Literature Survey on Keystroke Dynamics for User Authentication

Behavioural biometrics is the field of study related to the measure of uniquely identifying and measuring the patterns in human activities. Computer security plays a vital role as most of the sensitive data is stored on computers. Keystrokes Dynamics is a technique based on human behaviour for typing the password. Whenever any user logins into the system, username and password combinations are used for authenticating the users. The username is not secret, and the imposter acts as user to guess the password also because of simplicity of password, the system is prone to more attacks. In this case biometrics provide secure and convenient authentication. Our system uses a Support Vector Machine (SVM) which is one of the best known classifications and regression algorithm. Support Vectors (SV) that fall under different regions is separated using hyper planes linear as well as non-linear. Researchers have proved that SVM will converge to the best possible solution in very less time

Swipe dynamics as a means of authentication: results from a Bayesian unsupervised approach

The field of behavioural biometrics stands as an appealing alternative to more traditional biometric systems due to the ease of use from a user perspective and potential robustness to presentation attacks. This paper focuses its attention to a specific type of behavioural biometric utilising swipe dynamics, also referred to as touch gestures. In touch gesture authentication, a user swipes across the touchscreen of a mobile device to perform an authentication attempt. A key characteristic of touch gesture authentication and new behavioural biometrics in general is the lack of available data to train and validate models. From a machine learning perspective, this presents the classic curse of dimensionality problem and the methodology presented here focuses on Bayesian unsupervised models as they are well suited to such conditions. This paper presents results from a set of experiments consisting of 38 sessions with labelled victim as well as blind and over-the-shoulder presentation attacks. Three models are compared using this dataset; two single-mode models: a shrunk covariance estimate and a Bayesian Gaussian distribution, as well as a Bayesian non-parametric infinite mixture of Gaussians, modelled as a Dirichlet Process. Equal error rates (EER) for the three models are compared and attention is paid to how these vary across the two single-mode models at differing numbers of enrolment samples.Comment: 9 pages, 7 figures; Layout and editing improve

Использование динамических биометрических характеристик для идентификации пользователя в сети

Possibilities of user identification are analyses on the features of the keystroke dynamics and dynamics of work with a mouse during the input of password during work in network applications and services. The scenarios of client-server realization of the systems of biometric authentication are presented on dynamic biometric signs. The features of every scenario are considered for a reasonable choice in certain situations.Проанализированы возможности идентификации пользователя по особенностям клавиатурного почерка и динамике работы с мышью во время ввода пароля при работе в сетевых приложениях и сервисах. Представлены сценарии клиент-серверной реализации систем биометрической идентификации по динамическим биометрическим признакам. Рассмотрены особенности каждого сценария для обоснованного выбора в конкретных ситуациях.Проаналізовані можливості ідентифікації користувача за особливостями клавіатурного почерку та динаміці роботи з мишею під час введення паролю при роботі в мережевих додатках та сервісах. Представлені сценарії клієнт-серверної реалізації систем біометричної ідентифікації за динамічними біометричними ознаками. Розглянуті особливості кожного сценарію для здійснення обґрунтованого вибору в конкретних ситуаціях

Использование динамических биометрических характеристик для идентификации пользователя в сети

Possibilities of user identification are analyses on the features of the keystroke dynamics and dynamics of work with a mouse during the input of password during work in network applications and services. The scenarios of client-server realization of the systems of biometric authentication are presented on dynamic biometric signs. The features of every scenario are considered for a reasonable choice in certain situations.Проанализированы возможности идентификации пользователя по особенностям клавиатурного почерка и динамике работы с мышью во время ввода пароля при работе в сетевых приложениях и сервисах. Представлены сценарии клиент-серверной реализации систем биометрической идентификации по динамическим биометрическим признакам. Рассмотрены особенности каждого сценария для обоснованного выбора в конкретных ситуациях.Проаналізовані можливості ідентифікації користувача за особливостями клавіатурного почерку та динаміці роботи з мишею під час введення паролю при роботі в мережевих додатках та сервісах. Представлені сценарії клієнт-серверної реалізації систем біометричної ідентифікації за динамічними біометричними ознаками. Розглянуті особливості кожного сценарію для здійснення обґрунтованого вибору в конкретних ситуаціях

Credential hardening by using touchstroke dynamics

Today, reliance on digital devices for daily routines has been shifted towards portable mobile devices. Therefore, the need for security enhancements within this platform is imminent. Numerous research works have been performed on strengthening password authentication by using keystroke dynamics biometrics, which involve computer keyboards and cellular phones as input devices. Nevertheless, experiments performed specifically on touch screen devices are relatively lacking. This paper describes a novel technique to strengthen security authentication systems on touch screen devices via a new sub variant behavioural biometrics called touchstroke dynamics. We capitalize on the high resolution timing latency and the pressure information on touch screen panel as feature data. Following this a light weight algorithm is introduced to calculate the similarity between feature vectors. In addition, a fusion approach is proposed to enhance the overall performance of the system to an equal error rate of 7.71% (short input) and 6.27% (long input)

