Keystroke dynamics

Last updated

Keystroke dynamics, keystroke biometrics, typing dynamics, ortyping biometrics refer to the collection of biometric information generated by key-press-related events that occur when a user types on a keyboard. [1] Use of patterns in key operation to identify operators predates modern computing, [2] and has been proposed as an authentication alternative to passwords and PIN numbers. [3]

Contents

Science

The behavioral biometric of keystroke dynamics uses the manner and rhythm in which an individual types characters on a keyboard or keypad. [4] [5] [6] The user's keystroke rhythms are measured to develop a unique biometric template of the user's typing pattern for future authentication. [7] Keystrokes are separated into static and dynamic typing, which are used to help distinguish between authorized and unauthorized users. [8] Vibration information may be used to create a pattern for future use in both identification and authentication tasks.

History

During the late nineteenth century, telegram operators began to develop unique "signatures" that could be identified simply by their tapping rhythm. [9] As late as World War II, the military transmitted messages through Morse Code. Using a methodology called "The Fist of the Sender," military intelligence identified that an individual had a unique way of keying in a message's "dots" and "dashes", creating a rhythm that could help distinguish ally from enemy. [10] [11]

Keyboard dynamics received attention as a potential alternative to short PIN numbers, which were widely used for authentication early in the expansion of networked computing. [12]

Collection and potential use of keystroke dynamics data

The behavioral biometric of keystroke dynamics uses the manner and rhythm in which an individual types characters on a keyboard or keypad. [13] [14] [15] The user's keystroke rhythms are measured to develop a unique biometric template of the user's typing pattern for future authentication. [7] Keystrokes are separated into static and dynamic typing, which are used to help distinguish between authorized and unauthorized users. [16] Vibration information may be used to create a pattern for future use in both identification and authentication tasks.

Keystroke dynamic information could be used to verify or determine the identity of the person producing the keystrokes. [17] The techniques used to do this vary widely in sophistication and range from statistical techniques to artificial intelligence (AI) approaches such as neural networks.

The time to seek and depress a key (seek-time) and the time the key is held down (hold-time) may be characteristic of an individual, regardless of the total speed at which they type. Most people take longer to find or get to specific letters on the keyboard than their average seek-time for all letters. Which letters require more time vary dramatically and consistently for different people. Right-handed people may be statistically faster in getting to keys they hit with their right-hand fingers than with their left-hand fingers. Index fingers may be faster than other fingers, consistent for a user, regardless of their overall speed.

In addition, sequences of letters may have characteristic properties for a user. In English, the use of "the" is very common, and those three letters may be known as a rapid-fire sequence. Common endings, such as "ing", may be entered far faster than the same letters in reverse order ("gni") to the degree that varies consistently by user. This consistency may hold and reveal common sequences of the user's native language even when they are writing entirely in a different language.

Common "errors" may also be quite characteristic of a user. There is a taxonomy of errors, such as the user's most common "substitutions", "reversals", "drop-outs", "double-strikes", "adjacent letter hits", "homonyms" and hold-length-errors (for a shift key held down too short or too long a time). Even without knowing what language the user is working in, these errors may be detected by looking at the rest of the text and what letters the user goes back and replaces.

Authentication versus identification

Keystroke dynamics is part of a larger class of biometrics known as behavioral biometrics, a field in which observed patterns are statistical in nature. Because of this inherent uncertainty, a commonly held belief is that behavioral biometrics are not as reliable as biometrics used for authentication based on physically observable characteristics such as fingerprints or retinal scans or DNA. Behavioral biometrics use a confidence measurement in replacement of the traditional pass/fail measurements. As such, the traditional benchmarks of False Acceptance Rate (FAR) and False Rejection Rates (FRR) no longer have linear relationships.

The benefit to keystroke dynamics (as well as other behavioral biometrics) is that FRR/FAR can be adjusted by changing the acceptance threshold at the individual level. This allows for explicitly defined individual risk mitigation that physical biometric technologies could not achieve.

One of the major problems that keystroke dynamics runs into is that a user's typing varies substantially during a day and between different days and may be affected by any number of external factors.

Because of these variations, any system will make false-positive and false-negative errors. Some successful commercial products have strategies to handle these issues and have proven effective in large-scale use in real-world settings and applications.

