Development of a typing behaviour recognition mechanism on Android

This paper proposes a biometric authentication system which use password based and behavioural traits (typing behaviours) authentication technology to establish user’s identity on a mobile phone. The proposed system can work on the latest smart phone platform. It uses mobile devices to capture user’s keystroke data and transmit it to web server. The authentication engine will establish if a user is genuine or fraudulent. In addition, a multiplier of the standard deviation “α” has been defined which aims to achieve the balance between security and usability. Experimental results indicate that the developed authentication system is highly reliable and very secure with an equal error rate is below 7.5%

PATH: Person Authentication using Trace Histories

In this paper, a solution to the problem of Active Authentication using trace histories is addressed. Specifically, the task is to perform user verification on mobile devices using historical location traces of the user as a function of time. Considering the movement of a human as a Markovian motion, a modified Hidden Markov Model (HMM)-based solution is proposed. The proposed method, namely the Marginally Smoothed HMM (MSHMM), utilizes the marginal probabilities of location and timing information of the observations to smooth-out the emission probabilities while training. Hence, it can efficiently handle unforeseen observations during the test phase. The verification performance of this method is compared to a sequence matching (SM) method , a Markov Chain-based method (MC) and an HMM with basic Laplace Smoothing (HMM-lap). Experimental results using the location information of the UMD Active Authentication Dataset-02 (UMDAA02) and the GeoLife dataset are presented. The proposed MSHMM method outperforms the compared methods in terms of equal error rate (EER). Additionally, the effects of different parameters on the proposed method are discussed.Comment: 8 pages, 9 figures. Best Paper award at IEEE UEMCON 201

Active User Authentication for Smartphones: A Challenge Data Set and Benchmark Results

In this paper, automated user verification techniques for smartphones are investigated. A unique non-commercial dataset, the University of Maryland Active Authentication Dataset 02 (UMDAA-02) for multi-modal user authentication research is introduced. This paper focuses on three sensors - front camera, touch sensor and location service while providing a general description for other modalities. Benchmark results for face detection, face verification, touch-based user identification and location-based next-place prediction are presented, which indicate that more robust methods fine-tuned to the mobile platform are needed to achieve satisfactory verification accuracy. The dataset will be made available to the research community for promoting additional research.Comment: 8 pages, 12 figures, 6 tables. Best poster award at BTAS 201

Human-computer interaction in intelligent tutoring systems

Due to the rapid evolution of society, citizens are constantly being pressured to obtain new skills through training. The need for qualified people has grown exponentially, which means that the resources for education/training are significantly more limited, so it's necessary to create systems that can solved this problem. The implementation of Intelligent Tutoring Systems (ITS) can be one solution. Besides, ITS aims to enable users to acquire knowledge and develop skills in a specific field. To achieve this goal, the ITS should learn how to react to the actions and needs of the users, and this should be achieved in a non-intrusive and transparent way. In order to provide personalized and adapted system, it is necessary to know the preferences and habits of users. Thus, the ability to learn patterns of behaviour becomes an essential aspect for the successful implementation of an ITS. In this article, we present the student model of an ITS, in order to monitor the user's biometric behaviour and their learning style during e-learning activities. In addition, a machine learning categorization model is presented that oversees student activity during the session. Additionally, this article highlights the main biometric behavioural variations for each activity, making these attributes enable the development of machine learning classifiers to predict users' learning preferences. These results can be instrumental in improving ITS systems in e-learning environments and predict user behaviour based on their interaction with computers or other devices.This work has been supported by FCT – Fundação para a Ciência e Tecnologia within the Project Scope: UID/CEC/00319/2019

Combined scaled manhattan distance and mean of horner’s rules for keystroke dynamic authentication

Account security was determined by how well the security techniques applied by the system were used. There had been many security methods that guaranteed the security of their accounts, one of which was Keystroke Dynamic Authentication. Keystroke Dynamic Authentication was an authentication technique that utilized the typing habits of a person as a security measurement tool for the user account. From several research, the average use in the Keystroke Dynamic Authentication classification is not suitable, because a user's typing speed will change over time, maybe faster or slower depending on certain conditions. So, in this research, we proposed a combination of the Scaled Manhattan Distance method and the Mean of Horner's Rules as a classification method between the user and attacker against the Keystroke Dynamic Authentication. The reason for using Mean of Horner’s Rules can adapt to changes in values over time and based on the results can improve the accuracy of the previous method

