Biometrics technologies are gaining popularity because they provide more reliable and secure means in the process of authentication and verification of users. Dynamic typing is a kind of behavioral biometrics which uses different methods and techniques to store and analyze the users own way of typing. This paper presents a user authentication methodology using keystroke dynamics through piezo-resistive force sensors. An authentication system has been created checking the total typing time, the typing time between each key typed, the force of key typing and the average typing force. The system checks the user authentication veracity in the act of registration. A common numeric keypad modified with piezo-resistive sensors along with a microcontroller were used as materials. The methodology also uses a statistical classifier for the evaluation of users, a data filter to evaluate samples and a method for determining the individual thresholds of users. The system presented biometric error rates of 7.91% of FRR (false rejection rate), 2.32% of FAR (false acceptance rate) and 4.72% of EER (equal error rate).
Improvement of Security Systems by Keystroke Dynamics of Passwords
1. Improvement of Security Systems by
Keystroke Dynamics of Passwords
Leonardo Janeis de Melo
Dept. of Engineering
Hermínio Ometto University Center (FHO-Uniararas)
Araras, São Paulo, Brazil
leonardojaneis@gmail.com
Dr. Heleno Murilo Campeão Vale
Dept. of Engineering
Hermínio Ometto University Center (FHO-Uniararas)
Araras, São Paulo, Brazil
heleno@uniararas.br
Abstract—Biometrics technologies are gaining popularity because
they provide more reliable and secure means in the process of
authentication and verification of users. Dynamic typing is a kind
of behavioral biometrics which uses different methods and
techniques to store and analyze the users own way of typing. This
paper presents a user authentication methodology using
keystroke dynamics through piezo-resistive force sensors. An
authentication system has been created checking the total typing
time, the typing time between each key typed, the force of key
typing and the average typing force. The system checks the user
authentication veracity in the act of registration. A common
numeric keypad modified with piezo-resistive sensors along with
a microcontroller were used as materials. The methodology also
uses a statistical classifier for the evaluation of users, a data filter
to evaluate samples and a method for determining the individual
thresholds of users. The system presented biometric error rates
of 7.91% of FRR (false rejection rate), 2.32% of FAR (false
acceptance rate) and 4.72% of EER (equal error rate).
Keywords- Biometrics, Keystroke Dynamics, Security, Pattern
Recognition, Authentication Systems.
I. INTRODUCTION
Societal needs for authenticating and identifying
individuals in real time has made biometric technologies very
popular. These technologies provide more reliable and
efficient means of authentication and verification [1].
Currently, one of the most commonly used forms of
identification is the entering of passwords into devices. The
access to security system is controlled by some authentication
system, this implies that the user who is trying to authenticate
himself is a legitimate user or an imposer [2].
Classic login and password authentication is the most
popular mode of security and identification in today's systems.
These systems suffer from several types of problems,
diminishing their trust and credibility [3]. One of the emerging
biometrics in today's technological world is typing dynamics,
which is considered to be an innovative biometric technology.
This technique is based on discovering and evaluating not only
what a person types, but also by capturing his or her typing
pattern through sensors while they type. Everyone’s typing
pattern is unique, so it is possible to create authentication and
verification systems with different methodologies and metrics.
Biometric devices and applications have been growing
steadily in recent years. According to Bhatt and Santhanam, an
application of typing dynamics for secure computer access is
relatively new and not used in practice. In addition, there are
no real cases of attempts to break typing dynamics systems
[4]. This research was motivated by different studies of
keystroke dynamics which reached satisfactory levels, using
multiple metrics and dataset [5].
Many innovative techniques and metrics are created to
improve the performance of authentication and identification
systems, but they can also be adapted and studied in depth. A
method not yet explored in conjunction with other techniques
is the use of a pressure sensor. The main motivation of
introducing a pressure sensor is to improve parameters in user
authentication. Shanmugapriya and Padmavathi also show that
typing dynamics have a viable cost benefit compared to other
types of biometrics and a great reach for the current
technology market [1].
This work was developed using a numeric keypad to
increase the latency between the typing of each key and to
decrease the precision requirement, because it forces the user
to use only one hand [6]. Systems based on the use of numeric
keypads to validate a user are currently applied in a large scale
in banks, cell phones, safes, among other places. The goal of
this work is to create a typing quality index, with acceptable
efficiency compared to data of error rates and falls of the most
current bibliographies.
II. METHODOLOGY
The methodology uses extraction characteristics that have
obtained satisfactory results in the literature and makes a
fusion of these characteristics. The main purpose of combining
these characteristics is to create an efficient extraction method.
This paper proposes a methodology that will analyse the
following items:
- Total user typing time (in milliseconds).