Use of keylogging software may be in direct and explicit violation of local laws, such as the U.S. Patriot Act, under which such use may constitute wire-tapping.

Patents

Other uses

Because human beings generate keystroke timings, they are not well correlated with external processes. They are frequently used as a source of hardware-generated random numbers for computer systems.

Mental health symptoms such as depression and anxiety have also been correlated with keystroke timing features. [18]

See also

Related Research Articles

<span class="mw-page-title-main">Authentication</span> Act of proving an assertion

Authentication is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicating a person or thing's identity, authentication is the process of verifying that identity. It might involve validating personal identity documents, verifying the authenticity of a website with a digital certificate, determining the age of an artifact by carbon dating, or ensuring that a product or document is not counterfeit.

Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of recording (logging) the keys struck on a keyboard, typically covertly, so that a person using the keyboard is unaware that their actions are being monitored. Data can then be retrieved by the person operating the logging program. A keystroke recorder or keylogger can be either software or hardware.

Biometrics are body measurements and calculations related to human characteristics and features. Biometric authentication is used in computer science as a form of identification and access control. It is also used to identify individuals in groups that are under surveillance.

<span class="mw-page-title-main">Typing</span> Text input method

Typing is the process of writing or inputting text by pressing keys on a typewriter, computer keyboard, mobile phone, or calculator. It can be distinguished from other means of text input, such as handwriting and speech recognition. Text can be in the form of letters, numbers and other symbols. The world's first typist was Lillian Sholes from Wisconsin in the United States, the daughter of Christopher Sholes, who invented the first practical typewriter.

<span class="mw-page-title-main">Security token</span> Device used to access electronically restricted resource

A security token is a peripheral device used to gain access to an electronically restricted resource. The token is used in addition to, or in place of, a password. Examples of security tokens include wireless key cards used to open locked doors, a banking token used as a digital authenticator for signing in to online banking, or signing transactions such as wire transfers.

GOMS is a specialized human information processor model for human-computer interaction observation that describes a user's cognitive structure on four components. In the book The Psychology of Human Computer Interaction. written in 1983 by Stuart K. Card, Thomas P. Moran and Allen Newell, the authors introduce: "a set of Goals, a set of Operators, a set of Methods for achieving the goals, and a set of Selections rules for choosing among competing methods for goals." GOMS is a widely used method by usability specialists for computer system designers because it produces quantitative and qualitative predictions of how people will use a proposed system.

A password policy is a set of rules designed to enhance computer security by encouraging users to employ strong passwords and use them properly. A password policy is often part of an organization's official regulations and may be taught as part of security awareness training. Either the password policy is merely advisory, or the computer systems force users to comply with it. Some governments have national authentication frameworks that define requirements for user authentication to government services, including requirements for passwords.

In human–computer interaction, the keystroke-level model (KLM) predicts how long it will take an expert user to accomplish a routine task without errors using an interactive computer system. It was proposed by Stuart K. Card, Thomas P. Moran and Allen Newell in 1980 in the Communications of the ACM and published in their book The Psychology of Human-Computer Interaction in 1983, which is considered as a classic in the HCI field. The foundations were laid in 1974, when Card and Moran joined the Palo Alto Research Center (PARC) and created a group named Applied Information-Processing Psychology Project (AIP) with Newell as a consultant aiming to create an applied psychology of human-computer interaction. The keystroke-level model is still relevant today, which is shown by the recent research about mobile phones and touchscreens.

Logical security consists of software safeguards for an organization's systems, including user identification and password access, authenticating, access rights and authority levels. These measures are to ensure that only authorized users are able to perform actions or access information in a network or a workstation. It is a subset of computer security.

Living in the intersection of cryptography and psychology, password psychology is the study of what makes passwords or cryptographic keys easy to remember or guess.

In information security, intruder detection is the process of detecting intruders behind attacks as unique persons. This technique tries to identify the person behind an attack by analyzing their computational behaviour. This concept is sometimes confused with Intrusion Detection techniques which are the art of detecting intruder actions.

