Este trabalho apresenta uma nova abordagem para autenticação biométrica de usuários baseada em seu ritmo de digitação em teclados numéricos. A metodologia proposta é de baixo custo, nãointrusiva e pode ser aplicada tanto a um mecanismo de login em controle de acesso a áreas restritas como na melhoria do nível de segurança em transações bancárias. Inicialmente, o usuário indica a conta a ser acessada por meio de uma cadeia de caracteres digitada que é monitorada em tempo real pelo sistema. Simultaneamente, são capturados os tempos de pressionamento e soltura das teclas. Quatro características são extraídas do sinal: Código ASCII (American Standard Code for lnformation lnterchange) da tecla, duas latências e uma duração associada com a tecla. Alguns experimentos foram feitos usando amostras reais de usuários autênticos e impostores e um classificador de padrões baseado na estimação da máxima verossimilhança. Alguns aspectos experimentais foram analisados para verificar os seus impactos nos resultados. Estes aspectos são as características extraídas do sinal, a informação alvo, o conjunto de treinamento usado na obtenção dos modelos dos usuários, a precisão do tempo de captura das entradas, o mecanismo de adaptação do modelo e...
Fonte: Universidade do MinhoPublicador: Universidade do Minho
Tipo: Dissertação de Mestrado
Publicado em //2005Português
Relevância na Pesquisa
Dissertação de mestrado em Sistemas de Informação.; A segurança dos Sistemas de Informação (SI) é uma disciplina que atravessa horizontalmente diversas actividades das organizações, podendo afectar significativamente (sobretudo a falta de segurança) o seu desempenho. Neste contexto, a segurança levanta inúmeros desafios, como o da identificação e autenticação dos indivíduos perante o SI.
De uma forma genérica, um utilizador pode ser autenticado por algo que ele tem (um dispositivo), por algo que ele sabe (uma palavra passe), ou por alguma característica intrínseca. Várias técnicas surgiram para suportar estes tipos de autenticação, isoladamente e em conjunto e cada uma delas tem, naturalmente, virtudes e inconvenientes. Mas atendendo à sua potencial mais valia, as técnicas chamadas biométricas, que procuram utilizar características do indivíduo, têm vindo a evidenciar uma notável evolução. No entanto, a adopção destas tecnologias é travada pela desconfiança dos utilizadores quanto à utilização da sua informação privada e pelo receio de agressões à integridade física, por parte de algumas dessas tecnologias. O primeiro grupo de limitações é suavizado recorrendo a uma tecnologia de armazenamento e processamento da informação biométrica em SmartCards...
Computer Authentication is a critical component of most computer systems, especially those used in e-Commerce activities over the internet. Global access
to information makes security, namely the
authentication process, a critical design issue in these systems. In what concerns to authentication, what is required is a reliable, hardware independent and efficient security system. In this paper, we propose an
extension to a keystroke dynamics based security system. We provide evidence that completely software based systems can be as effective as expensive and
cumbersome hardware based systems. Our system is a behavioral based system that captures the normal typing patterns of a user and uses that information, in addition to standard login/password security to
provide a system that is user-friendly and very effective at detecting imposters. The results provide a means of dealing with enhanced security that is growing in demand in web-based applications based on Commerce.
Software based biometrics, utilising keystroke dynamics has been proposed as a cost effective means of enhancing computer access security. Keystroke dynamics has been successfully employed as a means of identifying legitimate/illegitimate login attempts based on the typing style of the login entry. In this paper, we collected keystroke dynamics data in the form of digraphs from a series of users entering a specific login ID. We wished to determine if there were any particular patterns in the typing styles that would indicate whether a login attempt was legitimate or not using rough sets. Our analysis produced a sensitivity of 98%, specificity of 94% and an overall accuracy of 97% with respect to detecting intruders. In addition, our results indicate that typing speed and particular digraph combinations were the main determinants with respect to automated detection of system attacks.
Software based biometrics, utilising keystroke
dynamics has been proposed as a cost effective means of enhancing computer access security. Keystroke dynamics
has been successfully employed as a means of identifying legitimate/illegitimate login attempts based on the typing style of the login entry. In this paper, we collected
keystroke dynamics data in the form of digraphs from a series of users entering a specific login ID. We wished to determine if there were any particular patterns in the
typing styles that would indicate whether a login attempt was legitimate or not using rough sets. Our analysis produced a sensitivity of 96%, specificity of 93% and an
overall accuracy of 95%. The results of this study indicate that typing speed and the first few and the last few characters of the login ID were the most important indicators of whether the login attempt was legitimate or
Security is a critical component of most computer systems – especially those used in E-commerce activities over the Internet. Global access to information makes security a critical design issue in these systems. Deployment of sophisticated hardware based authentication systems is prohibitive in all but the most sensitive installations. What is
required is a reliable, hardware independent and efficient security system. In this paper, we propose an extension to a keystroke dynamics based security system. We provide evidence that completely software based systems based on keystroke input dynamics can be as effective as expensive and cumbersome hardware based systems. Our system is a behavioral based system that captures the typing patterns of a user and uses that information, in addition to
standard login/password security to provide a system that is user-friendly and very effective at detecting imposters.
