Enhancing Login Security Through the Use of Keystroke Input Dynamics

  • Kenneth Revett
  • Sérgio Tenreiro de Magalhães
  • Henrique M. D. Santos
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3832)

Abstract

Security is a critical component of most computer systems – especially those used in E-commerce activities over the Internet. Global access to information makes security a critical design issue in these systems. Deployment of sophisticated hardware based authentication systems is prohibitive in all but the most sensitive installations. What is required is a reliable, hardware independent and efficient security system. In this paper, we propose an extension to a keystroke dynamics based security system. We provide evidence that completely software based systems based on keystroke input dynamics can be as effective as expensive and cumbersome hardware based systems. Our system is behavioral based that captures the typing patterns of a user and uses that information, in addition to standard login/password security to provide a system that is user-friendly and very effective at detecting imposters.

Keywords

False Acceptance Rate False Rejection Rate Typing Speed Brute Force Attack Undue Burden 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Yan, J., Blackwell, A.F., Anderson, R., Grant, A.: Password memorability and security: Empirical results. IEEE Security and Privacy 2(5), 25–31 (2004)CrossRefGoogle Scholar
  2. 2.
    Magalhães, S.T., Santos, H.D.: An improved statistical keystroke dynamics algorithm. In: Proceedings of the IADIS MCCSIS (2005)Google Scholar
  3. 3.
    Chen, Z.: Java Card Technology for Smart Cards. Addison Wesley, U.S.A 2000 (2000)Google Scholar
  4. 4.
    Ord, T., Furnell, S.M.: User authentication for keypad-based devices using keystroke analysis. In: Proceedings of the Second International Network Conference – INC 2000, Plymouth, U.K. (2000)Google Scholar
  5. 5.
    Gaines, R., et al.: Authentication by keystroke timing: Some preliminary results. Rand Report R-256-NSF. Rand (1980)Google Scholar
  6. 6.
    Joyce, R., Gupta, G.: Identity authorization based on keystroke latencies. Communications of the ACM 33(2), 168–176 (1990)CrossRefGoogle Scholar
  7. 7.
    Monrose, F., et al.: Password Hardening based on Keystroke Dynamics. International Journal of Information Security (2001)Google Scholar
  8. 8.
    Monrose, F., Rubin, A.D.: Authentication via Keystroke Dynamics. In: Proceedings of the Fourth ACM Conference on Computer and Communication Security. Zurich, Switzerland (1997)Google Scholar
  9. 9.
    Monrose, F., Rubin, A.D.: Keystroke Dynamics as a Biometric for Authentication. Future Generation Computing Systems (FGCS) Journal: Security on the Web (2000)Google Scholar
  10. 10.
    Peacock, A., Ke, X., Wilkerson, M.: Typing Patterns: A Key to User Identification. IEEE. Security and Privacy 2(5), 40–47 (2004)CrossRefGoogle Scholar
  11. 11.
    Revett, K., Khan, A.: Enhancing login security using keystroke hardening and keyboard gridding. In: Proceedings of the IADIS MCCSIS 2005 (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Kenneth Revett
    • 1
  • Sérgio Tenreiro de Magalhães
    • 2
  • Henrique M. D. Santos
    • 2
  1. 1.Harrow School of Computer ScienceUniversity of WestminsterLondonUK
  2. 2.Department of Information SystemsUniversidade do MinhoGuimaraesPortugal

Personalised recommendations