Keystroke dynamics in the pre-touchscreen era

Biometric authentication seeks to measure an individual’s unique physiological attributes for the purpose of identity verification. Conventionally, this task has been realized via analyses of fingerprints or signature iris patterns. However, whilst such methods effectively offer a superior security protocol compared with password-based approaches for example, their substantial infrastructure costs, and intrusive nature, make them undesirable and indeed impractical for many scenarios. An alternative approach seeks to develop similarly robust screening protocols through analysis of typing patterns, formally known as keystroke dynamics. Here, keystroke analysis methodologies can utilize multiple variables, and a range of mathematical techniques, in order to extract individuals’ typing signatures. Such variables may include measurement of the period between key presses, and/or releases, or even key-strike pressures. Statistical methods, neural networks, and fuzzy logic have often formed the basis for quantitative analysis on the data gathered, typically from conventional computer keyboards. Extension to more recent technologies such as numerical keypads and touch-screen devices is in its infancy, but obviously important as such devices grow in popularity. Here, we review the state of knowledge pertaining to authentication via conventional keyboards with a view toward indicating how this platform of knowledge can be exploited and extended into the newly emergent type-based technological contexts

Assentication: User Deauthentication and Lunchtime Attack Mitigation with Seated Posture Biometric

Biometric techniques are often used as an extra security factor in authenticating human users. Numerous biometrics have been proposed and evaluated, each with its own set of benefits and pitfalls. Static biometrics (such as fingerprints) are geared for discrete operation, to identify users, which typically involves some user burden. Meanwhile, behavioral biometrics (such as keystroke dynamics) are well suited for continuous, and sometimes more unobtrusive, operation. One important application domain for biometrics is deauthentication, a means of quickly detecting absence of a previously authenticated user and immediately terminating that user's active secure sessions. Deauthentication is crucial for mitigating so called Lunchtime Attacks, whereby an insider adversary takes over (before any inactivity timeout kicks in) authenticated state of a careless user who walks away from her computer. Motivated primarily by the need for an unobtrusive and continuous biometric to support effective deauthentication, we introduce PoPa, a new hybrid biometric based on a human user's seated posture pattern. PoPa captures a unique combination of physiological and behavioral traits. We describe a low cost fully functioning prototype that involves an office chair instrumented with 16 tiny pressure sensors. We also explore (via user experiments) how PoPa can be used in a typical workplace to provide continuous authentication (and deauthentication) of users. We experimentally assess viability of PoPa in terms of uniqueness by collecting and evaluating posture patterns of a cohort of users. Results show that PoPa exhibits very low false positive, and even lower false negative, rates. In particular, users can be identified with, on average, 91.0% accuracy. Finally, we compare pros and cons of PoPa with those of several prominent biometric based deauthentication techniques

Predictive biometrics: A review and analysis of predicting personal characteristics from biometric data

Interest in the exploitation of soft biometrics information has continued to develop over the last decade or so. In comparison with traditional biometrics, which focuses principally on person identification, the idea of soft biometrics processing is to study the utilisation of more general information regarding a system user, which is not necessarily unique. There are increasing indications that this type of data will have great value in providing complementary information for user authentication. However, the authors have also seen a growing interest in broadening the predictive capabilities of biometric data, encompassing both easily definable characteristics such as subject age and, most recently, `higher level' characteristics such as emotional or mental states. This study will present a selective review of the predictive capabilities, in the widest sense, of biometric data processing, providing an analysis of the key issues still adequately to be addressed if this concept of predictive biometrics is to be fully exploited in the future

On the Design and Analysis of a Biometric Authentication System using Keystroke Dynamics

This paper proposes a portable hardware token for user authentication, it is based on the use of keystroke dynamics to verify users in a bio-metric manner. The proposed approach allows for a multifactor authentication scheme in which users are not allowed access unless they provide the correct password and their unique bio-metric signature. The proposed system is implemented in hardware and its security is evaluated

Hardware design, development and evaluation of a pressure-based typing biometrics authentication system

The hardware design of a pressure based typing biometrics authentication system (BAS) is discussed in this paper. The dynamic keystroke is represented by its time duration (t) and force (F) applied to constitute a waveform, which when concatenated compose a complete pattern for the entered password. Hardware design is the first part in designing the complete pressure-based typing (BAS) in order to ensure that the best data to represent the keystroke pattern of the user is captured. The system has been designed using LabVIEW software. Several data preprocessing techniques have been used to improve the acquired waveforms. An experiment was conducted to show the validity of the design in representing keystroke dynamics and preliminary results have shown that the designed system can successfully capture password patterns

Credential hardening by using touchstroke dynamics

Today, reliance on digital devices for daily routines has been shifted towards portable mobile devices. Therefore, the need for security enhancements within this platform is imminent. Numerous research works have been performed on strengthening password authentication by using keystroke dynamics biometrics, which involve computer keyboards and cellular phones as input devices. Nevertheless, experiments performed specifically on touch screen devices are relatively lacking. This paper describes a novel technique to strengthen security authentication systems on touch screen devices via a new sub variant behavioural biometrics called touchstroke dynamics. We capitalize on the high resolution timing latency and the pressure information on touch screen panel as feature data. Following this a light weight algorithm is introduced to calculate the similarity between feature vectors. In addition, a fusion approach is proposed to enhance the overall performance of the system to an equal error rate of 7.71% (short input) and 6.27% (long input)

I Know It\u27s You: Touch Behavioral Characteristics Recognition on Smartphone Based on Pattern Password

In recent years, pattern password has been widely used for user authentication on smartphones and other mobile devices in addition to the traditional password protection approach. However, pattern password authentication mechanism is incapable of protecting users from losses when a user\u27s login credential information is stolen. We propose an identity verification scheme based on user’s touching behaviors when inputting a pattern password on the smartphone screen. By exploiting the biometrical features, such as position, pressure, size, and time when a user inputs a pattern password to a smartphone, the proposed user verification mechanism can validate whether the user is the true owner of the smartphone. We adopted fuzzy logic, artificial neural network, and support vector machine, to build classifiers, using the behavioral data collected from 10 users. The experimental results show that all the three algorithms have significant recognition capacity, and the fuzzy logic algorithm is the best one with its false acceptance rate and false rejection rate as 4.7% and 4.468% respectively