Leveraging Variations in Event Sequences in Keystroke-Dynamics Authentication Systems

User names and passwords stubbornly remain the most prevalent authentication mechanism. Password secrecy ensures that only genuine users are granted access. If the secret is breached, impostors gain access too. One method of strengthening password authentication is through keystroke dynamics. Keystroke dynamics algorithms typically restrict the authentication entry to only one valid sequence of keystrokes, although conventional keyboards offer more than one way to enter the same credential. In this paper, we introduce the concept of event sequences. We explore the nature of variations between multiple valid keystroke entry sequences and propose a scheme for effectively representing these variations. Using a locally collected data set, we test the efficacy of the related authentication method in distinguishing users. The experimental results show that the variation in typing sequences are typing-proficiency independent, unlike other conventional keystroke dynamics attributes, such as hold and delay times. We show that these variations contain sufficient discriminatory information to warrant their inclusion into user authentication methods.

[1]  Damon L. Woodard,et al.  Biometric Authentication and Identification using Keystroke Dynamics: A Survey , 2012 .

[2]  Alessandro Acquisti,et al.  Information revelation and privacy in online social networks , 2005, WPES '05.

[3]  B. Hussien,et al.  Computer-Access Security Systems Using Keystroke Dynamics , 1990, IEEE Trans. Pattern Anal. Mach. Intell..

[4]  Bojan Cukic,et al.  Evaluating the Reliability of Credential Hardening through Keystroke Dynamics , 2006, 2006 17th International Symposium on Software Reliability Engineering.

[5]  Bojan Cukic,et al.  Effects of User Habituation in Keystroke Dynamics on Password Security Policy , 2011, 2011 IEEE 13th International Symposium on High-Assurance Systems Engineering.

[6]  Roy A. Maxion,et al.  Comparing anomaly-detection algorithms for keystroke dynamics , 2009, 2009 IEEE/IFIP International Conference on Dependable Systems & Networks.

[7]  Arun Ross,et al.  Biometric Sensor Interoperability: A Case Study in Fingerprints , 2004, ECCV Workshop BioAW.

[8]  E.O. Freire,et al.  Equalization of keystroke timing histograms for improved identification performance , 2006, 2006 International Telecommunications Symposium.

[9]  J. Bortz,et al.  Verteilungsfreie Methoden in der Biostatistik , 1982 .

[10]  M. Friedman The Use of Ranks to Avoid the Assumption of Normality Implicit in the Analysis of Variance , 1937 .

[11]  Christophe Rosenberger,et al.  GREYC keystroke: A benchmark for keystroke dynamics biometric systems , 2009, 2009 IEEE 3rd International Conference on Biometrics: Theory, Applications, and Systems.

[12]  Marcelo Cipriano,et al.  Collection and Publication of a Fixed Text Keystroke Dynamics Dataset , 2010 .

[13]  Robert W. Proctor,et al.  Imposing Password Restrictions for Multiple Accounts: Impact on Generation and Recall of Passwords , 2003 .

[14]  Jeffrey D. Allen,et al.  An analysis of pressure-based keystroke dynamics algorithms , 2010 .