Keystroke dynamics

Last updated

Keystroke dynamics, keystroke biometrics, typing dynamics, andtyping biometrics refer to the collection of biometric information generated by key press related events that occur when a user types on a keyboard. [1] Use of patterns in key operation to identify operators predates the modern computing, and keyboards, [2] and has been proposed as an authentication alternative to passwords and PIN numbers. [3]

Contents

Science

The behavioral biometric of keystroke dynamics uses the manner and rhythm in which an individual types characters on a keyboard or keypad. [4] [5] [6] The user's keystroke rhythms are measured to develop a unique biometric template of the user's typing pattern for future authentication. [7] Keystrokes are separated into static and dynamic typing, which are used to help distinguish between authorized and unauthorized users. [8] Vibration information may be used to create a pattern for future use in both identification and authentication tasks.

History

During the late nineteenth century, telegram operators began to develop unique "signatures" that could be identified simply by their tapping rhythm. [9] As late as World War II, the military transmitted messages through Morse Code. Using a methodology called "The Fist of the Sender," military intelligence identified that an individual had a unique way of keying in a message's "dots" and "dashes", creating a rhythm that could help distinguish ally from enemy. [10] [11]

Keyboard dynamics received attention as a potential alternative to short PIN numbers, which were widely used for authentication early in the expansion of networked computing. [12]

Collection and potential use of keystroke dynamics data

The behavioral biometric of keystroke dynamics uses the manner and rhythm in which an individual types characters on a keyboard or keypad. [13] [14] [15] The user's keystroke rhythms are measured to develop a unique biometric template of the user's typing pattern for future authentication. [16] Keystrokes are separated into static and dynamic typing, which are used to help distinguish between authorized and unauthorized users. [17] Vibration information may be used to create a pattern for future use in both identification and authentication tasks.

Keystroke dynamic information could be used to verify or determine the identity of the person producing the keystrokes. [18] The techniques used to do this vary widely in sophistication and range from statistical techniques to artificial intelligence (AI) approaches such as neural networks.

The time to seek and depress a key (seek-time) and the time the key is held down (hold-time) may be characteristic of an individual, regardless of the total speed at which they type. Most people take longer to find or get to specific letters on the keyboard than their average seek-time for all letters. Which letters require more time vary dramatically and consistently for different people. Right-handed people may be statistically faster in getting to keys they hit with their right-hand fingers than with their left-hand fingers. Index fingers may be faster than other fingers, consistent for a user, regardless of their overall speed.

In addition, sequences of letters may have characteristic properties for a user. In English, the use of "the" is very common, and those three letters may be known as a rapid-fire sequence. Common endings, such as "ing", may be entered far faster than the same letters in reverse order ("gni") to the degree that varies consistently by user. This consistency may hold and reveal common sequences of the user's native language even when they are writing entirely in a different language.

Common "errors" may also be quite characteristic of a user. There is a taxonomy of errors, such as the user's most common "substitutions", "reversals", "drop-outs", "double-strikes", "adjacent letter hits", "homonyms" and hold-length-errors (for a shift key held down too short or too long a time). Even without knowing what language the user is working in, these errors may be detected by looking at the rest of the text and what letters the user goes back and replaces.

Authentication versus identification

Keystroke dynamics is part of a larger class of biometrics known as behavioral biometrics, a field in which observed patterns are statistical in nature. Because of this inherent uncertainty, a commonly held belief is that behavioral biometrics are not as reliable as biometrics used for authentication based on physically observable characteristics such as fingerprints or retinal scans or DNA. behavioral biometrics use a confidence measurement in replacement of the traditional pass/fail measurements. As such, the traditional benchmarks of False Acceptance Rate (FAR) and False Rejection Rates (FRR) no longer have linear relationships.

The benefit to keystroke dynamics (as well as other behavioral biometrics) is that FRR/FAR can be adjusted by changing the acceptance threshold at the individual level. This allows for explicitly defined individual risk mitigation that physical biometric technologies could not achieve.

One of the major problems that keystroke dynamics runs into is that a user's typing varies substantially during a day and between different days and may be affected by any number of external factors.

