementation costs with no additional hardware compared to other biometric methods. Keywords: smartphones, biometric, mobile banking, keystroke dynamics, location verification, securit

How to improve performance of Neural Network in the hardened password mechanism

A wide variety of systems, ubiquitous in our dailyactivities, require personal identification schemes that verify theidentity of individual requesting their services. A non exhaustivelist of such application includes secure access to buildings,computer systems, cellular phones, ATMs, crossing of nationalborders, boarding of planes among others. In the absence ofrobust schemes, these systems are vulnerable to the wiles of animpostor. Current systems are based on the three vertex of theauthentication triangle which are, possession of the token,knowledge of a secret and possessing the required biometric. Dueto weaknesses of the de facto password scheme, inclusion of itsinherent keystroke rhythms, have been proposed and systems thatimplement such security measures are also on the market. Thiscorrespondence investigates possibility and ways for optimisingperformance of hardened password mechanism using the widelyaccepted Neural Network classifier. It represents continuation ofa previous work in that direction

A Review of Password-less User Authentication Schemes

Since the demise of the password was predicted in 2004, different attempts in industry and academia have been made to create an alternative for the use of passwords in authentication, without compromising on security and user experience. This review examines password-less authentication schemes that have been proposed since after the death knell was placed on passwords in 2004. We start with a brief discussion of the requirements of authentication systems and then identify various password-less authentication proposals to date. We then evaluate the truly password-less and practical schemes using a framework that examines authentication credentials based on their impact on user experience, overall security, and ease of deployment. The findings of this review observe a difficulty in balancing security with a user experience compared to that of passwords in new password-less schemes, providing the opportunity for new applied research to leverage existing knowledge and combine technologies and techniques in innovative ways that can address this imbalance.Comment: 6 pages, submitted to Internet Technology Letter

Combating shoulder-surfing: a hidden button gesture based scheme

This project describes an authentication technique that is shoulder-surfing resistant. Shoulder surfing is an attack in which an attacker can get access to private information by observing the user’s interaction with a terminal, or by using recording tools to record the user interaction and study the obtained data, with the objective of obtaining unauthorized access to a target user’s personal information. The technique described here relies on gestural analysis coupled with a secondary channel of authentication that uses button pressing. The thesis presents and evaluates multiple alternative algorithms for gesture analysis, and furthermore assesses the effectiveness of the technique.Universidade da Madeir

Perceiving is Believing. Authentication with Behavioural and Cognitive Factors

Most computer users have experienced login problems such as, forgetting passwords, loosing token cards and authentication dongles, failing that complicated screen pattern once again, as well as, interaction difficulties in usability. Facing the difficulties of non-flexible strong authentication solutions, users tend to react with poor acceptance or to relax the assumed correct use of authentication procedures and devices, rendering the intended security useless. Biometrics can, sort of, solve some of those problems. However, despite the vast research, there is no perfect solution into designing a secure strong authentication procedure, falling into a trade off between intrusiveness, effectiveness, contextual adequacy and security guarantees. Taking advantage of new technology, recent research onmulti-modal, behavioural and cognitive oriented authentication proposals have sought to optimize trade off towards precision and convenience, reducing intrusiveness for the same amount of security. But these solutions also fall short with respect to different scenarios. Users perform currently multiple authentications everyday, through multiple devices, in panoply of different situations, involving different resources and diverse usage contexts, with no "better authentication solution" for all possible purposes. The proposed framework enhances the recent research in user authentication services with a broader view on the problems involving each solution, towards an usable secure authentication methodology combining and exploring the strengths of each method. It will than be used to prototype instances of new dynamic multifactor models (including novel models of behavioural and cognitive biometrics), materializing the PiB (perceiving is believing) authentication. Ultimately we show how the proposed framework can be smoothly integrated in applications and other authentication services and protocols, namely in the context of SSO Authentication Services and OAuth