Score Normalization for Keystroke Dynamics Biometrics

Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. A. Morales, E. Luna-Garcia, J. Fierrez and J. Ortega-Garcia, "Score normalization for keystroke dynamics biometrics," Security Technology (ICCST), 2015 International Carnahan Conference on, Taipei, 2015, pp. 223-228. doi: 10.1109/CCST.2015.7389686This paper analyzes score normalization for keystroke dynamics authentication systems. Previous studies have shown that the performance of behavioral biometric recognition systems (e.g. voice and signature) can be largely improved with score normalization and target-dependent techniques. The main objective of this work is twofold: i) to analyze the effects of different thresholding techniques in 4 different keystroke dynamics recognition systems for real operational scenarios; and ii) to improve the performance of keystroke dynamics on the basis of target-dependent score normalization techniques. The experiments included in this work are worked out over the keystroke pattern of 114 users from two different publicly available databases. The experiments show that there is large room for improvements in keystroke dynamic systems. The results suggest that score normalization techniques can be used to improve the performance of keystroke dynamics systems in more than 20%. These results encourage researchers to explore this research line to further improve the performance of these systems in real operational environments.A.M. is supported by a post-doctoral Juan de la Cierva contract by the Spanish MECD (JCI-2012-12357). This work has been partially supported by projects: Bio-Shield (TEC2012-34881) from Spanish MINECO, BEAT (FP7-SEC-284989) from EU, CECABANK and Cátedra UAM Telefónica

Identification of User Behavioural Biometrics for Authentication using Keystroke Dynamics and Machine Learning

This thesis focuses on the effective classification of the behavior of users accessing computing devices to authenticate them. The authentication is based on keystroke dynamics, which captures the users behavioral biometric and applies machine learning concepts to classify them. The users type a strong passcode ”.tie5Roanl” to record their typing pattern. In order to confirm identity, anonymous data from 94 users were collected to carry out the research. Given the raw data, features were extracted from the attributes based on the button pressed and action timestamp events. The support vector machine classifier uses multi-class classification with one vs. one decision shape function to classify different users. To reduce the classification error, it is essential to identify the important features from the raw data. In an effort to confront the generation of features from attributes an efficient feature extraction algorithm has been developed, obtaining high classification performance are now being sought. To handle the multi-class problem, the random forest classifier is used to identify the users effectively. In addition, mRMR feature selection has been applied to increase the classification performance metrics and to confirm the identity of the users based on the way they access computing devices. From the results, we conclude that device information and touch pressure effectively contribute to identifying each user. Out of them, features that contain device information are responsible for increasing the performance metrics of the system by adding a token-based authentication layer. Based upon the results, random forest yields better classification results for this dataset. The research will contribute significantly to the field of cyber-security by forming a robust authentication system using machine learning algorithms

Use of Personal Rhythm to Authenticate Encrypted Messages

When communicating using private and secure keys, there is always the doubt as to the identity of the message creator. We introduce an algorithm that uses the personal typing rhythm (keystroke dynamics) of the message originator to increase the trust of the authenticity of the message originator by the message recipient. The methodology proposes the use of a Rhythm Certificate Authority (RCA) to validate rhythm information. An illustrative example of the communication between Bob and Alice and the RCA is included. An algorithm of how to communicate with the RCA is presented. This RCA can be an independent authority or an enhanced Certificate Authority like the one used in public key infrastructure (PKI)

Application of Keystroke Dynamics Modelling Techniques to Strengthen the User Identification in the Context of E-commerce

Keystroke dynamics is a biometric technique to identify users based on analysing habitual rhythm patterns in their typing behaviour. In e-commerce, this technique brings benefits to both security and the analysis of patterns of consumer behaviour. This paper focuses on analysing the keystroke dynamics against an e-commerce site for personal identification. This paper is an empirical reinforcement of previous works, with data extracted from realistic conditions that are of most interest for the practical application of modelling keystroke dynamics in free texts. It was a collaborative work with one of the leading e-commerce companies in Latin America. Experimental results showed that it was possible to identify typists with an accuracy of 89% from a sampling of 300 randomly selected users just by reading comment field keystrokes.VII Workshop Seguridad Informática (WSI)Red de Universidades con Carreras en Informática (RedUNCI

Application of Keystroke Dynamics Modelling Techniques to Strengthen the User Identification in the Context of E-commerce

Keystroke dynamics is a biometric technique to identify users based on analysing habitual rhythm patterns in their typing behaviour. In e-commerce, this technique brings benefits to both security and the analysis of patterns of consumer behaviour. This paper focuses on analysing the keystroke dynamics against an e-commerce site for personal identification. This paper is an empirical reinforcement of previous works, with data extracted from realistic conditions that are of most interest for the practical application of modelling keystroke dynamics in free texts. It was a collaborative work with one of the leading e-commerce companies in Latin America. Experimental results showed that it was possible to identify typists with an accuracy of 89% from a sampling of 300 randomly selected users just by reading comment field keystrokes.VII Workshop Seguridad Informática (WSI)Red de Universidades con Carreras en Informática (RedUNCI