Dynamically generate a long-lived private key based on password keystroke features and neural network

It is well-known that the protection of long-lived private keys in cryptographic schemes is one of the most important issues for information security. Any cryptographic scheme that reveals private keys will soon have its security absolutely disintegrate. For example, in digital signature systems, anyone who obtains the victim's private key, authenticity and non-repudiation can no longer be claimed or proven. Because the private key is a long random bit string and should be stored securely, some special cryptographic hardware such as an IC (Integrated Circuit) card is needed to store and protect the private key. Unfortunately, the security of private keys solely depends on the vulnerable passwords. This study proposes combining a neural network technique and password keystroke features to dynamically generate a long-lived private key rather than statically stored in a storage unit. Compared with other traditional methods, even if the storage unit is lost or the password is revealed, the probability of exposing the private key is reduced.

[1]  Danoush Hosseinzadeh,et al.  Gaussian Mixture Modeling of Keystroke Patterns for Biometric Applications , 2008, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).

[2]  Dawu Gu,et al.  Provably secure three-party password-based authenticated key exchange protocol , 2012, Inf. Sci..

[3]  Jean-Yves Ramel,et al.  User Classification for Keystroke Dynamics Authentication , 2007, ICB.

[4]  Hyoungjoo Lee,et al.  Improvement of keystroke data quality through artificial rhythms and cues , 2008, Comput. Secur..

[5]  Lee Luan Ling,et al.  User authentication through typing biometrics features , 2005, IEEE Transactions on Signal Processing.

[6]  Bruce Schneier,et al.  Protecting secret keys with personal entropy , 2000, Future Gener. Comput. Syst..

[7]  Wahyudi,et al.  Keystroke Pressure-Based Typing Biometrics Authentication System Using Support Vector Machines , 2007, ICCSA.

[8]  Martin T. Hagan,et al.  Neural network design , 1995 .

[9]  Jan H. P. Eloff,et al.  Enhanced Password Authentication through Fuzzy Logic , 1997, IEEE Expert.

[10]  Hyoungjoo Lee,et al.  Retraining a keystroke dynamics-based authenticator with impostor patterns , 2007, Comput. Secur..

[11]  Christine L. MacKenzie,et al.  Computer user verification using login string keystroke dynamics , 1998, IEEE Trans. Syst. Man Cybern. Part A.

[12]  Ting Yi Chang,et al.  A Convertible Multi-Authenticated Encryption scheme for group communications , 2008, Inf. Sci..

[13]  Tzonelih Hwang,et al.  Simple password-based three-party authenticated key exchange without server public keys , 2010, Inf. Sci..

[14]  Sungzoon Cho,et al.  Keystroke dynamics-based authentication for mobile devices , 2009, Comput. Secur..

[15]  Jung Yeon Hwang,et al.  Efficient certificateless proxy signature scheme with provable security , 2012, Inf. Sci..

[16]  Sajjad Haider,et al.  A multi-technique approach for user identification through keystroke dynamics , 2000, Smc 2000 conference proceedings. 2000 ieee international conference on systems, man and cybernetics. 'cybernetics evolving to systems, humans, organizations, and their complex interactions' (cat. no.0.

[17]  Cheng-Jung Tsai,et al.  A graphical-based password keystroke dynamic authentication system for touch screen handheld mobile devices , 2012, J. Syst. Softw..

[18]  Kefei Chen,et al.  Self-generated-certificate public key encryption without pairing and its application , 2011, Inf. Sci..

[19]  Roy A. Maxion,et al.  Comparing anomaly-detection algorithms for keystroke dynamics , 2009, 2009 IEEE/IFIP International Conference on Dependable Systems & Networks.

[20]  Mao-Lun Chiang,et al.  A simple keystroke dynamics-based authentication system using means and standard deviations , 2012 .

[21]  Mohammad S. Obaidat,et al.  Verification of computer users using keystroke dynamics , 1997, IEEE Trans. Syst. Man Cybern. Part B.

[22]  Stefan C. Kremer,et al.  Spatiotemporal Connectionist Networks: A Taxonomy and Review , 2001, Neural Computation.

[23]  Yong Sheng,et al.  A parallel decision tree-based method for user authentication based on keystroke patterns , 2005, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics).

[24]  Ting-Yi Chang,et al.  A Personalized Rhythm Click-Based Authentication System , 2010, Inf. Manag. Comput. Secur..

[25]  Wei-Pang Yang,et al.  A communication-efficient three-party password authenticated key exchange protocol , 2011, Inf. Sci..