Poisoning Attacks on Learning-Based Keystroke Authentication and a Residue Feature Based Defense

Behavioral biometrics, such as keystroke dynamics, are characterized by relatively large variation in the input samples as compared to physiological biometrics such as fingerprints and iris. Recent advances in machine learning have resulted in behaviorbased pattern learning methods that obviate the effects of variation by mapping the variable behavior patterns to a unique identity with high accuracy. However, it has also exposed the learning systems to attacks that use updating mechanisms in learning by injecting imposter samples to deliberately drift the data to impostors’ patterns. Using the principles of adversarial drift, we develop a class of poisoning attacks, named Frog-Boiling attacks. The update samples are crafted with slow changes and random perturbations so that they can bypass the classifiers detection. Taking the case of keystroke dynamics which includes motoric and neurological learning, we demonstrate the success of our attack mechanism. We also present a detection mechanism for the frog-boiling attack that uses correlation between successive training samples to detect spurious input patterns. To measure the effect of adversarial drift in frog-boiling attack and the effectiveness of the proposed defense mechanism, we use traditional error rates such as FAR, FRR, and EER and the metric in terms of shifts in biometric menagerie

A framework for continuous, transparent authentication on mobile devices

Mobile devices have consistently advanced in terms of processing power, amount of memory and functionality. With these advances, the ability to store potentially private or sensitive information on them has increased. Traditional methods for securing mobile devices, passwords and PINs, are inadequate given their weaknesses and the bursty use patterns that characterize mobile devices. Passwords and PINs are often shared or weak secrets to ameliorate the memory load on device owners. Furthermore, they represent point-of-entry security, which provides access control but not authentication. Alternatives to these traditional meth- ods have been suggested. Examples include graphical passwords, biometrics and sketched passwords, among others. These alternatives all have their place in an authentication toolbox, as do passwords and PINs, but do not respect the unique needs of the mobile device environment. This dissertation presents a continuous, transparent authentication method for mobile devices called the Transparent Authentication Framework. The Framework uses behavioral biometrics, which are patterns in how people perform actions, to verify the identity of the mobile device owner. It is transparent in that the biometrics are gathered in the background while the device is used normally, and is continuous in that verification takes place regularly. The Framework requires little effort from the device owner, goes beyond access control to provide authentication, and is acceptable and trustworthy to device owners, all while respecting the memory and processor limitations of the mobile device environment

Keystroke and Touch-dynamics Based Authentication for Desktop and Mobile Devices

The most commonly used system on desktop computers is a simple username and password approach which assumes that only genuine users know their own credentials. Once broken, the system will accept every authentication trial using compromised credentials until the breach is detected. Mobile devices, such as smart phones and tablets, have seen an explosive increase for personal computing and internet browsing. While the primary mode of interaction in such devices is through their touch screen via gestures, the authentication procedures have been inherited from keyboard-based computers, e.g. a Personal Identification Number, or a gesture based password, etc.;This work provides contributions to advance two types of behavioral biometrics applicable to desktop and mobile computers: keystroke dynamics and touch dynamics. Keystroke dynamics relies upon the manner of typing rather than what is typed to authenticate users. Similarly, a continual touch based authentication that actively authenticates the user is a more natural alternative for mobile devices.;Within the keystroke dynamics domain, habituation refers to the evolution of user typing pattern over time. This work details the significant impact of habituation on user behavior. It offers empirical evidence of the significant impact on authentication systems attempting to identify a genuine user affected by habituation, and the effect of habituation on similarities between users and impostors. It also proposes a novel effective feature for the keystroke dynamics domain called event sequences. We show empirically that unlike features from traditional keystroke dynamics literature, event sequences are independent of typing speed. This provides a unique advantage in distinguishing between users when typing complex text.;With respect to touch dynamics, an immense variety of mobile devices are available for consumers, differing in size, aspect ratio, operating systems, hardware and software specifications to name a few. An effective touch based authentication system must be able to work with one user model across a spectrum of devices and user postures. This work uses a locally collected dataset to provide empirical evidence of the significant effect of posture, device size and manufacturer on user authentication performance. Based on the results of this strand of research, we suggest strategies to improve the performance of continual touch based authentication systems

Autenticación y verificación de usuarios mediante dinámica del tecleo

Dentro del área de la autenticación biométrica, uno de los campos que ha suscitado mayor interés en los últimos años ha sido la dinámica del tecleo. En él, se estudian multitud de técnicas de clasificación de usuarios con el objetivo de encontrar un sistema de autenticación alternativo a las contraseñas utilizadas en la actualidad. Todas ellas se basan en las diferentes características biométricas que las personas mostramos al utilizar un teclado informático. Por tanto, se propone realizar un estudio de distintas técnicas de clasificación de usuarios mediante dinámica del tecleo e implementar un sistema que utilice algunas de ellas