Because of these variations, any system will make false-positive and false-negative errors. Some successful commercial products have strategies to handle these issues and have proven effective in large-scale use in real-world settings and applications.

Use of keylogging software may be in direct and explicit violation of local laws, such as the U.S. Patriot Act, under which such use may constitute wire-tapping.

Patents

Other uses

Because human beings generate keystroke timings, they are not well correlated with external processes. They are frequently used as a source of hardware-generated random numbers for computer systems.

Mental health symptoms such as depression and anxiety have also been correlated with keystroke timing features. [19]

See also

Related Research Articles

<span class="mw-page-title-main">Authentication</span> Act of proving an assertion

Authentication is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicating a person or thing's identity, authentication is the process of verifying that identity. It might involve validating personal identity documents, verifying the authenticity of a website with a digital certificate, determining the age of an artifact by carbon dating, or ensuring that a product or document is not counterfeit.

Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of recording (logging) the keys struck on a keyboard, typically covertly, so that a person using the keyboard is unaware that their actions are being monitored. Data can then be retrieved by the person operating the logging program. A keystroke recorder or keylogger can be either software or hardware.

Biometrics are body measurements and calculations related to human characteristics. Biometric authentication is used in computer science as a form of identification and access control. It is also used to identify individuals in groups that are under surveillance.

<span class="mw-page-title-main">Typing</span> Text input method

Typing is the process of writing or inputting text by pressing keys on a typewriter, computer keyboard, mobile phone, or calculator. It can be distinguished from other means of text input, such as handwriting and speech recognition. Text can be in the form of letters, numbers and other symbols. The world's first typist was Lillian Sholes from Wisconsin in the United States, the daughter of Christopher Sholes, who invented the first practical typewriter.

GOMS is a specialized human information processor model for human-computer interaction observation that describes a user's cognitive structure on four components. In the book The Psychology of Human Computer Interaction. written in 1983 by Stuart K. Card, Thomas P. Moran and Allen Newell, the authors introduce: "a set of Goals, a set of Operators, a set of Methods for achieving the goals, and a set of Selections rules for choosing among competing methods for goals." GOMS is a widely used method by usability specialists for computer system designers because it produces quantitative and qualitative predictions of how people will use a proposed system.

Logical security consists of software safeguards for an organization's systems, including user identification and password access, authenticating, access rights and authority levels. These measures are to ensure that only authorized users are able to perform actions or access information in a network or a workstation. It is a subset of computer security.

Living in the intersection of cryptography and psychology, password psychology is the study of what makes passwords or cryptographic keys easy to remember or guess.

In information security, intruder detection is the process of detecting intruders behind attacks as unique persons. This technique tries to identify the person behind an attack by analyzing their computational behaviour. This concept is sometimes confused with Intrusion Detection techniques which are the art of detecting intruder actions.

In computer security, shoulder surfing is a type of social engineering technique used to obtain information such as personal identification numbers (PINs), passwords and other confidential data by looking over the victim's shoulder. Unauthorized users watch the keystrokes inputted on a device or listen to sensitive information being spoken, which is also known as eavesdropping.

<span class="mw-page-title-main">Steven Bender</span>

Steven Lee Bender was an American entrepreneur and founder of both Altamira Group and iMagic Software. Bender has made contribributions to digital imaging and Photoshop, and to authentication for distributed systems by supporting turning passwords into a biometric akin to fingerprints. Information technology analyst Rob Enderle of the Enderle Group commented in January 2007 that this new technology is, "a compelling solution in a world where identity theft and illegal access are the greatest growing threats to a business or family".

Private biometrics is a form of encrypted biometrics, also called privacy-preserving biometric authentication methods, in which the biometric payload is a one-way, homomorphically encrypted feature vector that is 0.05% the size of the original biometric template and can be searched with full accuracy, speed and privacy. The feature vector's homomorphic encryption allows search and match to be conducted in polynomial time on an encrypted dataset and the search result is returned as an encrypted match. One or more computing devices may use an encrypted feature vector to verify an individual person or identify an individual in a datastore without storing, sending or receiving plaintext biometric data within or between computing devices or any other entity. The purpose of private biometrics is to allow a person to be identified or authenticated while guaranteeing individual privacy and fundamental human rights by only operating on biometric data in the encrypted space. Some private biometrics including fingerprint authentication methods, face authentication methods, and identity-matching algorithms according to bodily features. Private biometrics are constantly evolving based on the changing nature of privacy needs, identity theft, and biotechnology.

