This document summarizes research on using keystroke dynamics for web-based authentication. It discusses collecting keystroke timing data while users type passwords and using algorithms like nearest neighbors to analyze the data and identify users. The researchers tested the approach under different assumptions about pattern variation over time or devices. Their results showed the algorithms had very low error rates and performed similarly regardless of variation. However, the document also notes some limitations, like not accounting for cursor movements while typing or the possibility of keystroke logging malware.
Modern-day computer security relies heavily on cryptography as a means to protect the data that we have
become increasingly reliant on. The main research in computer security domain is how to enhance the
speed of RSA algorithm. The computing capability of Graphic Processing Unit as a co-processor of the
CPU can leverage massive-parallelism. This paper presents a novel algorithm for calculating modulo
value that can process large power of numbers which otherwise are not supported by built-in data types.
First the traditional algorithm is studied. Secondly, the parallelized RSA algorithm is designed using
CUDA framework. Thirdly, the designed algorithm is realized for small prime numbers and large prime
number . As a result the main fundamental problem of RSA algorithm such as speed and use of poor or
small prime numbers that has led to significant security holes, despite the RSA algorithm's mathematical
soundness can be alleviated by this algorithm.
Automated Validation of Internet Security Protocols and Applications (AVISPA) Krassen Deltchev
This is my first B.Sc. term paper, 2006. Back in the days my English was bad, which is obvious, while reading the paper, but i still love it, cuz this was my academic starting point on the topic of IT-Security. Enjoy!
This B.Sc. term paper is presented to the
Department of Electrical Engineering and Information Sciences
of the Ruhr-University of Bochum
Chair of Network and Data Security
of the Ruhr-University of Bochum,
Horst-Görtz Institute,
Prof. Jörg Schwenk
Abstract:
The AVISPA Model Checker is a tool for automated validation and verification of security
protocols. It provides a push-button web-based software- and hardware-independent interface and
installation binaries for UNIX-based Operating Systems.
It belongs to the group of the state-of-the-art Model Checkers and uses a modular and descriptive
formal language for specifying industrial-scale security protocols.
The different back-ends of the AVISPA tool implement new optimized analysing techniques for
automated protocol verification.
Therefore the researcher/scientist can prove even bigger in their specification protocols in a short
time and in a user-friendly way.
New cryptographic attacks are explored using the AVISPA tool and the Model-Checker covers
widest range of the modern authentication internet protocols, regarding their security validation.
A Self –Destructing Secure Messaging System Using Multi Key Management Schemeijiert bestjournal
We propose the Pandora Messaging, an enhanced secure instant messaging architecture which is
equipped with a self-message-destructing feature for sensitive personal information applications
in a mobile environment along with Multi Key Security Management using Shamirs algorithm.
The proposed system will be beneficial for Government officers for communicating very
sensitive and confidential messages. We design the Pandora Message Encryption and Exchange
Scheme and the format of a self-destructible message to show how to exchange these messages
atop the existing instant messaging service architecture. The Pandora Messaging-based system
enables senders to set time, frequency, and location constraints. These conditions determine
when the transmitted messages should be destructed and thus become unreadable for receivers.
The Pandora Messaging-based system securely sends self destructible messages to receivers in a
way that it uses ephemeral keys to encrypt the messages and transmits the encrypted messages to
the designated receiver‟s instant messaging service in real time. When the transmitted messages‟
constraints are satisfied, the ephemeral key used for encryption will be deleted .Thus, the
encrypted messages become unrecoverable. The most important part is that the Key are managed
by the system. The system generates a pool of key and any group of the same pool can be used to
encrypt and decrypt the message.
RSA is one of the most popular Public Key Cryptography based algorithm mainly used for digital
signatures, encryption/decryption etc. It is based on the mathematical scheme of factorization of very large
integers which is a compute-intensive process and takes very long time as well as power to perform.
Several scientists are working throughout the world to increase the speedup and to decrease the power
consumption of RSA algorithm while keeping the security of the algorithm intact. One popular technique
which can be used to enhance the performance of RSA is parallel programming. In this paper we are
presenting the survey of various parallel implementations of RSA algorithm involving variety of hardware
and software implementations.
