Francesco Bergadano
Abstract
Unlike other access control systems based on biometric features, keystroke analysis has not led to techniques providing an acceptable level of accuracy. The reason is probably the intrinsic variability of typing dynamics, versus other---very stable---biometric characteristics, such as face or fingerprint patterns. In this paper we present an original measure for keystroke dynamics that limits the instability of this biometric feature. We have tested our approach on 154 individuals, achieving a False Alarm Rate of about 4% and an Impostor Pass Rate of less than 0.01%. This performance is reached using the same sampling text for all the individuals, allowing typing errors, without any specific tailoring of the authentication system with respect to the available set of typing samples and users, and collecting the samples over a 28.8-Kbaud remote modem connection.
- Ashbourn. J. 2000a. Biometrics: Advanced Identity Verification. The Complete Guide. Springer-Verlag, London, Great Britain. Google Scholar
- Ashbourn, J. 2000b. The distinction between authentication and identification. Paper available at the Avanti Biometric Reference Site. (homepage.ntlworld.com/avanti)Google Scholar
- Axelsson, S. 2000a. Intrusion detection systems: A taxonomy and survey. Tech. Rep: 99-15. Dept. Computer Engineering, Chalmer University of Technology, Sweden, March. Paper available at www.ce.chalmers.se/staff/sax/taxonomy.ps.Google Scholar
- Axelsson, S. 2000b. The base-rate fallacy and the difficulty of intrusion detection. ACM Trans. Inf. Syst. Sec. 3, 3, 186--205. Google Scholar
- Bleha, S., Slivinsky, C., and Hussein. B., 1990. Computer-access security systems using keystroke dynamics. IEEE Trans. Patt. Anal. Mach. Int. PAMI-12, 12, 1217--1222. Google Scholar
- Brown, M. and Rogers, S. J. 1993. User identification via keystroke characteristics of typed names using neural networks. Int. J. Man-Mach. Stud. 39, 999--1014. Google Scholar
- Brown, M. E. and Rogers, S. J. 1996. Method and apparatus for verification of a computer user's identification, based on keystroke characteristics. Patent Number 5,557,686, U.S. Patent and Trademark Office, Washington, D.C., Sept.Google Scholar
- Burton, M. C. 2001. The value of web log data in use-based design and testing. J. Comput. Med. Commun. 6, 3. Also available at: www.ascusc.org/jcmc/vol6/issue3/burton.htmlGoogle Scholar
- Commun. ACM, Special issue on Personalization. Volume 43, Number 8. 2000.Google Scholar
- Davison, B. 2001. A web caching primer. IEEE Internet Comput. 5, 4, 38--45. Google Scholar
- Furnell, S., Morrissey, J., Sanders, P., and Stockel, C. 1996. Applications of keystroke analysis for improved login security and continuous user authentication. In Proceedings of the Information and System Security Conference. pp. 283--294. Google Scholar
- Gaines, R., Lisowski, W., Press, S., and Shapiro, N. 1980. Authentication by keystroke timing: Some preliminary results. Rand. Report R-256-NSF. Rand Corporation.Google Scholar
- Garcia, J. 1986. Personal identification apparatus. Patent Number 4,621,334, U.S. Patent and Trademark Office, Washington, D.C., Nov.Google Scholar
- Joyce, R. and Gupta, G. 1990. User authorization based on keystroke latencies. Commun. ACM 33, 2, 168--176. Google Scholar
- Leggett, J. and Williams. G. 1988. Verifying identity via keystroke characteristics. Int. J. Man-Mach. Stud. 28, 1, 67--76. Google Scholar
- Leggett, J. Williams, G., and Usnick, M. 1991. Dynamic identity verification via keystroke characteristics. Int. J. Man-Mach. Stud. 35, 859--870. Google Scholar
- Mahar, D., Napier, R., Wagner, M., Laverty, W., Henderson, R., and Hiron, M. 1995. Optimizing digraph-latency based biometric typist verification systems: inter and intra typist differences in digraph latency distributions. Int. J. Human-Comput. Stud. 43, 579--592. Google Scholar
- McHugh, J. 2000. Testing intrusion detection systems. ACM Trans. Inf. Syst. Sec. 3, 4, 262--294. Google Scholar
- Monrose, F. and Rubin, A. 1997. Authentication via keystroke dynamics. In Proceedings of the 4th ACM Conference on Computer and Communications Security. ACM, New York, pp. 48--56. Google Scholar
- Reiter, M. K., Monrose, F., and Wetzel, S. 1999. Password hardening based on keystroke dynamics. In Proceedings of the 6th ACM Conf. on Computer and Communications Security (Singapore), ACM, New York, pp. 73--82. Google Scholar
- Obaidat, M. S. and Macchairolo, D. T. 1994. A multilayer neural network system for computer access security. IEEE Trans. Syst. Man, and Cybernet. Part B: Cybernet. 24, 5, 806--812.Google Scholar
