Continuous Authentication using Biometric Keystroke Dynamics

When talking about authentication in general and biometrics in particular, we envisage a situation where a user provides an identity and gives proof of this identity, in order to get access to certain services. This kind of authentication (called static authentication) is done when rst accessing a service and will be valid throughout a full session, until the user logs o from that session. Most authentication methods are very well suited for this kind of (static) authentication, e.g. the well known username/password combination for access to computers or websites. In this article we will discuss a dierent kind of authentication, which will be applied after the start of a session, and will monitor if the current user is the same as the user who performed the initial static authentication. This new type of authentication is called dynamic authentication or continuous authentication. We will in particular look at sessions at a computer where we monitor the typing behavior of the user to detect anomalies. Normal techniques used in biometrics cannot be applied anymore. We will explain the dierences between

[1]  Davrondzhon Gafurov,et al.  Performance and security analysis of Gait-based user authentication , 2008 .

[2]  Christine L. MacKenzie,et al.  Computer user verification using login string keystroke dynamics , 1998, IEEE Trans. Syst. Man Cybern. Part A.

[3]  Claudia Picardi,et al.  Keystroke analysis of free text , 2005, TSEC.

[4]  Fabian Monrose,et al.  Keystroke dynamics as a biometric for authentication , 2000, Future Gener. Comput. Syst..

[5]  Lee Luan Ling,et al.  User authentication through typing biometrics features , 2005 .

[6]  Jean-Yves Ramel,et al.  Fusion of methods for keystroke dynamic authentication , 2005, Fourth IEEE Workshop on Automatic Identification Advanced Technologies (AutoID'05).

[7]  Steven Furnell,et al.  A Long-term Trial of Keystroke Profiling using Digraph, Trigraph and Keyword Latencies , 2004, SEC.

[8]  Xian Ke,et al.  Typing patterns: a key to user identification , 2004, IEEE Security & Privacy Magazine.

[9]  B. Hussien,et al.  Computer-Access Security Systems Using Keystroke Dynamics , 1990, IEEE Trans. Pattern Anal. Mach. Intell..

[10]  M. S. Obaidat,et al.  Keystroke Dynamics Based Authentication , 1996 .

[11]  Maria Papadaki,et al.  Keystroke Analysis as a Method of Advanced User Authentication and Response , 2002, SEC.

[12]  Fabian Monrose,et al.  Authentication via keystroke dynamics , 1997, CCS '97.

[13]  Jie Liu,et al.  Optimal combined intrusion detection and biometric-based continuous authentication in high security mobile ad hoc networks , 2009, IEEE Transactions on Wireless Communications.

[14]  Michael K. Reiter,et al.  Password hardening based on keystroke dynamics , 1999, CCS '99.

[15]  Sandeep Kumar,et al.  Using Continuous Face Verification to Improve Desktop Security , 2005, 2005 Seventh IEEE Workshops on Applications of Computer Vision (WACV/MOTION'05) - Volume 1.

[16]  R. Ramnath,et al.  Physical Access Protection using Continuous Authentication , 2008, 2008 IEEE Conference on Technologies for Homeland Security.