Username and password verification through keystroke dynamics

Most computer systems rely on usernames and passwords as a mechanism for access control and authentication of authorized users. These credential sets offer marginal protection to a broad scope of applications with differing levels of sensitivity. Traditional physiological biometric systems such as fingerprint, face, and iris recognition are not readily deployable in remote authentication schemes. Keystroke dynamics provide the ability to combine the ease of use of username/password schemes with the increased trustworthiness associated with biometrics. Our research extends previous work on keystroke dynamics by incorporating shift-key patterns. The system is capable of operating at various points on a traditional ROC curve depending on application specific security needs. A 1% False Accept Rate is attainable at a 14% False Reject Rate for high security systems. An Equal Error Rate of 5% can be obtained in lower security systems. As a username password authentication scheme, our approach decreases the penetration rate associated with compromised passwords by 95--99%

Establishing the digital chain of evidence in biometric systems

Traditionally, a chain of evidence or chain of custody refers to the chronological documentation, or paper trail, showing the seizure, custody, control, transfer, analysis, and disposition of evidence, physical or electronic. Whether in the criminal justice system, military applications, or natural disasters, ensuring the accuracy and integrity of such chains is of paramount importance. Intentional or unintentional alteration, tampering, or fabrication of digital evidence can lead to undesirable effects. We find despite the consequences at stake, historically, no unique protocol or standardized procedure exists for establishing such chains. Current practices rely on traditional paper trails and handwritten signatures as the foundation of chains of evidence.;Copying, fabricating or deleting electronic data is easier than ever and establishing equivalent digital chains of evidence has become both necessary and desirable. We propose to consider a chain of digital evidence as a multi-component validation problem. It ensures the security of access control, confidentiality, integrity, and non-repudiation of origin. Our framework, includes techniques from cryptography, keystroke analysis, digital watermarking, and hardware source identification. The work offers contributions to many of the fields used in the formation of the framework. Related to biometric watermarking, we provide a means for watermarking iris images without significantly impacting biometric performance. Specific to hardware fingerprinting, we establish the ability to verify the source of an image captured by biometric sensing devices such as fingerprint sensors and iris cameras. Related to keystroke dynamics, we establish that user stimulus familiarity is a driver of classification performance. Finally, example applications of the framework are demonstrated with data collected in crime scene investigations, people screening activities at port of entries, naval maritime interdiction operations, and mass fatality incident disaster responses

Protecting Iris Images through Asymmetric Digital Watermarking

Abstract protecting such systems, no system is completely impenetrable. Therefore, protection mechanisms must be in place When biometric systems require raw images to be stored even after decryption, and replaceability of authentication in centralized databases, it is imperative that appropriate credentials must be available regardless ofthe biometric nameasures are taken to secure these images. A combination ture ofthe data [5]. We propose a framework that combines ofasymmetric digital watermarking and cryptography can biometric watermarking and public key cryptography to adserve as apowerful mechanismforfacilitating such security dress the aforementioned challenges. Using voice feature needs. The combination ofthese techniques enables the sys- descriptors to watermarkraw iris images, the proposed system to handle many issues associatedwith storing and using tem offers multiple levels of authentication through a (poraw biometric data. In this paper, we propose aframework tentially) multibiometric arrangement, while also offering that encodes voice feature descriptors in raw iris images data integrity and non-repudiation of origin through asymthereby offering an example ofa secure biometric system. metric cryptography. Through watermarking, the scheme The contributions of this work are asfollows: application offers another degree of protection in terms of tracking the ofbiometric watermarking to iris images in order toprovide origin of data, adds another layer of authentication, and iman added level ofauthentication; a mechanism to validate proves the degree ofbiometric replaceability by encoding a the originating source of iris images; understanding levels behavioral biometric into the raw image. By varying input in which watermarks can be compromised in a biometric parameters of the encoder, the watermarks can offer sevsystem; and implementation ofan asymmetric watermark- eral degrees of robustness while leaving the matching peringframework. formance of both the primary (iris) and secondary (voice) biometrics virtually unaffected. In this work, we will test the effect ofthe watermarking scheme on iris image quality 1

Comparing design and code metrics for software quality prediction

The prediction of fault-prone modules continues to attract interest due to the significant impact it has on software quality assurance. One of the most important goals of such techniques is to accurately predict the modules where faults are likely to hide as early as possible in the development lifecycle. Design, code, and most recently, requirements metrics have been successfully used for predicting fault-prone modules. The goal of this paper is to compare the performance of predictive models which use design-level metrics with those that use code-level metrics and those that use both. We analyze thirteen datasets from NASA Metrics Data Program which offer design as well as code metrics. Using a range of modeling techniques and statistical significance tests, we confirmed that models built from code metrics typically outperform design metrics based models. However, both types of models prove to be useful as they can be constructed in different project phases. Code-based models can be used to increase the performance of design-level models and, thus, increase the efficiency of assigning verification and validation activities late in the development lifecycle. We also conclude that models that utilize a combination of design and code level metrics outperform models which use either one or the other metric set