- Obaidat, M. S. and Sadoun, B. 1997a. A simulation evaluation study of neural network techniques to computer user identification. Inf. Sci. 102, 239--258. Google Scholar
- Obaidat, M. S. and Sadoun, B. 1997b. Verification of computer users using keystroke dynamics. IEEE Trans. Syst. Man, and Cybernet. Part B: Cybernet. 27, 2, 261--269. Google Scholar
- Perkowitz, M. and Etzioni, O. 2000a. Adaptive web sites: Conceptual framework and case study. Artif. Int. 118, 1, 2, 245--275. Google Scholar
- Perkowitz. M. and Etzioni, O. 2000b. Adaptive web sites. Commun. ACM 43, 8, 152--158. Google Scholar
- Pitkow, J. 1997. In search of reliable usage data on the WWW. In Proceedings of the 6th International WWW Conference (Santa Clara, Calif.). Also available at: www.parc.xerox.com/istl/ groups/uir/pubs. Google Scholar
- Polemi, D. 2000. Biometric techniques: review and evaluation of biometric techniques for identification and authentication, including an appraisal of the areas where they are most applicable. Report prepared for the European Commission DG XIII-C.4 on the Information Society Technologies (IST) (Key action 2: New Methods of Work and Electronic Commerce). Report available at: www.cordis.lu/infosec/src/stud5fr.html.Google Scholar
- Volokh, E. 2000. Personalization and Privacy. Commun. ACM 43, 8, 84--88. Google Scholar
- Vora, P., Reynolds, D., Dickinson, I., Erickson, J., and Banks, D. 2001. Privacy and Digital Rights Management. World Wide Web Consortium Workshop on Digital Rights Management for the Web. Also available at: www.w3.org/2000/12/drm-ws/pp/hp-poorvi.html.Google Scholar
- Umphress, D. and Williams, G. 1985. Identity verification through keyboard characteristics. Internat. J. Man-Mach. Stud. 23, 263--273.Google Scholar
- Young, J. R. and Hammon, R. W. 1989. Method and Apparatus for Verifying an Individual's Identity. Patent Number 4,805,222, U.S. Patent and Trademark Office, Washington, D.C., Feb.Google Scholar
Index Terms
- User authentication through keystroke dynamics
Recommendations
Keystroke analysis of free text
Keystroke dynamics can be useful to ascertain personal identity even after an authentication phase has been passed, provided that we are able to deal with the typing rhythms of free text, chosen and entered by users without any specific constraint. In ...
Non-conventional keystroke dynamics for user authentication
Non-conventional features are able to authenticate users using free-text keystrokes.Non-conventional features produce lower error rates compared with timing features.Decision trees produce better system performance compared with SVMs. This paper ...
Identity verification through dynamic keystroke analysis
Typing rhythms are the rawest form of data stemming from the interaction between users and computers. When properly sampled and analyzed, they may become a useful tool to ascertain personal identity. Moreover, unlike other biometric features, typing ...
Reviews
Jonathan K. Millen
The phrase “keystroke dynamics” in the title of this paper refers to the time intervals between keypress events. The advantage of using keystroke dynamics to identify users is that they can be collected from an ordinary keyboard, and they are well enough preserved to be useful over non-packetizing links like a modem and local Ethernet and switch connection. This paper uses trigraph lengths (first to third keypress intervals), and their ordering over a given text, to characterize a user. The degree of disorder measures the closeness of a new timing sample from the same text, which can then be used to identify the new sample as from a known user or an imposter. Parameters were tuned by experiment to yield a false alarm rate of about 4 percent, and an imposter pass rate of less than 0.01 percent. The learned model for each user came from only four samples, using a 683-character text. The degree of disorder is presented, with some pleasant mathematical motivation. The choice of features used for user classification and impostor rejection is supported by experimental results, though other choices seem possible. The results are less accurate for slower typists. About a third of the paper discusses applications and related work. Because this technique requires typing in a relatively long segment of text, it is proposed as an occasional auxiliary authentication technique, rather than as the normal method for user authentication. To mitigate replay attacks, different texts can be used if they provide sufficiently many trigraph samples, although this degrades accuracy somewhat. Overall, the paper makes its points clearly and convincingly. Online Computing Reviews Service
Access critical reviews of Computing literature here
Become a reviewer for Computing Reviews.
Comments