Modern-day computer security relies heavily on cryptography as a means to protect the data that we have
become increasingly reliant on. The main research in computer security domain is how to enhance the
speed of RSA algorithm. The computing capability of Graphic Processing Unit as a co-processor of the
CPU can leverage massive-parallelism. This paper presents a novel algorithm for calculating modulo
value that can process large power of numbers which otherwise are not supported by built-in data types.
First the traditional algorithm is studied. Secondly, the parallelized RSA algorithm is designed using
CUDA framework. Thirdly, the designed algorithm is realized for small prime numbers and large prime
number . As a result the main fundamental problem of RSA algorithm such as speed and use of poor or
small prime numbers that has led to significant security holes, despite the RSA algorithm's mathematical
soundness can be alleviated by this algorithm.
Automated Validation of Internet Security Protocols and Applications (AVISPA) Krassen Deltchev
This is my first B.Sc. term paper, 2006. Back in the days my English was bad, which is obvious, while reading the paper, but i still love it, cuz this was my academic starting point on the topic of IT-Security. Enjoy!
This B.Sc. term paper is presented to the
Department of Electrical Engineering and Information Sciences
of the Ruhr-University of Bochum
Chair of Network and Data Security
of the Ruhr-University of Bochum,
Horst-Görtz Institute,
Prof. Jörg Schwenk
Abstract:
The AVISPA Model Checker is a tool for automated validation and verification of security
protocols. It provides a push-button web-based software- and hardware-independent interface and
installation binaries for UNIX-based Operating Systems.
It belongs to the group of the state-of-the-art Model Checkers and uses a modular and descriptive
formal language for specifying industrial-scale security protocols.
The different back-ends of the AVISPA tool implement new optimized analysing techniques for
automated protocol verification.
Therefore the researcher/scientist can prove even bigger in their specification protocols in a short
time and in a user-friendly way.
New cryptographic attacks are explored using the AVISPA tool and the Model-Checker covers
widest range of the modern authentication internet protocols, regarding their security validation.
A Self –Destructing Secure Messaging System Using Multi Key Management Schemeijiert bestjournal
We propose the Pandora Messaging, an enhanced secure instant messaging architecture which is
equipped with a self-message-destructing feature for sensitive personal information applications
in a mobile environment along with Multi Key Security Management using Shamirs algorithm.
The proposed system will be beneficial for Government officers for communicating very
sensitive and confidential messages. We design the Pandora Message Encryption and Exchange
Scheme and the format of a self-destructible message to show how to exchange these messages
atop the existing instant messaging service architecture. The Pandora Messaging-based system
enables senders to set time, frequency, and location constraints. These conditions determine
when the transmitted messages should be destructed and thus become unreadable for receivers.
The Pandora Messaging-based system securely sends self destructible messages to receivers in a
way that it uses ephemeral keys to encrypt the messages and transmits the encrypted messages to
the designated receiver‟s instant messaging service in real time. When the transmitted messages‟
constraints are satisfied, the ephemeral key used for encryption will be deleted .Thus, the
encrypted messages become unrecoverable. The most important part is that the Key are managed
by the system. The system generates a pool of key and any group of the same pool can be used to
encrypt and decrypt the message.
RSA is one of the most popular Public Key Cryptography based algorithm mainly used for digital
signatures, encryption/decryption etc. It is based on the mathematical scheme of factorization of very large
integers which is a compute-intensive process and takes very long time as well as power to perform.
Several scientists are working throughout the world to increase the speedup and to decrease the power
consumption of RSA algorithm while keeping the security of the algorithm intact. One popular technique
which can be used to enhance the performance of RSA is parallel programming. In this paper we are
presenting the survey of various parallel implementations of RSA algorithm involving variety of hardware
and software implementations.
Here is my B.Sc. thesis back in 2010. I should not consider this reading as up-to-date, but it's worth as basic start-up on the topic of Web Application Security. Please, note the two tables are meant as attachments to this paper. Your critics are welcome. Enjoy!