In computer security, shoulder surfing is a type of social engineering technique used to obtain information such as personal identification numbers (PINs), passwords and other confidential data by looking over the victim's shoulder. Unauthorized users watch the keystrokes inputted on a device or listen to sensitive information being spoken, which is also known as eavesdropping.

<span class="mw-page-title-main">Steven Bender</span>

Steven Lee Bender was an American entrepreneur and founder of both Altamira Group and iMagic Software. Bender has made contribributions to digital imaging and Photoshop, and to authentication for distributed systems by supporting turning passwords into a biometric akin to fingerprints. Information technology analyst Rob Enderle of the Enderle Group commented in January 2007 that this new technology is, "a compelling solution in a world where identity theft and illegal access are the greatest growing threats to a business or family".

<span class="mw-page-title-main">Multi-factor authentication</span> Method of computer access control

Multi-factor authentication is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence to an authentication mechanism. MFA protects personal data—which may include personal identification or financial assets—from being accessed by an unauthorized third party that may have been able to discover, for example, a single password.

Computer security compromised by hardware failure is a branch of computer security applied to hardware. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to remain accessible and productive to its intended users. Such secret information could be retrieved by different ways. This article focus on the retrieval of data thanks to misused hardware or hardware failure. Hardware could be misused or exploited to get secret data. This article collects main types of attack that can lead to data theft.

Mouse tracking is the use of software to collect users' mouse cursor positions on the computer. This goal is to automatically gather richer information about what people are doing, typically to improve the design of an interface. Often this is done on the Web and can supplement eye tracking in some situations.

A whole new range of techniques has been developed to identify people since the 1960s from the measurement and analysis of parts of their bodies to DNA profiles. Forms of identification are used to ensure that citizens are eligible for rights to benefits and to vote without fear of impersonation while private individuals have used seals and signatures for centuries to lay claim to real and personal estate. Generally, the amount of proof of identity that is required to gain access to something is proportionate to the value of what is being sought. It is estimated that only 4% of online transactions use methods other than simple passwords. Security of systems resources generally follows a three-step process of identification, authentication and authorization. Today, a high level of trust is as critical to eCommerce transactions as it is to traditional face-to-face transactions.

<span class="mw-page-title-main">Smudge attack</span> Discerning a password via screen smudges

A smudge attack is an information extraction attack that discerns the password input of a touchscreen device such as a smartphone or tablet computer from fingerprint smudges. A team of researchers at the University of Pennsylvania were the first to investigate this type of attack in 2010. An attack occurs when an unauthorized user is in possession or is nearby the device of interest. The attacker relies on detecting the oily smudges produced and left behind by the user's fingers to find the pattern or code needed to access the device and its contents. Simple cameras, lights, fingerprint powder, and image processing software can be used to capture the fingerprint deposits created when the user unlocks their device. Under proper lighting and camera settings, the finger smudges can be easily detected, and the heaviest smudges can be used to infer the most frequent input swipes or taps from the user.

Implicit authentication (IA) is a technique that allows the smart device to recognize its owner by being acquainted with his/her behaviors. It is a technique that uses machine learning algorithms to learn user behavior through various sensors on the smart devices and achieve user identification. Most of the current authentication techniques, e.g., password, pattern lock, finger print and iris recognition, are explicit authentication which require user input. Comparing with explicit authentication, IA is transparent to users during the usage, and it significantly increases the usability by reducing time users spending on login, in which users find it more annoying than lack of cellular coverage.

Network eavesdropping, also known as eavesdropping attack, sniffing attack, or snooping attack, is a method that retrieves user information through the internet. This attack happens on electronic devices like computers and smartphones. This network attack typically happens under the usage of unsecured networks, such as public wifi connections or shared electronic devices. Eavesdropping attacks through the network is considered one of the most urgent threats in industries that rely on collecting and storing data. Internet users use eavesdropping via the Internet to improve information security.

