Intelligent biometric pattern password authentication systems for touchscreens

We introduced several methods of pattern password authentication for touchscreens.We designed a touchscreen user interface and we collected touch durations.As the classifier algorithms we used ANN, ANFIS and RGB Histogram methods.80 real attempts and 80 fraud attempts from 10 users are operated.We achieved EER of 8.75% for ANN, 2.5% for ANFIS, 7.5% for RGB Histogram. Given the recent developments in alternative authentication interfaces for smartphones, tablets and touchscreen laptops, one of the mostly selected method is the pattern passwords. Basically, the users that prefer this method, draw a pattern between the nodes to open the lock in lieu of entering an alphanumeric password. Although drawing a pattern seems easier than typing a password, it has a major security drawback since it can be very easy to be stolen. Therefore, this paper proposes some novel theoretical ideas with artificial intelligence methods, to improve security of pattern password authentication, using touching durations as biometric traits. What we put forward is the utilization of three different neural network based algorithms to verify logins with one novel histogram-based technique in a hidden interface for enrollment, training and verification.Inspired by the keystroke recognition models, the touch time and durations are extracted to create a ghost password. Moreover, the nodes are colored depending on the touch duration in the hidden interface and subsequently the colored images are exported. As a result of training session, the system discriminates real attempts from frauds using artificial neural networks (ANN), adaptive neuro-fuzzy inference systems (ANFIS) and Red-Green-Blue (RGB) Histogram methods in verification phase. The results are greatly encouraging that we reached 0% of false accept rate (FAR) for 80 fraud attacks with 16.5% false reject rate (FRR) of unsuccessful authentication for the 80 real attempts when started with interval checking algorithm. Moreover, to reduce this FRR, we utilized neural network based systems and consequently with ANN, we achieved 8.75% equal error rate (EER), with ANFIS, 2.5% EER for 85% proximity and finally with RGB Histogram method, we attained 7.5% EER.

[1]  Gary M. Weiss,et al.  Cell phone-based biometric identification , 2010, 2010 Fourth IEEE International Conference on Biometrics: Theory, Applications and Systems (BTAS).

[2]  Sajjad Haider,et al.  A multi-technique approach for user identification through keystroke dynamics , 2000, Smc 2000 conference proceedings. 2000 ieee international conference on systems, man and cybernetics. 'cybernetics evolving to systems, humans, organizations, and their complex interactions' (cat. no.0.

[3]  Gopal K. Gupta,et al.  Identity authentication based on keystroke latencies , 1990, Commun. ACM.

[4]  Cheng-Jung Tsai,et al.  A graphical-based password keystroke dynamic authentication system for touch screen handheld mobile devices , 2012, J. Syst. Softw..

[5]  Isao Hayashi,et al.  NN-driven fuzzy reasoning , 1991, Int. J. Approx. Reason..

[6]  Anil K. Jain,et al.  Biometric Authentication: System Security and User Privacy , 2012, Computer.

[7]  Bojan Cukic,et al.  Effects of User Habituation in Keystroke Dynamics on Password Security Policy , 2011, 2011 IEEE 13th International Symposium on High-Assurance Systems Engineering.

[8]  Kenneth Levenberg A METHOD FOR THE SOLUTION OF CERTAIN NON – LINEAR PROBLEMS IN LEAST SQUARES , 1944 .

[9]  Fabian Monrose,et al.  Authentication via keystroke dynamics , 1997, CCS '97.

[10]  T. Ross Fuzzy Logic with Engineering Applications , 1994 .

[11]  Baochang Zhang,et al.  Study on the BeiHang Keystroke Dynamics Database , 2011, 2011 International Joint Conference on Biometrics (IJCB).

[12]  Muddassar Farooq,et al.  A hybrid GA-PSO fuzzy system for user identification on smart phones , 2009, GECCO.

[13]  Nasir D. Memon,et al.  Biometric-rich gestures: a novel approach to authentication on multi-touch devices , 2012, CHI.

[14]  Sungzoon Cho,et al.  Improving authentication accuracy using artificial rhythms and cues for keystroke dynamics-based authentication , 2009, Expert Syst. Appl..

[15]  Georgios Kambourakis,et al.  Introducing touchstroke: keystroke-based authentication system for smartphones , 2016, Secur. Commun. Networks.

[16]  Sungzoon Cho,et al.  Keystroke dynamics-based user authentication using long and free text strings from various input devices , 2015, Inf. Sci..

[17]  Yogesh Kumar Meena,et al.  User Authentication Using Keystroke Recognition , 2013 .

[18]  Fabian Monrose,et al.  Keystroke dynamics as a biometric for authentication , 2000, Future Gener. Comput. Syst..

[19]  Ting-Yi Chang,et al.  Two novel biometric features in keystroke dynamics authentication systems for touch screen devices , 2014, Secur. Commun. Networks.

[20]  Steven Furnell,et al.  Advanced user authentication for mobile devices , 2007, Comput. Secur..

[21]  John J. Leggett,et al.  Dynamic Identity Verification via Keystroke Characteristics , 1991, Int. J. Man Mach. Stud..

[22]  Jyh-Shing Roger Jang,et al.  ANFIS: adaptive-network-based fuzzy inference system , 1993, IEEE Trans. Syst. Man Cybern..

[23]  D. Marquardt An Algorithm for Least-Squares Estimation of Nonlinear Parameters , 1963 .