- Medium key pressing force.
- Average pressing force of each key.
International Journal of Computer Science and Information Security (IJCSIS),
Vol. 15, No. 9, September 2017
156 https://sites.google.com/site/ijcsis/
ISSN 1947-5500
2. - Pressing time between successive keys (latency).
The system created is responsible for receiving the user's
typing data and evaluating whether the user is legitimate. To
access the system the user must create an account or inform
his account. To create an account the user goes through a
process of collecting samples and if he has an account he must
enter his name and his password, going through the
authentication step. The system captures the user's typing,
extracts their characteristics and compares them to their
standard typing.
Fig. 1 presents the hardware operating circuit schematic.
Figure 1. Hardware schematic.
A. Password
The password is the set of characters entered by the user at
the time of authentication or registration. The password is
chosen by the user and must contain nine numeric characters.
B. Extraction of characteristics
Different from the other works reported on the literature,
this work analyses a set of characteristics as the average force
applied on each key, the total time spent typing the password,
the user's typing latency between keys and the average force
applied in all keys. The total time and latency are extracted in
milliseconds.
The extracted characteristics are allocated in a sample
vector A of nineteen positions, where the characteristics are
allocated as follows:
],...,,...[ 8191 FMTLLTTFttFttA
with FTT as total force of keys, TT as total time, L as latencies,
and FMT total average force.
C. Model
The model is formed only when there are at least 10 stored
samples and it is composed of the mean () and the standard
deviation () calculated for each characteristic (i) of the
characteristic vector (z) contained in the X samples.
D. Classifier
The classifier has the function of authenticating the user by
checking the similarity between the presented sample and the
stored model based on a Separation Criteria (Threshold).
- Unweighted Probability Classifier: the unweighted
probability classifier is a statistical classifier that assumes
that each characteristic for a user is distributed according
to a normal distribution [7].
Score (R, U) =
ri
ri
u
i
n
i
uxprob
n
)(
1
1
1
Given U and R are previously defined pattern vectors, the
components (μi, σri, Xi) represent the mean, standard
deviation and value of the data for characteristic i. The
classifier calculates the result between the reference model R
and an unknown sample U.
E. Data Dispersion Filter
If for any given sample any of the characteristics Zi is
outside the criterion of the equation 3, the sample in question is
disregarded, a new standard is generated and the process is
repeated until the evaluation of all the samples [8].
)()( 33 iiiii uzu
F. Threshold
The user thresholds are obtained based on the standard
deviations of each characteristic and have independent values
for each class.
The methodology for obtaining the threshold values for
each class was based on work of [9], where the threshold value
of each user is calculated only considering the users own
typing samples. For this, the cross-validation technique was
used using the leave-one-out (LOOM) method.
URS
U
j
U
j
U
n
Score ,1
III. EXPERIMENTAL SETUP AND RESULTS
This section describes the evaluation process, which is
used authentication tests to display the biometric error rates of
the system [10]. Therefore the evaluation methodology are
International Journal of Computer Science and Information Security (IJCSIS),
Vol. 15, No. 9, September 2017
157 https://sites.google.com/site/ijcsis/
ISSN 1947-5500
3. presented. The chosen site for the collection of samples was the
Brazilian Center for Research in Energy and Materials
(CNPEM) and ten users were chosen to participate in the data
collection, being three women and seven men of different ages.
A. Authentication tests
In order to analyze the performance of the presented
methodology, the users registered in the system were invited to
perform the login. The result of the following tables shows the
performance of the system created.
- FAR: to characterize the system FAR rates, impostor
users were invited to attempt authentication in the system.
Sixty attempts were made to enter the 10 user accounts of
the system.
TABLE I. RATIO OF USER INPUT AND REJECTION TO GENERATE FAR % RATES.
Users Entries on system Rejections FAR (%)
User 1 1 59 1.6
User 2 2 58 3.3
User 3 0 60 0
User 4 4 56 6.7
User 5 0 60 0
User 6 0 60 0
User 7 4 56 6.7
User 8 1 59 1.6
User 9 0 60 0
User 10 2 58 3.3
Total 14 586 2.32
- FRR: to characterize the system's FRR rates the ten
users made 30 attempts to enter the system.
TABLE II. RATIO OF USER INPUT AND REJECTION TO GENERATE FRR %
RATES.
Users Entries on system Rejections FRR (%)
User 1 29 1 3
User 2 22 8 26.6
User 3 30 0 0
User 4 29 1 3
User 5 27 3 10
User 6 30 0 0
User 7 26 4 13.3
User 8 27 3 10
User 9 28 2 6.6
User 10 28 2 6.6
Total 276 24 7.91
- EER: the methodology for obtaining the EER value
was based in [11], where the threshold value of each user is
defined by the crossing point between the FRR and FAR
rates, thus obtaining the value of EER.