The thesis is presented to the
Department of Electrical Engineering and Information Sciences
of the Ruhr-University of Bochum
Chair of Network and Data Security
of the Ruhr-University of Bochum,
Horst-Görtz Institute,
Prof. Jörg Schwenk
Here's the abstract:
The presented thesis in this paper is another discussion on the problem or problem-
complex: What is Web 2.0? How it works? Is it vulnerable to its security scope? How can
one utilize and share Web 2.0, knowing in this interactive collaboration, how to protect
himself?
In this bachelor work the reader will find history information, discussion on the evolu-
tion of the Web standards and most common Web 2.0 attacking classes. Two examples of
important Web 2.0 attacking vectors shall be discussed in depth, in such manner as an ana-
lysis and examples on the attacking techniques, deliberation on the trends in attack preven-
tion methods, discussion on the tools according to these.
This paper should give a good classification on the proposed examples of Web 2.0 at-
tacks, make a conclusion on behalf of the Life Cycle and security standards for the modern
Web 2.0 implementations, and perhaps offer some interesting proposals.
Cryptography and Symmetric Key Algorithms
Cryptography is the study of secure communications techniques that allow only the sender and intended recipient of a message to view its contents.
OR
The art of creating and implementing secret codes and ciphers is known as cryptography.
Automated Validation of Internet Security Protocols and Applications (AVISPA)...Krassen Deltchev
These are the slides to my first B.Sc. term paper- AVISPA, 2006.
These slides are presented to the
Department of Electrical Engineering and Information Sciences
of the Ruhr-University of Bochum
Chair of Network and Data Security
of the Ruhr-University of Bochum,
Horst-Görtz Institute,
Prof. Jörg Schwenk
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
This material covers Authentication requirement, Authentication function, MAC, Hash function, Security of hash function and MAC, SHA, Digital signature and authentication protocols, DSS, Authentication protocols like Kerberos and X.509, entity authentication
Bluetooth technology is an emerging wireless networking standard, which is based on chip that provides short-range wireless frequency hopping communication. Now, Bluetooth technology is mainly applied to the communication between mobile terminal devices, such as palm computers, mobile phones, laptops and so on. However, the phenomenon of data-leaking frequently arises in using the Bluetooth technology for data transfer. To enhance the security of data transmission in Bluetooth communication, a hybrid encryption algorithm based on DES and RSA is proposed. The currently used encryption algorithm employed by the Bluetooth to protect the confidentiality of data during transport between two or more devices is a 128-bit symmetric stream cipher called E0. The proposed hybrid encryption algorithm, instead of the E0 encryption, DES algorithm is used for data transmission because of its higher efficiency in block encryption, and RSA algorithm is used for the encryption of the key of the DES because of its management advantages in key cipher. Under the dual protection with the DES algorithm and the RSA algorithm, the data transmission in the Bluetooth system will be more secure. This project is extended with triple des in place of des to enhance more security.
Engineering Research Publication
Best International Journals, High Impact Journals,
International Journal of Engineering & Technical Research
ISSN : 2321-0869 (O) 2454-4698 (P)
www.erpublication.org
Natural language processing (NLP) is an area of computer science and artificial intelligence concerned with the interactions between computers and human (natural) languages
Now a days Short Message Service(SMS) is most popular way to communication for mobile user because it is cheapest mode or version for communication than other mode.SMS is used for transmitting short length msg of around 160 character to different devices such as smart phones, cellular phones, PDAs using standardized communication protocols. The amount of Short Message Service (SMS) spam is increasing. SMS spam should be put into the spam folder, not the inbox. The growth of the mobile phone users has led to a dramatic increase in SMS spam messages. To avoid this problem SMS filtering Techniques are used. Our proposed approach filters SMS spam on an independent mobile phone on a large dataset and acceptable processing time. There are different approaches able to automatically detect and remove most of these messages, and the best-known ones are based on Bayesian decision theory and Support Vector Machines. Riya Mehta | Ankita Gandhi"A Survey: SMS Spam Filtering" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-2 | Issue-3 , April 2018, URL: http://www.ijtsrd.com/papers/ijtsrd12850.pdf http://www.ijtsrd.com/computer-science/data-miining/12850/a-survey-sms-spam-filtering/riya-mehta
DDSGA: A Data-Driven Semi-Global Alignment Approach for Detecting Masquerade ...1crore projects
IEEE PROJECTS 2015
1 crore projects is a leading Guide for ieee Projects and real time projects Works Provider.
