06-05-2013, 04:08 PM
Report On BIOMETRIC AUTHENTICATION USING KEYSTROKE DYNAMICS
Report On BIOMETRIC.pdf (Size: 630.16 KB / Downloads: 58)
Abstract
Biometric access methods for computer systems are gaining popularity because of gov-
ernmental and corporate businesses' increased focus to secure sensitive data on computer
systems and network. Biometrics is the science of measuring a unique physical charac-
teristic about an individual as an identication mechanism. Keystroke Biometrics is a
relatively new method of biometric identication and provides a comparatively inexpen-
sive and unobtrusive method of hardening the normal login and password process. It does
not require additional hardware as it uses the existing keyboard to measure keystroke dy-
namics. The term keystroke dynamics is used to describe an individuals typing pattern
including, latencies, key depress durations and keystroke pressure. This pattern is fairly
unique to each individual. This Graduate Project aims at investigating the validity of
using typing dynamics to strengthen security in a computer system. A Keystroke Dynam-
ics Analysis tool is developed that uses statistical analysis of a users typing patterns to
perform identity verication. Results of the program are used to conrm that Keystroke
Biometric Authentication is a valid method for identity verication.
Introduction
The increasing need for securing access to computer systems and networks from intrud-
ers is growing rapidly as the type of data and capabilities of these systems is becoming
signicantly sensitive. To provide access to these systems while preventing illegitimate
access is the key requirement of modern day computing. Since biometric systems do not
identify a person by what he or she knows (a code) or possesses (a card), but by a unique
characteristic that is dicult for a dierent individual to reproduce, the possibility of
forgery is greatly reduced [Kung 2004]
Identication methods:
The access system should be able to correctly authenticate the identity of an individual
and then allow them access to the dened resources. Since almost all articial features
used in conventional identication techniques can likely be forged or stolen (example,
ID cards or passwords) more eective identication and authentication methods are now
in greater demand. The main methods of user identication are something you know
example, password; something you have example, swipe card and something you are
example, biometrics [Gollman 1999]. The use of login names and passwords is the most
commonly used mechanism for authentication purposes. Despite its popularity there are
many inherent
aws to this approach. Passwords that are simple and memorable are easy
to guess or searched by an attacker and a long random password is dicult to remember.
Passwords are at a disadvantage of being open to compromise without the knowledge of
their disclosure [Leggett 1990].
Biometric Authentication:
Biometrics is the science of measuring a unique physical characteristic about an individ-
ual as an identication mechanism. A number of widely used biometric technologies and
techniques exist. Some of the common methods include ngerprints, voice characteristics,
eyes, facial features, and keystroke dynamics.
Fingerprint biometrics is widely used and accepted technology. Here the biometrics is
dened by the unique patterns of ones ngers. Since the form of identication involves
ngerprints, it has issues of both fear and acceptance. Some individuals involved with
ngerprint authentication for network access has expressed the feeling that using their
ngerprint for authentication makes them feel like a criminal [Reid 2003].
Face biometrics is used in day-to-day life. We recognize each other by faces as it
the rst dening character for identity. We carry photo IDs to represent our proofs of
identity. The problem here is we have all at one time or another thought we recognized
someone's face, only to have it not be the person we thought. In special cases of similar
faces for example, twins, it is dicult to identify accurately. Not surprisingly, the use of
face biometrics for identication is often questioned for deployment in a network security
environment, as it does not provide the same level of accuracy as other biometrics. Similar
problems are associated with voice biometrics where sound recognition can be spoofed
or misinterpreted. Newer techniques like iris recognition and keystroke dynamics are
now becoming more popular as they measure stronger and reliable biometric traits of
human beings. Researches have shown that these techniques have virtually no FAR (False
Acceptance Rates) and extremely low 0.2
How Keystroke Biometrics Works:
Keystroke recognition is completely a software-based solution. No additional equip-
ments are needed and all that is needed is the existing computer and keyboard that the
individual is currently using. It involves two processes:
1. Enrollment Process: This process will enroll the user and generate a template for
him. To start with, the individual must type in a specic word or a phrase or a set of
alphanumeric characters. This is usually a username and password.
2. Verication Process: This process would verify an enrolled individual to conrm the
identication of the person. It would match the current template with an existing one for
authentication purposes.
Importance of this Project:
This Graduate Project aims at using the inexpensive and unobtrusive method of
keystroke biometrics to build a user authentication system. Keystroke biometrics is a
relatively new method of biometric identication. It uses the existing keyboard to measure
keystroke dynamics of an individual. The motivation to use this technology for this
Graduate Project work comes from the fact that this is would be a complete software
based solution for building an ecient user identication tool. The tool designed will
have the following characteristics:
1. No additional or specialized hardware is needed to implement this method, as it would
use the existing computer keyboard.
2. No additional costs are involved for training individuals using the system.
3. Easy to use with minimal set up time and can be readily installed on a system or
network.
Data will be stored in the form of templates.
Similar Works:
Umphress and Williams undertook one of the earlier works in this area in 1985. It
used the delays between keystrokes, also known as di-graphs for the captured keystroke
biometric. They had two sets of inputs required in their process with 1400 and 300
characters of prose. [DSouza 2002] Though the study proved that keystroke biometrics
is a valid method for identication, it was restricted by the huge amount of input text.
Another work done by Joyce and Gupta was designing a user identication system using
keystroke patterns. Their work compares keystroke latencies of a xed string which is
a password already stored in the system. This Graduate Project diers from their work
in way as it does not depend on pre-selected strings for user authentication. One of the
recent works in this area was conducted by Robinson et al. in which the authors used
keystroke hold times to characterize the typing styles [Obaidat 1997].
Related Work
1. A collection of researches have been presented in the literature for Human authenti-
cation using Keystroke Dynamics. Keystroke Dynamics can be utilized for various user
authentication processes. A brief review of some recent researches is presented here.
Karnan et al. have proposed that the feature subset selection in Keystroke Dynamics for
identity verication, and it reports the results of experimenting Ant Colony Optimization
technique on keystroke duration, latency and digraph for feature subset selection.
2. S. Benson Edwin Raj and A. Thomson Santhosh have proposed a biometric iden-
tication problem by focusing on extracting the behavioral features related to the user
and using this features for computer security. Standardized mouse dynamics biometrics
involves a signature that was based on selected mouse movement characteristics under
dierent screen resolution and mouse pointer speed settings.
3. Danish Jamil et al. have proposed a developing biometric access control measure,
computer access via keystroke pattern recognition and discusses its direct connection to
preventing electronic identity thefts. They investigated keystroke dynamics as being one
of the most costs ecient and easy to implement biometrics for online and enterprise
based systems.
4. D. Raghu et al. have proposed an association of ideas of neural network that was
trained with the timing vectors of the keystroke dynamics and then used to discriminate
between the owner and an imposter. They presented an application of neural nets to user
identity authentication on computer access security system.