Kevin S. Killourhy
ABSTRACT
Background. One revolutionary application of keystroke dynamics is continuous reauthentication: confirming a typist's identity during normal computer usage without interrupting the user.
Aim. In laboratory evaluations, subjects are typically given transcription tasks rather than free composition (e.g., copying rather than composing text), because transcription is easier for subjects. This work establishes whether free and transcribed text produce equivalent evaluation results.
Method. Twenty subjects completed comparable transcription and free-composition tasks; two keystroke-dynamics classifiers were implemented; each classifier was evaluated using both the free-composition and transcription samples.
Results. Transcription hold and keydown-keydown times are 2--3 milliseconds slower than free-text features; t-tests showed these effects to be significant. However, these effects did not significantly change evaluation results.
Conclusions. The additional difficulty of collecting freely composed text from subjects seems unnecessary; researchers are encouraged to continue using transcription tasks.
- F. Bergadano, D. Gunetti, and C. Picardi. User authentication through keystroke dynamics. ACM Transactions on Information and System Security (ACM TISSEC), 5(4):367--397, November 2002. Google Scholar
Digital Library
- F. Bergadano, D. Gunetti, and C. Picardi. Identity verification through dynamic keystroke analysis. Intelligent Data Analysis, 7(5):469--496, October 2003. Google ScholarDigital Library
- G. E. P. Box, J. S. Hunter, and W. G. Hunter. Statistics for Experimenters: Design, Innovation, and Discovery. Wiley, New York, 2nd edition, 2005.Google Scholar
- F. Bretz, T. Hothorn, and P. Westfall. Multiple Comparisons Using R. CRC Press, Boca Raton, FL, 2011.Google Scholar
- S. K. Card, T. P. Moran, and A. Newell. The keystroke-level model for user performance time with interactive systems. Communications of the ACM, 23(7):396--410, 1980. Google ScholarDigital Library
- P. S. Dowland, S. M. Furnell, and M. Papadaki. Keystroke analysis as a method of advanced user authentication and response. In Security in the Information Society: Visions and Perspectives---Proceedings of the 17th International Conference on Information Security (SEC-2002), pages 215--226, May 7--9, 2002, Cairo, Egypt, 2002. Kluwer Academic Publishers. Google ScholarDigital Library
- S. M. Furnell, J. P. Morrissey, P. W. Sanders, and C. T. Stockel. Applications of keystroke analysis for improved login security and continuous user authentication. In S. K. Katsikas and D. Gritzalis, editors, Information Systems Security: Facing the Information Society of the 21st Century, pages 283--294. Chapman & Hall, on behalf of the International Federation for Information Processing (IFIP), 1996. Google ScholarDigital Library
- R. S. Gaines, W. Lisowski, S. J. Press, and N. Shapiro. Authentication by keystroke timing: Some preliminary results. Technical Report R-2526-NSF, RAND Corporation, May 1980.Google Scholar
- D. Gunetti and C. Picardi. Keystroke analysis of free text. ACM Transactions on Information and System Security (TISSEC), 8(3):312--347, August 2005. Google ScholarDigital Library
- T. Hastie, R. Tibshirani, and J. Friedman. The Elements of Statistical Learning: Data Mining, Inference, and Prediction. Springer Series in Statistics. Springer, New York, NY, 2001.Google Scholar
- M. H. Hennessey and A. Knutson. Norman Rockwell: Pictures for the American People. Harry N. Abrams, New York, 1999.Google Scholar
- A. Madansky. Prescriptions for Working Statisticians (Springer Texts in Statistics). Springer-Verlag, NY, 1988.Google Scholar
- A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone. Handbook of Applied Cryptography. CRC Press, Boca Raton, 1997. Google ScholarDigital Library
- F. Monrose and A. Rubin. Authentication via keystroke dynamics. In 4th ACM Conference on Computer and Communications Security (CCS 1997), pages 48--56, Apr 1--4, 1997, Zurich, Switzerland, 1997. ACM, New York, NY. Google ScholarDigital Library
- J. Montalvão, C. A. S. Almeida, and E. O. Freire. Equalization of keystroke timing histograms for improved identification performance. In International Telecommunications Symposium, pages 560--565, September 3--6, 2006, Fortaleza, Brazil, 2006. IEEE, Piscataway, NJ.Google ScholarCross Ref
- R Development Core Team. R: A Language and Environment for Statistical Computing. R Foundation for Statistical Computing, Vienna, Austria, 2008. http://www.R-project.org.Google Scholar
- T. Sim and R. Janakiraman. Are digraphs good for free-text keystroke dynamics? In IEEE Conference on Computer Vision and Pattern Recognition (CVPR), pages 1--6, June 17--22, 2007, Minneapolis, MN, 2007. IEEE Computer Society, Los Alamitos, CA.Google ScholarCross Ref
- D. Umphress and G. Williams. Identity verification through keyboard characteristics. International Journal of Man-Machine Studies, 23(3):263--273, 1985.Google ScholarCross Ref
- D. D. Wackerly, W. Mendenhall III, and R. L. Scheaffer. Mathematical Statistics with Applications. Duxbury, Thomson Learning, sixth edition, 2002.Google Scholar
Recommendations
Keystroke analysis of free text
Keystroke dynamics can be useful to ascertain personal identity even after an authentication phase has been passed, provided that we are able to deal with the typing rhythms of free text, chosen and entered by users without any specific constraint. In ...
User authentication through keystroke dynamics
Unlike other access control systems based on biometric features, keystroke analysis has not led to techniques providing an acceptable level of accuracy. The reason is probably the intrinsic variability of typing dynamics, versus other---very stable---...
Continuous authentication by free-text keystroke based on CNN plus RNN
AbstractPersonal keystroke mode is difficult to imitate and can therefore be used for identity authentication. According to the keystroke data when a person inputs free text, the keystroke habit of the person can be learned. Detecting a user’s keystroke ...
Comments