A graphical-based password keystroke dynamic authentication system for touch screen handheld mobile devices

Since touch screen handheld mobile devices have become widely used, people are able to access various data and information anywhere and anytime. Most user authentication methods for these mobile devices use PIN-based (Personal Identification Number) authentication, since they do not employ a standard QWERTY keyboard for conveniently entering text-based passwords. However, PINs provide a small password space size, which is vulnerable to attacks. Many studies have employed the KDA (Keystroke Dynamic-based Authentication) system, which is based on keystroke time features to enhance the security of PIN-based authentication. Unfortunately, unlike the text-based password KDA systems in QWERTY keyboards, different keypad sizes or layouts of mobile devices affect the PIN-based KDA system utility. This paper proposes a new graphical-based password KDA system for touch screen handheld mobile devices. The graphical password enlarges the password space size and promotes the KDA utility in touch screen handheld mobile devices. In addition, this paper explores a pressure feature, which is easy to use in touch screen handheld mobile devices, and applies it in the proposed system. The experiment results show: (1) EER is 12.2% in the graphical-based password KDA proposed system. Compared with related schemes in mobile devices, this effectively promotes KDA system utility; (2) EER is reduced to 6.9% when the pressure feature is used in the proposed system. The accuracy of authenticating keystroke time and pressure features is not affected by inconsistent keypads since the graphical passwords are entered via an identical size (50mmx60mm) human-computer interface for satisfying the lowest touch screen size and a GUI of this size is displayed on all mobile devices.

[1]  B. Hussien,et al.  Computer-Access Security Systems Using Keystroke Dynamics , 1990, IEEE Trans. Pattern Anal. Mach. Intell..

[2]  Tom Fawcett,et al.  An introduction to ROC analysis , 2006, Pattern Recognit. Lett..

[3]  H. Saevanee,et al.  User Authentication Using Combination of Behavioral Biometrics over the Touchpad Acting Like Touch Screen of Mobile Device , 2008, 2008 International Conference on Computer and Electrical Engineering.

[4]  Eiji Okamoto,et al.  A User Identification System Using Signature Written with Mouse , 1998, ACISP.

[5]  Jean M. Mandler,et al.  Long-Term Memory for Pictures. , 1977 .

[6]  Kenneth Revett,et al.  Enhancing Login Security Through the Use of Keystroke Input Dynamics , 2006, ICB.

[7]  Ting-Yi Chang,et al.  A Personalized Rhythm Click-Based Authentication System , 2010, Inf. Manag. Comput. Secur..

[8]  Reto Meier Professional Android Application Development , 2008 .

[9]  Sungzoon Cho,et al.  Improving authentication accuracy using artificial rhythms and cues for keystroke dynamics-based authentication , 2009, Expert Syst. Appl..

[10]  Lee Luan Ling,et al.  User authentication through typing biometrics features , 2005 .

[11]  Roy A. Maxion,et al.  Comparing anomaly-detection algorithms for keystroke dynamics , 2009, 2009 IEEE/IFIP International Conference on Dependable Systems & Networks.

[12]  Nasir D. Memon,et al.  PassPoints: Design and longitudinal evaluation of a graphical password system , 2005, Int. J. Hum. Comput. Stud..

[13]  Claudia Picardi,et al.  User authentication through keystroke dynamics , 2002, TSEC.

[14]  Norman Shapiro,et al.  Authentication by Keystroke Timing: Some Preliminary Results , 1980 .

[15]  Susan Wiedenbeck,et al.  Authentication Using Graphical Passwords: Basic Results , 2005 .

[16]  Wayne A. Jansen,et al.  Authenticating Users on Handheld Devices , 2003 .

[17]  G. Ritchey,et al.  Long-Term Memory for Pictures , 2005 .

[18]  Sajjad Haider,et al.  A multi-technique approach for user identification through keystroke dynamics , 2000, Smc 2000 conference proceedings. 2000 ieee international conference on systems, man and cybernetics. 'cybernetics evolving to systems, humans, organizations, and their complex interactions' (cat. no.0.

[19]  Alessandro Neri,et al.  User authentication using keystroke dynamics for cellular phones , 2009 .

[20]  Michael K. Reiter,et al.  The Design and Analysis of Graphical Passwords , 1999, USENIX Security Symposium.

[21]  W. Jansen,et al.  Authenticating Mobile Device UsersThrough Image Selection , 2004 .

[22]  Adrian Perrig,et al.  This copyright notice must be included in the reproduced paper. USENIX acknowledges all trademarks herein. Déjà Vu: A User Study Using Images for Authentication , 2000 .

[23]  Michael R Chernick,et al.  Bootstrap Methods: A Guide for Practitioners and Researchers , 2007 .

[24]  Baptiste Hemery,et al.  Unconstrained keystroke dynamics authentication with shared secret , 2011, Comput. Secur..

[25]  Jan H. P. Eloff,et al.  Enhanced Password Authentication through Fuzzy Logic , 1997, IEEE Expert.

[26]  N. Sangeetha,et al.  AUTHENTICATING MOBILE DEVICE USERS THROUGH IMAGE SELECTION , 2013 .

[27]  Mao-Lun Chiang,et al.  A simple keystroke dynamics-based authentication system using means and standard deviations , 2012 .

[28]  Lee Luan Ling,et al.  User authentication through typing biometrics features , 2005, IEEE Transactions on Signal Processing.

[29]  J. Kase Graphical Passwords , 2008 .

[30]  G.C. Boechat,et al.  Authentication personal , 2007, 2007 International Conference on Intelligent and Advanced Systems.

[31]  Jiankun Hu,et al.  Correlation Keystroke Verification Scheme for User Access Control in Cloud Computing Environment , 2011, Comput. J..

[32]  Wei Hu,et al.  The Security Analysis of Graphical Passwords , 2010, 2010 International Conference on Communications and Intelligence Information Security.

[33]  Steven Furnell,et al.  Authenticating mobile phone users using keystroke analysis , 2006, International Journal of Information Security.

[34]  Sungzoon Cho,et al.  Keystroke dynamics-based authentication for mobile devices , 2009, Comput. Secur..

[35]  M. Angela Sasse,et al.  Are Passfaces More Usable Than Passwords? A Field Trial Investigation , 2000, BCS HCI.

[36]  S. S. Dlay,et al.  Performance of keystroke biometrics authentication system using artificial neural network (ANN) and distance classifier method , 2010, International Conference on Computer and Communication Engineering (ICCCE'10).

[37]  Steven Furnell,et al.  Advanced user authentication for mobile devices , 2007, Comput. Secur..