<span class="mw-page-title-main">Multi-factor authentication</span> Method of computer access control

Multi-factor authentication is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence to an authentication mechanism. MFA protects personal data—which may include personal identification or financial assets—from being accessed by an unauthorized third party that may have been able to discover, for example, a single password.

Computer security compromised by hardware failure is a branch of computer security applied to hardware. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to remain accessible and productive to its intended users. Such secret information could be retrieved by different ways. This article focus on the retrieval of data thanks to misused hardware or hardware failure. Hardware could be misused or exploited to get secret data. This article collects main types of attack that can lead to data theft.

<span class="mw-page-title-main">Vein matching</span> Technique of biometric identification

Vein matching, also called vascular technology, is a technique of biometric identification through the analysis of the patterns of blood vessels visible from the surface of the skin. Though used by the Federal Bureau of Investigation and the Central Intelligence Agency, this method of identification is still in development and has not yet been universally adopted by crime labs as it is not considered as reliable as more established techniques, such as fingerprinting. However, it can be used in conjunction with existing forensic data in support of a conclusion.

Mouse tracking is the use of software to collect users' mouse cursor positions on the computer. This goal is to automatically gather richer information about what people are doing, typically to improve the design of an interface. Often this is done on the Web and can supplement eye tracking in some situations.

A whole new range of techniques has been developed to identify people since the 1960s from the measurement and analysis of parts of their bodies to DNA profiles. Forms of identification are used to ensure that citizens are eligible for rights to benefits and to vote without fear of impersonation while private individuals have used seals and signatures for centuries to lay claim to real and personal estate. Generally, the amount of proof of identity that is required to gain access to something is proportionate to the value of what is being sought. It is estimated that only 4% of online transactions use methods other than simple passwords. Security of systems resources generally follows a three-step process of identification, authentication and authorization. Today, a high level of trust is as critical to eCommerce transactions as it is to traditional face-to-face transactions.

<span class="mw-page-title-main">Smudge attack</span> Discerning a password via screen smudges

A smudge attack is an information extraction attack that discerns the password input of a touchscreen device such as a cell phone or tablet computer from fingerprint smudges. A team of researchers at the University of Pennsylvania were the first to investigate this type of attack in 2010. An attack occurs when an unauthorized user is in possession or is nearby the device of interest. The attacker relies on detecting the oily smudges produced and left behind by the user's fingers to find the pattern or code needed to access the device and its contents. Simple cameras, lights, fingerprint powder, and image processing software can be used to capture the fingerprint deposits created when the user unlocks their device. Under proper lighting and camera settings, the finger smudges can be easily detected, and the heaviest smudges can be used to infer the most frequent input swipes or taps from the user.

<span class="mw-page-title-main">Biometric device</span> Identification and authentication device

A biometric device is a security identification and authentication device. Such devices use automated methods of verifying or recognising the identity of a living person based on a physiological or behavioral characteristic. These characteristics include fingerprints, facial images, iris and voice recognition.

Implicit authentication (IA) is a technique that allows the smart device to recognize its owner by being acquainted with his/her behaviors. It is a technique that uses machine learning algorithms to learn user behavior through various sensors on the smart devices and achieve user identification. Most of the current authentication techniques, e.g., password, pattern lock, finger print and iris recognition, are explicit authentication which require user input. Comparing with explicit authentication, IA is transparent to users during the usage, and it significantly increases the usability by reducing time users spending on login, in which users find it more annoying than lack of cellular coverage.

<span class="mw-page-title-main">Thermal attack</span> Type of computer security breach

A thermal attack is an approach that exploits heat traces to uncover the entered credentials. These attacks rely on the phenomenon of heat transfer from one object to another. During authentication, heat transfers from the users' hands to the surface they are interacting with, leaving heat traces behind that can be analyzed using thermal cameras that operate in the far-infrared spectrum. These traces can be recovered and used to reconstruct the passwords. In some cases, the attack can be successful even 30 seconds after the user has authenticated.

