0 Keystroke Dynamics Authentication

Everybody needs to authenticate himself on his computer before using it, or even before using different applications (email, e-commerce, intranet, . . . ). Most of the times, the adopted authentication procedure is the use of a classical couple of login and password. In order to be efficient and secure, the user must adopt a strict management of its credentials (regular changing of the password, use of different credentials for different services, use of a strong password containing various types of characters and no word contained in a dictionary). As these conditions are quite strict and difficult to be applied for most users, they do not not respect them. This is a big security flaw in the authentication mechanism (Conklin et al., 2004). According to the 2002 NTA Monitor Password Survey1, a study done on 500 users shows that there is approximately 21 passwords per user, 81% of them use common passwords and 30% of them write their passwords down or store them in a file. Hence, password-based solutions suffer from several security drawbacks. A solution to this problem, is the use of strong authentication. With a strong authentication system, you need to provide, at least, two different authenticators among the three following: (a) what you know such as passwords , (b) what you own such as smart cards and (c) what you are which is inherent to your person, such as biometric data. You can adopt a more secure password-based authentication by including the keystroke dynamics verification (Gaines et al., 1980; Giot et al., 2009c). In this case, the strong authentication is provided by what we know (the password) and what we are (the way of typing it). With such a scheme, during an authentication, we verify two issues: (i) is the credential correct ? (ii) is the way of typing it similar ? If an attacker is able to steal the credential of a user, he will be rejected by the verification system because he will not be able to type the genuine password in a same manner as its owner. With this short example, we can see the benefits of this behavioral modality. Figure 1 presents the enrollment and verification schemes of keystroke dynamics authentication systems. We have seen that keystroke dynamics allows to secure the authentication process by verifying the way of typing the credentials. It can also be used to secure the session after its opening by detecting the changing of typing behavior in the session (Bergadano et al., 2002; Marsters, 2009). In this case, we talk about continuous authentication (Rao, 2005), the computer knows how the user interacts with its keyboard. It is able to recognize if another individual uses the

[1]  K. Revett,et al.  Password secured sites - stepping forward with keystroke dynamics , 2005, International Conference on Next Generation Web Services Practices (NWeSP'05).

[2]  M. Sasikumar,et al.  Recognising Emotions from Keyboard Stroke Pattern , 2010 .

[3]  Lee Luan Ling,et al.  User authentication through typing biometrics features , 2005, IEEE Transactions on Signal Processing.

[4]  Chih-Jen Lin,et al.  Combining SVMs with Various Feature Selection Strategies , 2006, Feature Extraction.

[5]  George D. C. Cavalcanti,et al.  An approach to feature selection for keystroke dynamics systems based on PSO and feature weighting , 2007, 2007 IEEE Congress on Evolutionary Computation.

[6]  Douglas A. Reynolds,et al.  SHEEP, GOATS, LAMBS and WOLVES A Statistical Analysis of Speaker Performance in the NIST 1998 Speaker Recognition Evaluation , 1998 .

[7]  Lee Luan Ling,et al.  Biometric Access Control Through Numerical Keyboards Based on Keystroke Dynamics , 2006, ICB.

[8]  Sungzoon Cho,et al.  Keystroke dynamics identity verification - its problems and practical solutions , 2004, Comput. Secur..

[9]  Christophe Rosenberger,et al.  Keystroke dynamics with low constraints SVM based passphrase enrollment , 2009, 2009 IEEE 3rd International Conference on Biometrics: Theory, Applications, and Systems.

[10]  Pingzhi Fan,et al.  Novel Impostors Detection in Keystroke Dynamics by Support Vector Machine , 2004, PDCAT.

[11]  Danoush Hosseinzadeh,et al.  Gaussian Mixture Modeling of Keystroke Patterns for Biometric Applications , 2008, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).

[12]  Christophe Rosenberger,et al.  Fast learning for multibiometrics systems using genetic algorithms , 2010, 2010 International Conference on High Performance Computing & Simulation.

[13]  Jan H. P. Eloff,et al.  Enhanced Password Authentication through Fuzzy Logic , 1997, IEEE Expert.

[14]  Fabian Monrose,et al.  Authentication via keystroke dynamics , 1997, CCS '97.

[15]  Ahmad Faris Ismail,et al.  Design and Evaluation of a Pressure-Based Typing Biometric Authentication System , 2008, EURASIP J. Inf. Secur..

[16]  Kenneth Revett,et al.  Behavioral Biometrics: A Remote Access Approach , 2008 .

[17]  Kenneth Revett A bioinformatics based approach to user authentication via keystroke dynamics , 2009 .

