A changeable personal identification number-based keystroke dynamics authentication system on smart phones

One can apply cell phones to access e-bank, buy stocks, pay credit card bills, and so on. The security issues of cell phones become extremely important. Most of subscribers use personal identification number PIN codes which combined with 6-8 numbers to protect their subscriber identity module cards from illegal accesses. It is easily to be decoded by the dictionary attack or shoulder surfing attack. Many studies employed keystroke dynamics to protect the PIN code, and the relative results exhibit that keystroke dynamics can indeed improve the security of a PIN code. However, the traditional keystroke dynamics-based authentication KDA system has to collect user's keystroke dynamics firstly and then produce a unique personal biometrics. It is inconvenient for users when changing their PIN codes is required, because the corresponding KDA systems should be retrained. To solve the previously mentioned drawbacks, this paper proposes a novel technique that allows users to change their PIN codes anytime without any extra retraining. This technique not only enhance the security of the PIN codes but also enrich the security of accessing e-bank, buying stocks, paying credit card bill, and other service via smart phones. Conducted experiment results show that the proposed system can effectively improve the KDA system to distinguish legitimate users and impostors even when users change their original passwords. Copyright © 2015 John Wiley & Sons, Ltd.

[1]  Michael R Chernick,et al.  Bootstrap Methods: A Guide for Practitioners and Researchers , 2007 .

[2]  Christine L. MacKenzie,et al.  Computer user verification using login string keystroke dynamics , 1998, IEEE Trans. Syst. Man Cybern. Part A.

[3]  Jiankun Hu,et al.  A k-Nearest Neighbor Approach for User Authentication through Biometric Keystroke Dynamics , 2008, 2008 IEEE International Conference on Communications.

[4]  H. Saevanee,et al.  User Authentication Using Combination of Behavioral Biometrics over the Touchpad Acting Like Touch Screen of Mobile Device , 2008, 2008 International Conference on Computer and Electrical Engineering.

[5]  Alessandro Neri,et al.  User authentication using keystroke dynamics for cellular phones , 2009 .

[6]  Der-Jiunn Deng,et al.  Secure authentication mechanism for RFID tag in WLAN convergence 3G networks , 2012, Secur. Commun. Networks.

[7]  Cheng-Jung Tsai,et al.  An approach for user authentication on non-keyboard devices using mouse click characteristics and statistical-based classification , 2012 .

[8]  Stephen J. Elliott,et al.  An Introduction to Biometrics Technology: Its Place in Technology Education , 2004 .

[9]  Mao-Lun Chiang,et al.  A simple keystroke dynamics-based authentication system using means and standard deviations , 2012 .

[10]  G.C. Boechat,et al.  Authentication personal , 2007, 2007 International Conference on Intelligent and Advanced Systems.

[11]  Ting-Yi Chang,et al.  Two novel biometric features in keystroke dynamics authentication systems for touch screen devices , 2014, Secur. Commun. Networks.

[12]  M.J.E. Salami,et al.  Dynamic keystroke analysis using AR model , 2004, 2004 IEEE International Conference on Industrial Technology, 2004. IEEE ICIT '04..

[13]  B. Hussien,et al.  Computer-Access Security Systems Using Keystroke Dynamics , 1990, IEEE Trans. Pattern Anal. Mach. Intell..

[14]  Tom Fawcett,et al.  An introduction to ROC analysis , 2006, Pattern Recognit. Lett..

[15]  Jan H. P. Eloff,et al.  Enhanced Password Authentication through Fuzzy Logic , 1997, IEEE Expert.

[16]  Sungzoon Cho,et al.  Keystroke dynamics identity verification - its problems and practical solutions , 2004, Comput. Secur..

[17]  Baptiste Hemery,et al.  Unconstrained keystroke dynamics authentication with shared secret , 2011, Comput. Secur..

[18]  Lee Luan Ling,et al.  User authentication through typing biometrics features , 2005 .

[19]  A. Shiozaki,et al.  Biometric Verification Using Keystroke Motion and Key Press Timing for ATM User Authentication , 2006, 2006 International Symposium on Intelligent Signal Processing and Communications.

[20]  Cheng-Jung Tsai,et al.  A graphical-based password keystroke dynamic authentication system for touch screen handheld mobile devices , 2012, J. Syst. Softw..

[21]  Hyoungjoo Lee,et al.  Retraining a keystroke dynamics-based authenticator with impostor patterns , 2007, Comput. Secur..

[22]  Steven Furnell,et al.  Keystroke dynamics on a mobile handset: a feasibility study , 2003, Inf. Manag. Comput. Secur..

[23]  M.-H. Guo,et al.  Centralised conference key mechanism with elliptic curve cryptography and lagrange interpolation for sensor networks , 2011, IET Commun..

[24]  Sungzoon Cho,et al.  Keystroke dynamics-based authentication for mobile devices , 2009, Comput. Secur..

[25]  Steven Furnell,et al.  Authenticating mobile phone users using keystroke analysis , 2006, International Journal of Information Security.

[26]  Norman Shapiro,et al.  Authentication by Keystroke Timing: Some Preliminary Results , 1980 .