[24]  B. Hussien,et al.  Computer-Access Security Systems Using Keystroke Dynamics , 1990, IEEE Trans. Pattern Anal. Mach. Intell..

[25]  Julien Bringer,et al.  A Framework for Analyzing Template Security and Privacy in Biometric Authentication Systems , 2012, IEEE Transactions on Information Forensics and Security.

[26]  Chun-I Fan,et al.  Provably Secure Remote Truly Three-Factor Authentication Scheme With Privacy Protection on Biometrics , 2009, IEEE Transactions on Information Forensics and Security.

[27]  Youtian Du,et al.  User Authentication Through Mouse Dynamics , 2013, IEEE Transactions on Information Forensics and Security.

[28]  Mohammad S. Obaidat,et al.  Verification of computer users using keystroke dynamics , 1997, IEEE Trans. Syst. Man Cybern. Part B.

[29]  Orcan Alpar Keystroke recognition in user authentication using ANN based RGB histogram technique , 2014, Eng. Appl. Artif. Intell..

[30]  Sahin Albayrak,et al.  Continuous and non-intrusive identity verification in real-time environments based on free-text keystroke dynamics , 2011, 2011 International Joint Conference on Biometrics (IJCB).

[31]  Laurence Tianruo Yang,et al.  Fuzzy Logic with Engineering Applications , 1999 .

[32]  Zheyu Yang,et al.  Face Detection and Recognition Based on an Improved Adaboost Algorithm and Neural Network , 2016 .

[33]  Muhammad Numan,et al.  KEYSTROKE PATTERN RECOGNITION PREVENTING ONLINE FRAUD , 2011 .

[34]  Michio Sugeno,et al.  Fuzzy identification of systems and its applications to modeling and control , 1985, IEEE Transactions on Systems, Man, and Cybernetics.

[35]  Sungzoon Cho,et al.  Web-Based Keystroke Dynamics Identity Verification Using Neural Network , 2000, J. Organ. Comput. Electron. Commer..

[36]  Simon A. Cole,et al.  History of Fingerprint Pattern Recognition , 2004 .

[37]  Alessandro Neri,et al.  User authentication using keystroke dynamics for cellular phones , 2009 .

[38]  Claudia Picardi,et al.  Keystroke analysis of free text , 2005, TSEC.

[39]  K. P. Chaudhari,et al.  Typing Pattern Recognition Using Keystroke Dynamics , 2012, IAIT 2012.

[40]  Alessandro Neri,et al.  Keystroke dynamics authentication for mobile phones , 2011, SAC.

[41]  Sungzoon Cho,et al.  Continual Retraining of Keystroke Dynamics Based Authenticator , 2007, ICB.

[42]  Lee Luan Ling,et al.  User authentication through typing biometrics features , 2005 .

[43]  Nathan L. Clarke,et al.  Keystroke Analysis for Thumb-based Keyboards on Mobile Devices , 2007, SEC.

[44]  Erik Wästlund,et al.  Exploring Touch-Screen Biometrics for User Identification on Smart Phones , 2011, PrimeLife.

[45]  Issa Traoré,et al.  Digital Fingerprinting Based on Keystroke Dynamics , 2008, HAISA.

[46]  Michael Weber,et al.  Password entry usability and shoulder surfing susceptibility on different smartphone platforms , 2012, MUM.

[47]  Alex X. Liu,et al.  Secure unlocking of mobile touch screen devices by simple gestures: you can see it but you can not do it , 2013, MobiCom.

[48]  M. Akila,et al.  Biometric personal authentication using keystroke dynamics: A review , 2011, Appl. Soft Comput..

[49]  Heinrich Hußmann,et al.  Touch me once and i know it's you!: implicit authentication based on touch screen patterns , 2012, CHI.

[50]  David Umphress,et al.  Identity Verification Through Keyboard Characteristics , 1985, Int. J. Man Mach. Stud..

[51]  Christophe Rosenberger,et al.  Evaluation of Biometric Systems , 2012 .

[52]  Anil K. Jain,et al.  Keystroke dynamics for user authentication , 2012, 2012 IEEE Computer Society Conference on Computer Vision and Pattern Recognition Workshops.

[53]  Heather Crawford Keystroke dynamics: Characteristics and opportunities , 2010, 2010 Eighth International Conference on Privacy, Security and Trust.

[54]  Hai Huang,et al.  You Are How You Touch: User Verification on Smartphones via Tapping Behaviors , 2014, 2014 IEEE 22nd International Conference on Network Protocols.

[55]  Steven Furnell,et al.  Authenticating mobile phone users using keystroke analysis , 2006, International Journal of Information Security.

[56]  Bogdan M. Wilamowski,et al.  Intelligent Systems , 2011 .

[57]  Dwijen Rudrapal,et al.  Analysis and Evaluation of Keystroke Duration of User’s Typing as a Distinctive Measure of Recognition , 2013 .

[58]  Andrew Beng Jin Teoh,et al.  Keystroke dynamics in password authentication enhancement , 2010, Expert Syst. Appl..

[59]  Lior Rokach,et al.  User identity verification via mouse dynamics , 2012, Inf. Sci..

[60]  P. Bhattarakosol,et al.  Authenticating User Using Keystroke Dynamics and Finger Pressure , 2009, 2009 6th IEEE Consumer Communications and Networking Conference.