It has been provided Lot of Guidance for Thousands of Students & made them more beneficial in all Technology Training.
Dot Net
DOTNET Project Domain list 2015
1. IEEE based on datamining and knowledge engineering
2. IEEE based on mobile computing
3. IEEE based on networking
4. IEEE based on Image processing
5. IEEE based on Multimedia
6. IEEE based on Network security
7. IEEE based on parallel and distributed systems
Java Project Domain list 2015
1. IEEE based on datamining and knowledge engineering
2. IEEE based on mobile computing
3. IEEE based on networking
4. IEEE based on Image processing
5. IEEE based on Multimedia
6. IEEE based on Network security
7. IEEE based on parallel and distributed systems
ECE IEEE Projects 2015
1. Matlab project
2. Ns2 project
3. Embedded project
4. Robotics project
Eligibility
Final Year students of
1. BSc (C.S)
2. BCA/B.E(C.S)
3. B.Tech IT
4. BE (C.S)
5. MSc (C.S)
6. MSc (IT)
7. MCA
8. MS (IT)
9. ME(ALL)
10. BE(ECE)(EEE)(E&I)
TECHNOLOGY USED AND FOR TRAINING IN
1. DOT NET
2. C sharp
3. ASP
4. VB
5. SQL SERVER
6. JAVA
7. J2EE
8. STRINGS
9. ORACLE
10. VB dotNET
11. EMBEDDED
12. MAT LAB
13. LAB VIEW
14. Multi Sim
CONTACT US
1 CRORE PROJECTS
Door No: 214/215,2nd Floor,
No. 172, Raahat Plaza, (Shopping Mall) ,Arcot Road, Vadapalani, Chennai,
Tamin Nadu, INDIA - 600 026
Email id: 1croreprojects@gmail.com
website:1croreprojects.com
Phone : +91 97518 00789 / +91 72999 51536
Here is my B.Sc. thesis back in 2010. I should not consider this reading as up-to-date, but it's worth as basic start-up on the topic of Web Application Security. Please, note the two tables are meant as attachments to this paper. Your critics are welcome. Enjoy!
The thesis is presented to the
Department of Electrical Engineering and Information Sciences
of the Ruhr-University of Bochum
Chair of Network and Data Security
of the Ruhr-University of Bochum,
Horst-Görtz Institute,
Prof. Jörg Schwenk
Here's the abstract:
The presented thesis in this paper is another discussion on the problem or problem-
complex: What is Web 2.0? How it works? Is it vulnerable to its security scope? How can
one utilize and share Web 2.0, knowing in this interactive collaboration, how to protect
himself?
In this bachelor work the reader will find history information, discussion on the evolu-
tion of the Web standards and most common Web 2.0 attacking classes. Two examples of
important Web 2.0 attacking vectors shall be discussed in depth, in such manner as an ana-
lysis and examples on the attacking techniques, deliberation on the trends in attack preven-
tion methods, discussion on the tools according to these.
This paper should give a good classification on the proposed examples of Web 2.0 at-
tacks, make a conclusion on behalf of the Life Cycle and security standards for the modern
Web 2.0 implementations, and perhaps offer some interesting proposals.
Cryptography and Symmetric Key Algorithms
Cryptography is the study of secure communications techniques that allow only the sender and intended recipient of a message to view its contents.
OR
The art of creating and implementing secret codes and ciphers is known as cryptography.
Automated Validation of Internet Security Protocols and Applications (AVISPA)...Krassen Deltchev
These are the slides to my first B.Sc. term paper- AVISPA, 2006.