TABLE III. EER VALUES BASED ON FAR AND FRR RATES.
Users EER (%)
User 1 5.04
User 2 8.40
User 3 1.56
User 4 6.72
User 5 1.69
User 6 3.36
User 7 6.72
User 8 5.27
User 9 3.39
User 10 5.08
Total 4.72
Two hundred samples were collected per user, these
samples were collected on three distinct days on morning and
afternoon. These samples were saved in text files.
IV. CONCLUSIONS AND FUTURE WORKS
This paper focused on the improvement of security systems
through the dynamics of password-typing, a promising
methodology. Biometric authentication was performed through
extraction. A numeric keypad was used, where piezo-resistive
sensors were implanted, one for each key. Thus, a complete
system for user authentication was developed, with EER value
of 4.72%, FAR of 2.32% and FRR of 7.91%, which qualifies it
as an efficient system when compared to other systems already
reported in the literature. The diversification of the samples
allows users to infer that the level of efficiency of the system
can be maintained even when used in other populations.
A. Future Works
There are much work to be done and we present the next
steps below.
- Test the system in other populations with an even
bigger variety of samples;
- Apply other classifier methodologies to the system,
such as weighted probability and neural networks;
- Evaluate different sensors for the task described in
this paper;
- Create an efficient methodology for updating user
thresholds and standards.
International Journal of Computer Science and Information Security (IJCSIS),
Vol. 15, No. 9, September 2017
158 https://sites.google.com/site/ijcsis/
ISSN 1947-5500
4. V. ACKNOWLEDGMENT
The authors would like to thank the volunteers who have
participated in the data collection process and Hermínio
Ometto University Center (FHO-Uniararas) for providing
devices and laboratories.
REFERENCES
[1] D. Shanmugapriya and G. Padmavathi, “A Survey of Biometric
keystroke Dynamics: Approaches, Security and Challenges,”
International Jounal of Computer Science and Information Security, vol.
V, no. 1, pp. 115-119, 2009.
[2] S. Singh and M. Sinha, “Pattern construction by extracting user specific
features in keystroke authentication system”, in 4th international
conference on computer and communication technology (ICCCT), Uttar
Pradesh, India,2013, pp. 181–184.
[3] A. Conclin, G. Dietrich and D. Walz, “Password-based Authentication:
A System Perspective,” in Proceedings of the 37th annual hawaii
international conference on system sciences, Hawaii, 2004, p. 1-10.
[4] S. Bhatt and T. Santhanam, “Keystroke Dynamics for Biometric
Authentication – A Survey”, in International conference on pattern
recognition, Tamil Nadu, India, 2013, p. 17-23.
[5] H. J. Lee and S. Cho, “Retraining a novelty detector with impostor
patterns for keystroke dynamics-based authentication”, Adavances in
Biometrics, Berlin: Springer, 2005, pp. 633-639.
[6] T. Ord and S. M. Furnell, “User authentication for keypad-based devices
using keystroke analysis”, in International Network Conference,
Plymouth, UK, 2000, p. 263-272.
[7] F. Monrose and A. D. Rubin, “Keystroke Dynamics as a Biometric for
Authentication”, Future Generation Computer Systems, vol. 16, no. 4,
pp. 351-359, March 2000.
[8] C. R. Costa, “Biometric authentication through numerical keyboard
based on keystroke dynamics: experiments and results”, M.S. tesis,
School of Electrical and Computer Engineering (Unicamp), Campinas,
Brazil, 2006.
[9] D. Hosseinzadeh, S. Krishnan, “Gaussian Mixture Modeling of
Keystroke Patterns for Biometric Applications”, IEEE Transactions on
Systems, Man, and Cybernetics - Part C: Applications and Reviews, vol.
38, no. 6, p. 816-826, November 2008.
[10] T. Scheidat, C. Vielhauer, J. Dittman, “Handwriting verification-
comparison of a multi-algorithmic and a multi-semantic approach”,
Image and Vision Computing, vol. 27, p. 269-278, February 2009.
[11] E. A. Solami, C. Boyd, I. Ahmed, R. Nayak and A. Marrington, “User-
independent threshold for continuous user authentication with keystroke
dynamics”, in The seventh international conference on internet
monitoring and protection, Stuttgart, Germany, 2012, p. 1-9.
International Journal of Computer Science and Information Security (IJCSIS),
Vol. 15, No. 9, September 2017
159 https://sites.google.com/site/ijcsis/
ISSN 1947-5500