Keystroke Dynamics for Continuous Access Control Enforcement

The weak connection between human users and their digital identities is often the target vulnerability explored by attacks to information systems. Currently, authentication mechanisms are the only barrier to prevent those attacks. Traditional password-based authentication is efficient (especially from the user point of view), but not effective -- the lack of continuous verification is a severe access control vulnerability. To overcome this issue, continuous identity monitoring is needed, operating in similar fashion to that of Intrusion Detection Systems (IDSs). However, traditional host-based IDSs are system-centric -- they monitor system events but fail on flagging malicious activity from intruders with access to the legitimate user's credentials. Therefore, extending the IDS concept to the user authentication level appears as a promising security control. The need to distinguish human users (user-centric anomaly-based detection) leads to the use of biometric features. In this paper we present a secure, reliable, inexpensive and non-intrusive technique for complementing traditional static authentication mechanisms with continuous identity verification, based on keystroke dynamics biometrics.

[1]  E. Eugene Schultz A framework for understanding and predicting insider attacks , 2002, Comput. Secur..

[2]  Fabian Monrose,et al.  Keystroke dynamics as a biometric for authentication , 2000, Future Gener. Comput. Syst..

[3]  Claudia Picardi,et al.  User authentication through keystroke dynamics , 2002, TSEC.

[4]  Allen B. Tucker,et al.  Authentication, Access Control, and Intrusion Detection , 2004 .

[5]  Pierangela Samarati,et al.  Authentication, Access Controls, and Intrusion Detection , 1997, The Computer Science and Engineering Handbook.

[6]  Jun Rekimoto,et al.  Expressive typing: a new way to sense typing pressure and its applications , 2009, CHI Extended Abstracts.

[7]  M. van Zaanen,et al.  Vibration Sensitive Keystroke Analysis , 2009 .

[8]  Stefan Axelsson,et al.  The base-rate fallacy and its implications for the difficulty of intrusion detection , 1999, CCS '99.

[9]  Fred Erlend N. Rundhaug Keystroke dynamics - Can attackers learn someone’s typing characteristics , 2007 .

[10]  John-David Marsters Keystroke dynamics as a biometric , 2009 .

[11]  Claudia Picardi,et al.  Keystroke analysis of free text , 2005, TSEC.

[12]  K M Søndergaard,et al.  [Understanding statistics?]. , 1995, Ugeskrift for laeger.

[13]  Shiuh-Pyng Shieh,et al.  Keystroke statistical learning model for web authentication , 2007, ASIACCS '07.

[14]  I. Traore,et al.  Anomaly intrusion detection based on biometrics , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.

[15]  E. Abt Understanding statistics 3 , 2010, Evidence-Based Dentistry.

[16]  Sung-Hyuk Cha,et al.  Keystroke Biometric Identification and Authentication on Long-Text Input , 2010 .

[17]  Steven Furnell,et al.  A Long-term Trial of Keystroke Profiling using Digraph, Trigraph and Keyword Latencies , 2004, SEC.

[18]  S. Liu,et al.  A practical guide to biometric security technology , 2001 .

[19]  Christine L. MacKenzie,et al.  Computer user verification using login string keystroke dynamics , 1998, IEEE Trans. Syst. Man Cybern. Part A.

[20]  David M. Lynch Securing Against Insider Attacks , 2006, Inf. Secur. J. A Glob. Perspect..