These slides are presented to the
Department of Electrical Engineering and Information Sciences
of the Ruhr-University of Bochum
Chair of Network and Data Security
of the Ruhr-University of Bochum,
Horst-Görtz Institute,
Prof. Jörg Schwenk
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
This material covers Authentication requirement, Authentication function, MAC, Hash function, Security of hash function and MAC, SHA, Digital signature and authentication protocols, DSS, Authentication protocols like Kerberos and X.509, entity authentication
Bluetooth technology is an emerging wireless networking standard, which is based on chip that provides short-range wireless frequency hopping communication. Now, Bluetooth technology is mainly applied to the communication between mobile terminal devices, such as palm computers, mobile phones, laptops and so on. However, the phenomenon of data-leaking frequently arises in using the Bluetooth technology for data transfer. To enhance the security of data transmission in Bluetooth communication, a hybrid encryption algorithm based on DES and RSA is proposed. The currently used encryption algorithm employed by the Bluetooth to protect the confidentiality of data during transport between two or more devices is a 128-bit symmetric stream cipher called E0. The proposed hybrid encryption algorithm, instead of the E0 encryption, DES algorithm is used for data transmission because of its higher efficiency in block encryption, and RSA algorithm is used for the encryption of the key of the DES because of its management advantages in key cipher. Under the dual protection with the DES algorithm and the RSA algorithm, the data transmission in the Bluetooth system will be more secure. This project is extended with triple des in place of des to enhance more security.
Engineering Research Publication
Best International Journals, High Impact Journals,
International Journal of Engineering & Technical Research
ISSN : 2321-0869 (O) 2454-4698 (P)
www.erpublication.org
Natural language processing (NLP) is an area of computer science and artificial intelligence concerned with the interactions between computers and human (natural) languages
Now a days Short Message Service(SMS) is most popular way to communication for mobile user because it is cheapest mode or version for communication than other mode.SMS is used for transmitting short length msg of around 160 character to different devices such as smart phones, cellular phones, PDAs using standardized communication protocols. The amount of Short Message Service (SMS) spam is increasing. SMS spam should be put into the spam folder, not the inbox. The growth of the mobile phone users has led to a dramatic increase in SMS spam messages. To avoid this problem SMS filtering Techniques are used. Our proposed approach filters SMS spam on an independent mobile phone on a large dataset and acceptable processing time. There are different approaches able to automatically detect and remove most of these messages, and the best-known ones are based on Bayesian decision theory and Support Vector Machines. Riya Mehta | Ankita Gandhi"A Survey: SMS Spam Filtering" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-2 | Issue-3 , April 2018, URL: http://www.ijtsrd.com/papers/ijtsrd12850.pdf http://www.ijtsrd.com/computer-science/data-miining/12850/a-survey-sms-spam-filtering/riya-mehta
DDSGA: A Data-Driven Semi-Global Alignment Approach for Detecting Masquerade ...1crore projects
IEEE PROJECTS 2015
1 crore projects is a leading Guide for ieee Projects and real time projects Works Provider.
It has been provided Lot of Guidance for Thousands of Students & made them more beneficial in all Technology Training.
Dot Net
DOTNET Project Domain list 2015
1. IEEE based on datamining and knowledge engineering
2. IEEE based on mobile computing
3. IEEE based on networking
4. IEEE based on Image processing
5. IEEE based on Multimedia
6. IEEE based on Network security
7. IEEE based on parallel and distributed systems
Java Project Domain list 2015
1. IEEE based on datamining and knowledge engineering
2. IEEE based on mobile computing
3. IEEE based on networking
4. IEEE based on Image processing
5. IEEE based on Multimedia
6. IEEE based on Network security
7. IEEE based on parallel and distributed systems
ECE IEEE Projects 2015
1. Matlab project
2. Ns2 project
3. Embedded project
4. Robotics project
Eligibility
Final Year students of
1. BSc (C.S)
2. BCA/B.E(C.S)
3. B.Tech IT
4. BE (C.S)
5. MSc (C.S)
6. MSc (IT)
7. MCA
8. MS (IT)
9. ME(ALL)
10. BE(ECE)(EEE)(E&I)
TECHNOLOGY USED AND FOR TRAINING IN
1. DOT NET
2. C sharp
3. ASP
4. VB
5. SQL SERVER
6. JAVA
7. J2EE
8. STRINGS
9. ORACLE
10. VB dotNET
11. EMBEDDED
12. MAT LAB
13. LAB VIEW
14. Multi Sim
CONTACT US
1 CRORE PROJECTS
Door No: 214/215,2nd Floor,
No. 172, Raahat Plaza, (Shopping Mall) ,Arcot Road, Vadapalani, Chennai,
Tamin Nadu, INDIA - 600 026
Email id: 1croreprojects@gmail.com
website:1croreprojects.com
Phone : +91 97518 00789 / +91 72999 51536
Many security primitives are supported hard
mathematical problems. Passwords remain the foremost
widely used authentication method despite their well-known
security weaknesses. CAPTCHA authentication is clearly a
practical problem.
