Advertisement

Software Quality Journal

, Volume 24, Issue 1, pp 137–157 | Cite as

Normalizing variations in feature vector structure in keystroke dynamics authentication systems

  • Zahid Syed
  • Sean Banerjee
  • Bojan Cukic
Article

Abstract

Usernames and passwords stubbornly remain the most prevalent authentication mechanism. Password secrecy ensures that only genuine users are granted access. If the secret is breached, impostors gain the access too. One method of strengthening password authentication is through keystroke dynamics. Keystroke dynamics algorithms typically constrain the authentication entry to one valid sequence of key presses. In this paper, we introduce the concept of event sequences. We explore the nature of variations between multiple valid key-entry sequences and propose a scheme that effectively represents these variations. We test the efficacy of the new authentication method in distinguishing users. The experimental results show that typing proficiency of individuals is not the only determining authentication factor. We show that typing sequence variations contain sufficient discriminatory information to warrant their inclusion into user authentication methods. Based on these results, we present a novel strategy to create feature vectors for keystroke dynamics-based authentication. The proposed approach ensures that the feature vector’s length and structure are related only to the length of the password, independent of its content or the order of keys pressed. This normalization of feature vector structure has multiple advantages including leveraging the discriminatory power of event sequences, faster search-and-retrieval in n-graph-based authentication systems, and simplicity. The proposed authentication scheme is applicable to both static and continual authentication systems.

Keywords

Keystroke dynamics Authentication Biometrics  Continual authentication 

References

  1. Allen, J. D. (2010). An analysis of pressure-based keystroke dynamics algorithms. PhD Thesis, Southern Methodist University.Google Scholar
  2. ANSI-INCITS-154-1988. (1988). Office machines and supplies: Alphanumeric machines—keyboard arrangement. http://www.webstore.ansi.org/
  3. Banerjee, S. P., & Woodard, D. L. (2012). Biometric authentication and identification using keystroke dynamics: A survey. Journal of Pattern Recognition Research, 7(1), 116–139.CrossRefGoogle Scholar
  4. Bartlow, N., & Cukic, B. (2006). Evaluating the reliability of credential hardening through keystroke dynamics. In 17th international symposium on software reliability engineering, 2006. ISSRE’06 (pp 117–126). IEEE.Google Scholar
  5. Bello, L., Bertacchini, M., Benitez, C., Pizzoni, J. C., & Cipriano, M. (2010). Collection and publication of a fixed text keystroke dynamics dataset. In XVI Congreso Argentino de Ciencias de la Computación.Google Scholar
  6. Bleha, S., Slivinsky, C., & Hussien, B. (1990). Computer-access security systems using keystroke dynamics. IEEE Transactions on Pattern Analysis and Machine Intelligence, 12(12), 1217–1222.CrossRefGoogle Scholar
  7. Bortz, J., Lienert, G. A., & Boehnke, K. (2000). Verteilungsfreie methoden in der biostatistik. Berlin: Springer.Google Scholar
  8. Crenshaw, A. (2009). Changing your mac address in window xp/vista, linux and mac os x. http://www.irongeek.com/i.php?page=security/changemac
  9. Friedman, M. (1937). The use of ranks to avoid the assumption of normality implicit in the analysis of variance. Journal of the American Statistical Association, 32(200), 675–701.CrossRefGoogle Scholar
  10. Giot, R., El-Abed, M., & Rosenberger, C. (2009). Greyc keystroke: A benchmark for keystroke dynamics biometric systems. In IEEE 3rd international conference on biometrics: Theory, applications, and systems, 2009. BTAS’09 (pp 1–6). IEEE.Google Scholar
  11. Gross, R., & Acquisti, A. (2005). Information revelation and privacy in online social networks. In Proceedings of the 2005 ACM workshop on privacy in the electronic society (pp. 71–80). New York: ACM.Google Scholar
  12. ISO/IEC-9995-3:2010. (2010). Information technology: Keyboard layouts for text and office systems—part 3: Complementary layouts of the alphanumeric zone of the alphanumeric section. http://www.iso.org/iso/home/store.htm
  13. JISX-6002:1980. (1988). Keyboard layout for information processing using the jis 7 bit coded character set. http://www.webstore.jsa.or.jp/
  14. Killourhy, K. S., & Maxion, R. A. (2009). Comparing anomaly-detection algorithms for keystroke dynamics. In IEEE/IFIP international conference on dependable systems and networks, 2009. DSN’09 (pp. 125–134). IEEE.Google Scholar
  15. Microsoft (2014a). The microsoft keyboard layout creator. http://msdn.microsoft.com/en-us/goglobal/bb964665.aspx
  16. Microsoft (2014b) Windows keyboard layouts. http://msdn.microsoft.com/en-us/goglobal/bb964651.aspx
  17. Montalvao, J., Almeida, C. A. S., & Freire, E. O. (2006). Equalization of keystroke timing histograms for improved identification performance. In 2006 International telecommunications symposium (pp. 560–565). IEEE.Google Scholar
  18. Ross, A., & Jain, A. (2004). Biometric sensor interoperability: A case study in fingerprints. In D. Maltoni & A. K. Jain (Eds.), Biometric authentication (pp. 134–145). Berlin, Heidelberg: Springer.Google Scholar
  19. Syed, Z., Banerjee, S., Cheng, Q., & Cukic, B. (2011). Effects of user habituation in keystroke dynamics on password security policy. In 2011 IEEE 13th international symposium on high-assurance systems engineering (HASE) (pp. 352–359). IEEE.Google Scholar
  20. Vu, K. P. L., Bhargav, A., & Proctor, R. W. (2003). Imposing password restrictions for multiple accounts: Impact on generation and recall of passwords. In Proceedings of the human factors and ergonomics society annual meeting (Vol. 47, pp. 1331–1335). London:SAGE.Google Scholar
  21. Young, J., & Hammon, R. (1989). Method and apparatus for verifying an individual’s identity. https://www.google.com/patents/US4805222. US Patent 4,805,222.

Copyright information

© Springer Science+Business Media New York 2014

Authors and Affiliations

  1. 1.Department of Computer Science, Engineering, and PhysicsUniversity of Michigan - FlintFlintUSA
  2. 2.The Robotics InstituteCarnegie Mellon UniversityPittsburghUSA
  3. 3.University of North Carolina at CharlotteCharlotteUSA

Personalised recommendations