User authentication through keystroke dynamics

Unlike other access control systems based on biometric features, keystroke analysis has not led to techniques providing an acceptable level of accuracy. The reason is probably the intrinsic variability of typing dynamics, versus other---very stable---biometric characteristics, such as face or fingerprint patterns. In this paper we present an original measure for keystroke dynamics that limits the instability of this biometric feature. We have tested our approach on 154 individuals, achieving a False Alarm Rate of about 4% and an Impostor Pass Rate of less than 0.01%. This performance is reached using the same sampling text for all the individuals, allowing typing errors, without any specific tailoring of the authentication system with respect to the available set of typing samples and users, and collecting the samples over a 28.8-Kbaud remote modem connection.

[1]  Julian Ashbourn,et al.  Biometrics: Advanced Identity Verification , 2000, Springer London.

[2]  David Umphress,et al.  Identity Verification Through Keyboard Characteristics , 1985, Int. J. Man Mach. Stud..

[3]  Mohammad S. Obaidat,et al.  A Simulation Evaluation Study of Neural Network Techniques to Computer User Identification , 1997, Inf. Sci..

[4]  Marcus Brown,et al.  User Identification via Keystroke Characteristics of Typed Names using Neural Networks , 1993, Int. J. Man Mach. Stud..

[5]  B. Hussien,et al.  Computer-Access Security Systems Using Keystroke Dynamics , 1990, IEEE Trans. Pattern Anal. Mach. Intell..

[6]  Julian Ashbourn,et al.  Biometrics - advanced identity verification: the complete guide , 2000 .

[7]  Oren Etzioni,et al.  Towards adaptive Web sites: Conceptual framework and case study , 2000, Artif. Intell..

[8]  Mohammad S. Obaidat,et al.  A Multilayer Neural Network System for Computer Access Security , 1994, IEEE Trans. Syst. Man Cybern. Syst..

[9]  John McHugh,et al.  Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory , 2000, TSEC.

[10]  Joseph B. Walther,et al.  The Value of Web Log Data in Use-Based Design and Testing , 2006, J. Comput. Mediat. Commun..

[11]  Norman Shapiro,et al.  Authentication by Keystroke Timing: Some Preliminary Results , 1980 .

[12]  Gopal K. Gupta,et al.  Identity authentication based on keystroke latencies , 1990, Commun. ACM.

[13]  James E. Pitkow,et al.  In Search of Reliable Usage Data on the WWW , 1997, Comput. Networks.

[14]  Fabian Monrose,et al.  Authentication via keystroke dynamics , 1997, CCS '97.

[15]  Eugene Volokh,et al.  Personalization and privacy , 2000, CACM.

[16]  John J. Leggett,et al.  Dynamic Identity Verification via Keystroke Characteristics , 1991, Int. J. Man Mach. Stud..

[17]  Oren Etzioni,et al.  Adaptive Web sites , 2000, CACM.

[18]  Brian D. Davison A Web Caching Primer , 2001, IEEE Internet Comput..

[19]  Steven Furnell,et al.  Applications of keystroke analysis for improved login security and continuous user authentication , 1996, SEC.

[20]  Michael K. Reiter,et al.  Password hardening based on keystroke dynamics , 1999, CCS '99.

[21]  Mohammad S. Obaidat,et al.  Verification of computer users using keystroke dynamics , 1997, IEEE Trans. Syst. Man Cybern. Part B.

[22]  John J. Leggett,et al.  Verifying Identity via Keystroke Characteristics , 1988, Int. J. Man Mach. Stud..

[23]  Stefan Axelsson,et al.  The base-rate fallacy and the difficulty of intrusion detection , 2000, TSEC.

[24]  Doug Mahar,et al.  Optimizing digraph-latency based biometric typist verification systems: inter and intra typist differences in digraph latency distributions , 1995, Int. J. Hum. Comput. Stud..

[25]  Elizabeth B. Lennon Testing Intrusion Detection Systems , 2003 .