File transfer with multiple security mechanismShubham Patil
The system enhances the security and the data confidentiality between the users and receiver by the two-layer encryption mechanism and the QR code for verification. The system consists of three main components which are very important to providing the security between sender and receiver while transmitting the data
Similar to cs6490_project_report_keystroke_dynamics (20)
1. Practical Application of Web-Based Authentication using Keystroke Dynamics
Yuankai Guo,∗
Myungho Jung,†
Junwei Shi,‡
and Xu Wang§
University of Utah
I. INTRODUCTION
Password authentication has been one of the most pop-
ular method to identify. However, attackers’ techniques
to steal password have also been developed in many ways.
Therefore, we need different methods to figure out iden-
tity other than just plain text of passwords. For example,
access from different IP or MAC address can be detected
as a suspicious behavior or attack. However, most of the
additional authentication algorithms make users inconve-
nient. Keystroke dynamics can be extracted while typing
password as well as used as identity verification[3]. We
will show that the existing users don’t have to buy an
additional device as well as only a small change in the
existing servers will be required to apply it.
II. RELATED WORKS
Many algorithms to detect outliers were studied and
tested on performance and precision[5]. Various algo-
rithms were used for pattern matching, such as neural
network, Support Vector Machines, K-Nearest Neigh-
bors, and Euclidean distance. For most researches, hun-
dreds of patterns from dozens of people were collected
and tested. On the other hand, we focused on comparing
the performance of algorithms depending on the varia-
tion of the users. One of the defects of the result from
most existing tests is that they intentionally collected
data from a certain group of people. If the group only
consisted of experienced users, the data would be biased.
Also, the variation of patterns cannot be observed in a
short period of data. We formulated a hypothesis on
three changes in patterns and tested in well-controlled
environment.
III. THREAT MODEL
Id and password login system is ubiquitous for identi-
fication on the internet. However, as the number of web
services has dramatically increased, it becomes impos-
sible for people to remember many different passwords
and most of them are using the same password for all
web sites. It would be a problem if a cracker breaks in a
∗ u0942867@utah.edu
† myungho.jung@utah.edu
‡ sjwarthas2009@gmail.com
§ xu724@cs.utah.edu
insecure server and steals users’ passwords, the password
can be used for other web services as well.
On the other hand, keystroke dynamics is one of the
biometric authentication such as face, fingerprint, and
iris recognition[4]. Thus, past data become naturally use-
less for authentication. Also, a set of patterns can be
stores as a different form of structure like a neural net-
work. It makes hard for attackers to imitate the keystroke
pattern.
IV. METHOD
A. Data structure
FIG. 1. Timing measurement in interval and duration
The timing vector of keystroke patterns can be
measured as intervals between keys and keystroke
durations[2]. Therefore, given n characters password,
a pattern is represented as an array of n + 1 numbers.
We applied the structure in a slightly different way from
other studies. The interval in our project was measured
not from previous release time but from press time. By
doing so, there is no negative value and storage can be
saved by storing only unsigned data. The timing vec-
tor can be considered as a point in n + 1 dimensional
space. Then, we can compare similarity using statistical
or machine learning algorithms.