[18]  Christophe Rosenberger,et al.  GREYC keystroke: A benchmark for keystroke dynamics biometric systems , 2009, 2009 IEEE 3rd International Conference on Biometrics: Theory, Applications, and Systems.

[19]  Marcelo Cipriano,et al.  Collection and Publication of a Fixed Text Keystroke Dynamics Dataset , 2010 .

[20]  Baptiste Hemery,et al.  Towards the Security Evaluation of Biometric Authentication Systems , 2011 .

[21]  Lorenza Saitta,et al.  Modeling Temporal Behavior via Structured Hidden Markov Models: an Application to Keystroking Dynamics , 2007, IICAI.

[22]  Woojin Chang Reliable Keystroke Biometric System Based on a Small Number of Keystroke Samples , 2006, ETRICS.

[23]  Christophe Rosenberger,et al.  A new soft biometric approach for keystroke dynamics based on gender recognition , 2012, Int. J. Inf. Technol. Manag..

[24]  M. van Zaanen,et al.  Vibration Sensitive Keystroke Analysis , 2009 .

[25]  Asok Ray,et al.  On the discriminability of keystroke feature vectors used in fixed text keystroke authentication , 2011, Pattern Recognit. Lett..

[26]  Kenneth Revett,et al.  Enhancing Login Security Through the Use of Keystroke Input Dynamics , 2006, ICB.

[27]  M. Akila,et al.  Biometric personal authentication using keystroke dynamics: A review , 2011, Appl. Soft Comput..

[28]  Hiroshi Dozono,et al.  Comparison of the Adaptive Authentication Systems for Behavior Biometrics using the Variations of Self Organizing Maps , 2008 .

[29]  Thai Hoang Le,et al.  Keystroke Dynamics Extraction by Independent Component Analysis and Bio-matrix for User Authentication , 2010, PRICAI.

[30]  Steven Furnell,et al.  Authenticating mobile phone users using keystroke analysis , 2006, International Journal of Information Security.

[31]  John-David Marsters Keystroke dynamics as a biometric , 2009 .

[32]  Wm. Arthur Conklin,et al.  Password-based authentication: a system perspective , 2004, 37th Annual Hawaii International Conference on System Sciences, 2004. Proceedings of the.

[33]  Terence Sim,et al.  Keystroke Dynamics in a General Setting , 2007, ICB.

[34]  Jean-Yves Ramel,et al.  Estimation of User Specific Parameters in One-class Problems , 2006, 18th International Conference on Pattern Recognition (ICPR'06).

[35]  Andrew Beng Jin Teoh,et al.  Statistical Fusion Approach on Keystroke Dynamics , 2007, 2007 Third International IEEE Conference on Signal-Image Technologies and Internet-Based System.

[36]  R. Stockton Gaines,et al.  Authentication by Keystroke Timing , 1980 .

[37]  Mohammad S. Obaidat,et al.  Verification of computer users using keystroke dynamics , 1997, IEEE Trans. Syst. Man Cybern. Part B.

[38]  A. Rosenfeld,et al.  IEEE TRANSACTIONS ON SYSTEMS , MAN , AND CYBERNETICS , 2022 .

[39]  Kenneth Revett,et al.  On the Use of Rough Sets for User Authentication Via Keystroke Dynamics , 2007, EPIA Workshops.

[40]  Roy A. Maxion,et al.  The Effect of Clock Resolution on Keystroke Dynamics , 2008, RAID.

[41]  Teuvo Kohonen,et al.  In: Self-organising Maps , 1995 .

[42]  D RubinAviel,et al.  Keystroke dynamics as a biometric for authentication , 2000 .

[43]  Woojin Chang Keystroke Biometric System Using Wavelets , 2006, ICB.

[44]  Jeffrey D. Allen,et al.  An analysis of pressure-based keystroke dynamics algorithms , 2010 .

[45]  Michael Achatz,et al.  On the Design of an Authentication System Based on Keystroke Dynamics Using a Predefined Input Text , 2007, Int. J. Inf. Secur. Priv..

[46]  Heather Crawford Keystroke dynamics: Characteristics and opportunities , 2010, 2010 Eighth International Conference on Privacy, Security and Trust.

[47]  Edson C. B. Carvalho,et al.  Using the Keystrokes Dynamic for Systems of Personal Security , 2008 .

[48]  Ibrahim Sogukpinar,et al.  Understanding users' keystroke patterns for computer access security , 2003, Comput. Secur..

[49]  J. van Leeuwen,et al.  Audio- and Video-Based Biometric Person Authentication , 2001, Lecture Notes in Computer Science.

[50]  Steven Furnell,et al.  Advanced user authentication for mobile devices , 2007, Comput. Secur..

