A keystroke authentication method has a lower cost and is more powerful and easier to use than other biometric authentication methods. However, traditional keystroke authentication has many weaknesses and is easy to attack by criminals. Attacks can include shoulder surfing attacks, eavesdropping attacks and key-logger attacks. When users try to access their computer or portable device by using keystroke authentication method, the users must push the correct buttons with the correct rhythm in order to be authenticated. If the users make several failed authentication attempts, the system will lock their account. As a result, the users usually use a simple password and rhythm for accessing their account which will make the risk even higher. This research proposes a new method of a keystroke authentication by using multi-touch technique on touchpad which is embedded on a laptop computer. The users can register their rhythm using their fingers on the touchpad to the system as a biometric authentication. An attacker will have difficulties conducting a shoulder surfing attack. This is because the users have no need to type their password and can use one hand to cover the other hand which is used to make their rhythm for the touch. Furthermore, the users can quickly make the rhythm. An eavesdropping attack is rendered useless since the touchpad can get event data when the users touch it without making any sound. Even though some users may not be vigilant and make tapping sounds, an eavesdropper cannot know how many fingers the users use to tap on the touchpad to make one beat. The research results show that the purposed multi-touch rhythm authentication performs better than the traditional keystroke method and provides better security, usability, and faster authentication.
[1]
Margit Antal,et al.
Keystroke Dynamics on Android Platform
,
2015
.
[2]
Jörg Schwenk,et al.
Automatic recognition, processing and attacking of single sign-on protocols with burp suite
,
2015,
Open Identity Summit.
[3]
Alessandro Neri,et al.
Keystroke dynamics authentication for mobile phones
,
2011,
SAC.
[4]
Seng-Phil Hong,et al.
A Method of Risk Assessment for Multi-Factor Authentication
,
2011,
J. Inf. Process. Syst..
[5]
Xuan Huang,et al.
Development of a Typing Behaviour Recognition Mechanism on Android
,
2012,
2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications.
[6]
Alessandra Lumini,et al.
An evaluation of direct attacks using fake fingers generated from ISO templates
,
2010,
Pattern Recognit. Lett..
[7]
G. Padmavathi,et al.
A Survey of Biometric keystroke Dynamics: Approaches, Security and Challenges
,
2009,
ArXiv.
[8]
H. Saevanee,et al.
User Authentication Using Combination of Behavioral Biometrics over the Touchpad Acting Like Touch Screen of Mobile Device
,
2008,
2008 International Conference on Computer and Electrical Engineering.
[9]
Rajender Nath,et al.
Reducing Process-Time for Fingerprint Identification System
,
2009
.
[10]
Pramote Kuacharoen,et al.
Transaction Authentication Using HMAC-Based One-Time Password and QR Code
,
2015
.
[11]
Debnath Bhattacharyya,et al.
Biometric Authentication: A Review
,
2009
.