The pattern needs to be normalized because the stor-
age is limited and in order to equivalent comparison
among users. First, the timing values were divided by
the maximum value and stored with the maximum value.
Then, the values becomes less than 1 and the data size
can be controlled by floating point precision. Also, two
different length of passwords cannot be evaluated with
the same error bound because of different dimensional
space. we solved the problem by multiplying the error
bound by
√
d such that d is the order of dimension.
2. 2
B. Algorithm
To filter imposter’s patterns, novelty detection algo-
rithms are required. There are many researches to detect
anomaly[1]. We selected and tested three common al-
gorithms, which are the Nearest Neighbor, Mahalanobis
distance, and one class SVMs, with changing the pat-
terns.
V. IMPLEMENTATION
A. Architecture
Our system is built based on the B/S model. We use
an HTML page as the frontend and program a series of
Python sciprts as the backend. The frontend collects the
timing pattern from the user and send it with encryption
to the backend via AJAX. The backend retrieve previ-
ously stored feature pattern from a database and match
it against the input with our novelty detection algorithm.
If the matching is successful, a positive result is send to
the frontend, and vice versa.
A user’s inputting habit may change over time. There-
fore, we need to regenerate the feature pattern periodi-
cally. Every time the authentication is successful, we
record the timing pattern from the user into database.
And when a certain number of patterns are collected.
We run the training routine of our novelty detection al-
gorithm to generate a new feature pattern.
B. Encryption
It’s not secure to transmit the password and pat-
tern in plaintext through the network. So we need
to protect the password and pattern by encryption or
message digest. In our implementation, we use one
handshake protocol instead of multiple handshakes for
better efficiency. The format of authentication mes-
sage is KeyHash(TS|Pattern)|TS|Pattern such that
TS is timestamp. The Key is 128bit generated
from MD5 message digest of password. We gener-
ate Hash(TS|Pattern) using SHA − 1, which pro-
vides integrity protection for the message. We encrypt
the Hash(TS|Pattern)|TS|Pattern by AES algorithm.
Moreover, we add a salt to for better diversity. With the
timestamp and salt, it’s invulnerable to rainbow attack.
How to prevent replay attack? In our implementation,
the server record the timestamp. If the server receives a
message with the same timestamp which already exists in
the time window, the server will refuse the message. Of
course, the server will also drop the message with invalid
timestamp.
However, there is a drawback in the protocol. Since the
client couldn’t authenticate the identity of the server, it’s
vulnerable to in-the-middle attack. Besides, the protocol
is not secure when it comes to server break-in attack.
The attacker could also modify the time in the server.
VI. ANALYSIS
We created a pattern generator to test algorithms. Our
tests are focused on the prediction of the variation of
user’s patterns and comparing performances of pattern
matching methods. The error rates for pattern detection
are divided into two parts which are False Acceptance
Rate(FAR) and False Rejection Rate(FRR)[2]. The two
error rates are calculated for each test case.
A. Environment
Test program is coded in python using Scipy, Numpy,
and scikit-learn library. For each test, 1000 evenly dis-
tributed patterns of imposters are generated. Also, the
same number of patterns of the Gaussian distribution for
genuine users are created. If our assumption is correct,
the distribution of patterns will be similar to actual pat-
terns from a user and imposters.
Our tests are focused on the variation of the patterns
over time. First, only an interval of patterns would be
fluctuated. Suppose that the password is mixed with a
sequence of alphabets and that of numbers like ‘foo1234.’
In this cases, the patterns of a word and numbers may
be stable except the interval between them. Second, we
assume that the user will type the password fast or slow;
however, the pattern would be proportional. The third
assumption is that the user may use different types of
keyboards such as laptop, desktop keyboard, and touch
keyboard on mobile devices. Then, we expected that the
patterns will form multiple clusters.
1. Test Results
Most of the error rates are not visible because they are
very close to 0. As seen in the three tests, we concluded
that the performances of the three algorithms are not
much different regardless of the variation of the patterns.