[51]  Sungzoon Cho,et al.  Artificial Rhythms and Cues for Keystroke Dynamics Based Authentication , 2006, ICB.

[52]  Raj Sharman,et al.  Handbook of Research on Social and Organizational Liabilities in Information Security , 2008 .

[53]  B. Hussien,et al.  Computer-Access Security Systems Using Keystroke Dynamics , 1990, IEEE Trans. Pattern Anal. Mach. Intell..

[54]  Alessandro Neri,et al.  User authentication using keystroke dynamics for cellular phones , 2009 .

[55]  S.J. Elliott,et al.  Keystroke Dynamics Verification Using a Spontaneously Generated Password , 2006, Proceedings 40th Annual 2006 International Carnahan Conference on Security Technology.

[56]  J. Fierrez-Aguilar,et al.  Hill-Climbing and Brute-Force Attacks on Biometric Systems: A Case Study in Match-on-Card Fingerprint Verification , 2006, Proceedings 40th Annual 2006 International Carnahan Conference on Security Technology.

[57]  Sungzoon Cho,et al.  A hybrid novelty score and its use in keystroke dynamics-based user authentication , 2009, Pattern Recognit..

[58]  Claudia Picardi,et al.  User authentication through keystroke dynamics , 2002, TSEC.

[59]  Hyoungjoo Lee,et al.  Improving Authentication Accuracy of Unfamiliar Passwords with Pauses and Cues for Keystroke Dynamics-Based Authentication , 2006, WISI.

[60]  E.O. Freire,et al.  Multimodal biometric fusion — joint typist (keystroke) and speaker verification , 2006, 2006 International Telecommunications Symposium.

[61]  Roy A. Maxion,et al.  Keystroke biometrics with number-pad input , 2010, 2010 IEEE/IFIP International Conference on Dependable Systems & Networks (DSN).

[62]  Jugurta R. Montalvão Filho,et al.  On the equalization of keystroke timing histograms , 2006, Pattern Recognit. Lett..

[63]  David Umphress,et al.  Identity Verification Through Keyboard Characteristics , 1985, Int. J. Man Mach. Stud..

[64]  Baptiste Hemery,et al.  Unconstrained keystroke dynamics authentication with shared secret , 2011, Comput. Secur..

[65]  Arun Ross,et al.  Biometric Sensor Interoperability: A Case Study in Fingerprints , 2004, ECCV Workshop BioAW.

[66]  Norman Shapiro,et al.  Authentication by Keystroke Timing: Some Preliminary Results , 1980 .

[67]  Liang Wang,et al.  Behavioral Biometrics For Human Identification: Intelligent Applications , 2009 .

[68]  Christophe Rosenberger,et al.  Keystroke dynamics authentication for collaborative systems , 2009, 2009 International Symposium on Collaborative Technologies and Systems.

[69]  Michael K. Reiter,et al.  Password hardening based on keystroke dynamics , 1999, CCS '99.

[70]  Bruce Schneier,et al.  Inside risks: the uses and abuses of biometrics , 1999, CACM.

[71]  Jean-Yves Ramel,et al.  User Classification for Keystroke Dynamics Authentication , 2007, ICB.

[72]  Baptiste Hemery,et al.  A study of users' acceptance and satisfaction of biometric systems , 2010, 44th Annual 2010 IEEE International Carnahan Conference on Security Technology.

[73]  Roy A. Maxion,et al.  Comparing anomaly-detection algorithms for keystroke dynamics , 2009, 2009 IEEE/IFIP International Conference on Dependable Systems & Networks.

[74]  Dawn Song,et al.  User Recognition by Keystroke Latency Pattern Analysis , 1997 .

[75]  Clayton Charles Epp,et al.  Identifying emotional states through keystroke dynamics , 2010 .

[76]  Fabian Monrose,et al.  Keystroke dynamics as a biometric for authentication , 2000, Future Gener. Comput. Syst..

[77]  N.M. White,et al.  Use of a Novel Keypad Biometric for Enhanced User Identity Verification , 2008, 2008 IEEE Instrumentation and Measurement Technology Conference.

[78]  Pavaday Narainsamy,et al.  Investigating & Improving The Reliability And Repeatability Of Keystorke Dynamics Timers , 2010 .

[79]  Baptiste Hemery,et al.  Low Cost and Usable Multimodal Biometric System Based on Keystroke Dynamics and 2D Face Recognition , 2010, 2010 20th International Conference on Pattern Recognition.

[80]  Arun Ross,et al.  Handbook of Multibiometrics , 2006, The Kluwer international series on biometrics.