Secure Password Authentication for Keystroke Dynamics

  • YeongGeun Choe
  • Soon-Ja Kim
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3683)

Abstract

Keystroke dynamics is an intelligent data processing technique of analyzing the user’s habitual typing patterns to identify him. Keystroke dynamics combined with password authentication has been widely used as a means to enhance user authentication system. However, the user authentication system’s security does not rely solely on the keystroke dynamics. To guarantee a high level of security, more secure password authentication is needed. The design and development of a secure password authentication protocol for keystroke dynamics is discussed in this paper. We propose a new efficient password authentication protocol that is secure against all types of attacks considered in the paper. We also show that our two-party protocol is extended to a three-party protocol, where each user only shares a password with a trusted server. As a result, our protocols with keystroke dynamics can provide a secure and intelligent means of authentication and access control of computer users.

Keywords

Discrete Logarithm Problem Dictionary Attack Perfect Forward Secrecy Password Authentication Keystroke Dynamic 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, log in to check access.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Bellovin, S., Merritt, M.: Encrypted key exchange: password-based protocols secure against dictionary attacks. In: IEEE Symposium on Research in Security and Privacy, pp. 77–84 (1992)Google Scholar
  2. 2.
    Bellovin, S., Merritt, M.: Augmented encrypted key exchange: a password-based protocols secure against dictionary attacks and password-file compromise. In: ACM Conference on Computer and Communications Security, pp. 244–250 (1993)Google Scholar
  3. 3.
    Jablon, D.: Strong password-only authenticated key exchange. ACM Computer Communications Review 26(5), 5–26 (1996)CrossRefGoogle Scholar
  4. 4.
    Jablon, D.: Extended password key exchange protocols immune to dictionary attacks. In: WETICE 1997 Workshop on Enterprise Security, pp. 248–255 (1997)Google Scholar
  5. 5.
    Wu, T.: Secure remote password protocol. In: Network and Distributed System Security Symposium Conference Proceedings (1998)Google Scholar
  6. 6.
    Boyko, V., MacKenzie, P., Patel, S.: Provably secure password authenticated key exchange using Diffie-Hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  7. 7.
    MacKenzie, P.: More Efficient Password-Authenticated Key Exchange. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 361–377. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  8. 8.
    MacKenzie, P.: The PAK suites: Protocols for Password-Authenticated Key Exchange (2002), available from http://grouper.ieee.org/groups/1363/passwdPK/contributions.html#Mac02
  9. 9.
    Kwon, T.: Authentication and Key agreement via Memorable Passwords. In: Network and Distributed System Security Symposium Conference Proceedings (2001)Google Scholar
  10. 10.
    Kwon, T., Kang, M., Song, J.: An Adaptable and Reliable Authentication Protocol for Communication Networks. In: Proceedings of IEEE INFOCOM 1997, pp. 737–744 (1997)Google Scholar
  11. 11.
    Kwon, T., Kang, M., Jung, S., Song, J.: An Improvement of the Password-based Authentication protocol(K1P) on Security against Replay Attacks. IEICE Transactions on Communications E82-B(7), 991–997 (1999)Google Scholar
  12. 12.
    Ding, Y., Horster, P.: Undetectable On-line Password Guessing Attacks. ACM Operating Systems Review 29(4), 77–86 (1995)CrossRefGoogle Scholar
  13. 13.
    Lin, C.-L., Sun, H.-M., Hwang, T.: Three party encrypted key exchange: Attacks and a solution. ACM Operating Systems Review 34(4), 12–20 (2000)CrossRefGoogle Scholar
  14. 14.
    Lin, C.-L., Sun, H.-M., Steiner, M., Hwang, T.: Three-party encrypted key exchange Without Server Public-Keys. IEEE, Communications Letters 5(12), 497–499 (2001)CrossRefGoogle Scholar
  15. 15.
    Gong, L., Lomos, M., Needham, R.: Protecting Poorly Chosen Secrets from Guessing Attacks. IEEE Journal on Selected Areas in Communications 11(5), 648–656 (1993)CrossRefGoogle Scholar
  16. 16.
    Steiner, M., Tsudik, G., Waidner, M.: Refinement and Extension of Encrypted Key Exchange. ACM Operating Systems Review 29(3), 22–30 (1995)CrossRefGoogle Scholar
  17. 17.
    Gong, L.: Optimal Authentication Protocols Resistant to Password Guessing Attacks. In: 8th IEEE Computer Security Foundations Workshop, pp. 24–29 (1995)Google Scholar
  18. 18.
    Diffie, W., Hellman, M.: New directions in cryptograpy. IEEE Transactions on Information Theory 22(6), 644–654 (1976)MATHCrossRefMathSciNetGoogle Scholar
  19. 19.
    Halevi, S., Krawczyk, H.: Public-key cryptography and password protocols. ACM Transactions on Information and System Security 2(3), 230–268 (1999)CrossRefGoogle Scholar
  20. 20.
    Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated Key Exchange Secure Against Dictionary Attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  21. 21.
    Gennaro, R., Lindell, Y.: A Framework for Password-Based Authenticated Key Exchange. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 524–543. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  22. 22.
    Denning, D., Sacco, G.: Timestamps in key distribution protocols. Communications of the ACM 24(8), 533–536 (1981)CrossRefGoogle Scholar
  23. 23.
    Yacobi, Y.: A key distribution paradox. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 268–273. Springer, Heidelberg (1991)Google Scholar
  24. 24.
    Cramer, R., Shoup, V.: A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 13–25. Springer, Heidelberg (1998)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • YeongGeun Choe
    • 1
  • Soon-Ja Kim
    • 1
  1. 1.Graduate school of Electronic Engineering, Computer Networks Lab.Kyungpook National UniversityDaeguKorea

Personalised recommendations