The most accurate method among them was the nearest
neighbor method, the SVMs was next, and the Maha-
lanobis distance showed the worst performance. With re-
spect to computation time, the SVMs was the fastest, the
nearest neighbor was next, and the Mahalanobis distance
was the slowest. However, the difference in performance
may come from different libraries used. The SVMs and
nearest neighbor using ball tree algorithm were imple-
mented using scikit − learn library. On the other hand
the Mahalanobis distance was measured using scipy li-
brary.
3. 3
0.010 0.015 0.020 0.025 0.030 0.035 0.040 0.045 0.050 0.055
Standard deviation
0.00
0.05
0.10
0.15
0.20
0.25
ErrorRate FAR(NN)
FRR(NN)
FAR(Mahalanobis)
FRR(Mahalanobis)
FAR(SVMs)
FRR(SVMs)
FIG. 2. Test result of patterns that only one of the intervals
varies
0.010 0.015 0.020 0.025 0.030 0.035 0.040 0.045 0.050 0.055
Standard deviation
0.00
0.05
0.10
0.15
0.20
0.25
ErrorRate
FAR(NN)
FRR(NN)
FAR(Mahalanobis)
FRR(Mahalanobis)
FAR(SVMs)
FRR(SVMs)
FIG. 3. Test result of proportional patterns
VII. DEFECTS
Although many researches and practical application
of Keyboard Dynamics exist, there are problems in
keystroke authentication. Assume that the mechanism
is applied for Web-based system. Then, people can move
cursors using arrow keys or mouse while typing and edit-
ing password. We just ignored the cases and assumed
that the web page allows only password typed at once.
Though it would make the users inconvenient, it will
make the system more secure. Also, key stroke patterns
may be able to be recorded by spyware with key log-
ger. In general, we don’t have to worry about the attack
because the pattern is encrypted before sent. If the en-
cryption cannot be applied on the system, it can be pro-
tected by the attack by sharing a nonce with the server
and adding it to the pattern. lastly, a user’s patterns
change more frequently and radically than other physi-
ological traits or behavioral characteristics, and thus it
would be a problem. We suggest a solution that evaluates
only the latest patterns like sliding window.
0.010 0.015 0.020 0.025 0.030 0.035 0.040 0.045 0.050 0.055
Standard deviation
0.00
0.02
0.04
0.06
0.08
0.10
0.12
0.14
0.16
0.18
ErrorRate
FAR(NN)
FRR(NN)
FAR(Mahalanobis)
FRR(Mahalanobis)
FAR(SVMs)
FRR(SVMs)
FIG. 4. Test result of patterns of multiple clusters
VIII. CONCLUSION
Through the project, we checked the algorithm is valid
by demo program and also tested the performance be-
tween algorithms. We suggested that the possible web-
based authentication using keystroke dynamics by im-
plementing and testing actual login web page. Unfor-
tunately, it is not obvious that the test data is signifi-
cant compared to that from other research. However, the
application developed for the experiments will be useful
to test other algorithms with a myriad of normally dis-
tributed patterns and variations. It will help to create
various environments for next experiments.
[1] Salil P Banerjee and Damon L Woodard. Biometric au-
thentication and identification using keystroke dynam-
ics: A survey. Journal of Pattern Recognition Research,
7(1):116–139, 2012.
[2] Sungzoon Cho, Chigeun Han, Dae Hee Han, and Hyung-Il
Kim. Web-based keystroke dynamics identity verification
using neural network. Journal of organizational computing
and electronic commerce, 10(4):295–307, 2000.
[3] R Stockton Gaines, William Lisowski, S James Press, and
Norman Shapiro. Authentication by keystroke timing:
Some preliminary results. Technical report, DTIC Doc-
ument, 1980.
[4] M Karnan, M Akila, and N Krishnaraj. Biometric per-
sonal authentication using keystroke dynamics: A review.
Applied Soft Computing, 11(2):1565–1573, 2011.
[5] D Shanmugapriya and Ganapathi Padmavathi. A sur-
vey of biometric keystroke dynamics: Approaches, security
and challenges. arXiv preprint arXiv:0910.0817, 2009.