References

  1. Robert Moskovitch, Clint Feher, Arik Messerman, Niklas Kirschnick, Tarik Mustafic, Ahmet Camtepe, Bernhard Löhlein, Ulrich Heister, Sebastian Möller, Lior Rokach, Yuval Elovici (2009). Identity theft, computers and behavioral biometrics (PDF). Proceedings of the IEEE International Conference on Intelligence and Security Informatics. pp. 155–160.{{cite conference}}: CS1 maint: multiple names: authors list (link)
  2. Monrose, Fabian, and Aviel D. Rubin. "Keystroke dynamics as a biometric for authentication". Future Generation Computer Systems.{{cite journal}}: CS1 maint: multiple names: authors list (link)
  3. Monrose, F.; Rubin, A. (1997). "Authentication via keystroke dynamics". Proceedings of the 4th ACM conference on Computer and Communications Security. pp. 48–56. doi:10.1145/266420.266434.
  4. Deng, Y.; Yu, Y. (2013). "Keystroke Dynamics User Authentication Based on Gaussian Mixture Model and Deep Belief Nets". ISRN Signal Processing. 2013: 565183. doi: 10.1155/2013/565183 .
  5. "User authentication through typing biometrics features" (PDF). Archived from the original (PDF) on 2014-03-04. Retrieved 2013-11-14.
  6. Continuous authentication by analysis of keyboard typing characteristics
  7. A modified algorithm for user identification by his typing on the keyboard
  8. Alzubaidi, Abdulaziz; Kalita, Jugal (2016). "Authentication of Smartphone Users Using Behavioral Biometrics". IEEE Communications Surveys & Tutorials. 18 (3): 1998–2026. arXiv: 1911.04104 . doi:10.1109/comst.2016.2537748. ISSN   1553-877X. S2CID   8443300.
  9. Monrose, Fabian, and Aviel D. Rubin. "Keystroke dynamics as a biometric for authentication". Future Generation Computer Systems.{{cite journal}}: CS1 maint: multiple names: authors list (link)
  10. "Keystroke Dynamics". Biometrics. Retrieved 2018-01-18.
  11. Haring, Kristen (2007). Ham Radio's Technical Culture. MIT Press. p. 23. ISBN   978-0-262-08355-3.
  12. Monrose, F.; Rubin, A. (1997). "Authentication via keystroke dynamics". Proceedings of the 4th ACM conference on Computer and Communications Security. pp. 48–56. doi:10.1145/266420.266434.
  13. Deng, Y.; Yu, Y. (2013). "Keystroke Dynamics User Authentication Based on Gaussian Mixture Model and Deep Belief Nets". ISRN Signal Processing. 2013: 565183. doi: 10.1155/2013/565183 .
  14. "User authentication through typing biometrics features" (PDF). Archived from the original (PDF) on 2014-03-04. Retrieved 2013-11-14.
  15. Continuous authentication by analysis of keyboard typing characteristics
  16. A modified algorithm for user identification by his typing on the keyboard
  17. Alzubaidi, Abdulaziz; Kalita, Jugal (2016). "Authentication of Smartphone Users Using Behavioral Biometrics". IEEE Communications Surveys & Tutorials. 18 (3): 1998–2026. arXiv: 1911.04104 . doi:10.1109/comst.2016.2537748. ISSN   1553-877X. S2CID   8443300.
  18. Lu, Xiaofeng; Zhang, Shengfei; Hui, Pan; Lio, Pietro (2020-09-01). "Continuous authentication by free-text keystroke based on CNN and RNN". Computers & Security. 96: 101861. doi: 10.1016/j.cose.2020.101861 . ISSN   0167-4048.
  19. Braund, Taylor A.; O’Dea, Bridianne; Bal, Debopriyo; Maston, Kate; Larsen, Mark E.; Werner-Seidler, Aliza; Tillman, Gabriel; Christensen, Helen (2023-05-15). "Associations Between Smartphone Keystroke Metadata and Mental Health Symptoms in Adolescents: Findings From the Future Proofing Study". JMIR Mental Health. 10: e44986. doi: 10.2196/44986 . PMC   10227695 . PMID   37184904.

Other references

Further reading

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.