References

  1. Robert Moskovitch, Clint Feher, Arik Messerman, Niklas Kirschnick, Tarik Mustafic, Ahmet Camtepe, Bernhard Löhlein, Ulrich Heister, Sebastian Möller, Lior Rokach, Yuval Elovici (2009). Identity theft, computers and behavioral biometrics (PDF). Proceedings of the IEEE International Conference on Intelligence and Security Informatics. pp. 155–160.{{cite conference}}: CS1 maint: multiple names: authors list (link)
  2. Monrose, Fabian, and Aviel D. Rubin. "Keystroke dynamics as a biometric for authentication". Future Generation Computer Systems.{{cite journal}}: CS1 maint: multiple names: authors list (link)
  3. Monrose, F.; Rubin, A. (1997). "Authentication via keystroke dynamics". Proceedings of the 4th ACM conference on Computer and Communications Security. pp. 48–56. doi:10.1145/266420.266434.
  4. Deng, Y.; Yu, Y. (2013). "Keystroke Dynamics User Authentication Based on Gaussian Mixture Model and Deep Belief Nets". ISRN Signal Processing. 2013: 565183. doi: 10.1155/2013/565183 .
  5. "User authentication through typing biometrics features" (PDF). Archived from the original (PDF) on 2014-03-04. Retrieved 2013-11-14.
  6. Shepherd, S.J. (1995). "Continuous authentication by analysis of keyboard typing characteristics". European Convention on Security and Detection. pp. 111–114. doi:10.1049/cp:19950480. ISBN   0-85296-640-7.
  7. 1 2 Panasiuk, Piotr; Saeed, Khalid (2010). "A Modified Algorithm for User Identification by His Typing on the Keyboard". Image Processing and Communications Challenges 2. Advances in Intelligent and Soft Computing. Vol. 84. pp. 113–120. doi:10.1007/978-3-642-16295-4_13. ISBN   978-3-642-16294-7.
  8. Alzubaidi, Abdulaziz; Kalita, Jugal (2016). "Authentication of Smartphone Users Using Behavioral Biometrics". IEEE Communications Surveys & Tutorials. 18 (3): 1998–2026. arXiv: 1911.04104 . doi:10.1109/comst.2016.2537748. ISSN   1553-877X. S2CID   8443300.
  9. Monrose, Fabian, and Aviel D. Rubin. "Keystroke dynamics as a biometric for authentication". Future Generation Computer Systems.{{cite journal}}: CS1 maint: multiple names: authors list (link)
  10. "Keystroke Dynamics". Biometrics. Retrieved 2018-01-18.
  11. Haring, Kristen (2007). Ham Radio's Technical Culture. MIT Press. p. 23. ISBN   978-0-262-08355-3.
  12. Monrose, F.; Rubin, A. (1997). "Authentication via keystroke dynamics". Proceedings of the 4th ACM conference on Computer and Communications Security. pp. 48–56. doi:10.1145/266420.266434.
  13. Deng, Y.; Yu, Y. (2013). "Keystroke Dynamics User Authentication Based on Gaussian Mixture Model and Deep Belief Nets". ISRN Signal Processing. 2013: 565183. doi: 10.1155/2013/565183 .
  14. "User authentication through typing biometrics features" (PDF). Archived from the original (PDF) on 2014-03-04. Retrieved 2013-11-14.
  15. Continuous authentication by analysis of keyboard typing characteristics
  16. Alzubaidi, Abdulaziz; Kalita, Jugal (2016). "Authentication of Smartphone Users Using Behavioral Biometrics". IEEE Communications Surveys & Tutorials. 18 (3): 1998–2026. arXiv: 1911.04104 . doi:10.1109/comst.2016.2537748. ISSN   1553-877X. S2CID   8443300.
  17. Lu, Xiaofeng; Zhang, Shengfei; Hui, Pan; Lio, Pietro (2020-09-01). "Continuous authentication by free-text keystroke based on CNN and RNN". Computers & Security. 96: 101861. doi: 10.1016/j.cose.2020.101861 . hdl: 11573/1719684 . ISSN   0167-4048.
  18. Braund, Taylor A.; O’Dea, Bridianne; Bal, Debopriyo; Maston, Kate; Larsen, Mark E.; Werner-Seidler, Aliza; Tillman, Gabriel; Christensen, Helen (2023-05-15). "Associations Between Smartphone Keystroke Metadata and Mental Health Symptoms in Adolescents: Findings From the Future Proofing Study". JMIR Mental Health. 10: e44986. doi: 10.2196/44986 . PMC   10227695 . PMID   37184904.

Other references

Further reading

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.