The results provide a means of dealing with enhanced security that is growing in demand in web-based applications such as E-commerce.
Authenticating a user is a complex problem in which we depend to provide some level of trust to the Security Proceedings of the Information System and to the Information System itself. Biometric technologies have shown that they are able to provide high rates of accuracy but they also raise many ethical issues. On the other side of the problem, many times authentication must be made without the collaboration of the one being authenticated. Keystroke Dynamics is a biometrical technology that can be used in stealth mode and that doesn’t present any issues to what relates to being intrusive, when used in collaborative mode. Many results have been published but there isn’t any integrative technologies yet.
Comunicação apresentada na 2nd Annual International Conference on Global e-Security, Docklands, UK, 20 - 22 April 2006.; Most computer systems are secured using a login id and password. When computers are connected to the internet, they become more vulnerable as more machines are available to attack them. In this paper, we present a novel method for protecting/enhancing login protection that can reduce the potential threat of internet connected computers. Our method is based on and enhancement to login id/password based on keystroke dynamics. We employ a novel authentication algorithm based on a probabilistic neural network. Our results indicate that we can achieve an equal error rate of less than 5%, comparable to what is achieved with hardware based solutions such as fingerprint scanners and facial recognition systems.
The majority of computer systems employ a login ID and password as the principal method for access security. In stand-alone situations, this level of security may be adequate, but when computers are connected to the
internet, the vulnerability to a security breach is increased. In order to reduce vulnerability to attack, biometric solutions have been employed. In this paper, we investigate the use of a behavioural biometric based on keystroke dynamics. Although there are several implementations of keystroke
dynamics available - their effectiveness is variable and dependent on the data sample and its acquisition methodology. The results from this study indicate that the Equal Error Rate (EER) is significantly influenced by the
attribute selection process and to a lesser extent on the authentication algorithm
employed. Our results also provide evidence that a Probabilistic Neural Network (PNN) can be superior in terms of reduced training time and classification accuracy when compared with a typical MLFN back-propagation
trained neural network.
Dissertação de mestrado em Engenharia Informática; Authentication is frequently referred as the most critical part of a computer system security. Users commonly identify themselves using a combination of username and password, but sometimes this is not enough. Concerning web-based services, attacks like phishing or social engineering can easily result in identity theft. In addition, the widespread use of single sign-on services can seriously increase the consequences of such attacks. In these circumstances strong authentication is mandatory.
Strong authentication is often implemented using additional authentication steps or specialized hardware modules, which is not suitable for web-based systems. However, biometrics can used to overcome these limitations. More specifically, behavioural biometrics based on keyboard typing patterns can provide an extra security layer on top of conventional authentication methods, with no additional cost and no impact to the user experience.
This work aims to evaluate the feasibility of the implementation of strong authentication on the web using keystroke dynamics. This is carried out through the creation of a web-application prototype, collection of a keystroke dynamics dataset and analysis of various matching algorithms and performance metrics on the collected data.; O processo de autenticação é frequentemente referido como a parte mais
importante da segurança de um sistema informático. Normalmente...
Research on keystroke dynamics biometrics has been increasing, especially in the last decade. The main motivation behind this effort is due to the fact that keystroke dynamics biometrics is economical and can be easily integrated into the existing computer security systems with minimal alteration and user intervention. Numerous studies have been conducted in terms of data acquisition devices, feature representations, classification methods, experimental protocols, and evaluations. However, an up-to-date extensive survey and evaluation is not yet available. The objective of this paper is to provide an insightful survey and comparison on keystroke dynamics biometrics research performed throughout the last three decades, as well as offering suggestions and possible future research directions.
Biometric authentication seeks to measure an individual’s unique physiological attributes for the purpose of identity verification. Conventionally, this task has been realized via analyses of fingerprints or signature iris patterns. However, whilst such methods effectively offer a superior security protocol compared with password-based approaches for example, their substantial infrastructure costs, and intrusive nature, make them undesirable and indeed impractical for many scenarios. An alternative approach seeks to develop similarly robust screening protocols through analysis of typing patterns, formally known as keystroke dynamics. Here, keystroke analysis methodologies can utilize multiple variables, and a range of mathematical techniques, in order to extract individuals’ typing signatures. Such variables may include measurement of the period between key presses, and/or releases, or even key-strike pressures. Statistical methods, neural networks, and fuzzy logic have often formed the basis for quantitative analysis on the data gathered, typically from conventional computer keyboards. Extension to more recent technologies such as numerical keypads and touch-screen devices is in its infancy, but obviously important as such devices grow in popularity. Here...
Morales Moreno, Aythami; Fiérrez, Julián; Ortega-García, Javier
Fonte: Springer Berlin HeidelbergPublicador: Springer Berlin Heidelberg
Tipo: conferenceObject; bookPart
Relevância na Pesquisa
The final publication is available at Springer via http://dx.doi.org/10.1007/978-3-319-16181-5_54; Proceedings in Computer Vision - ECCV 2014 Workshops held in Zurich (Switzerland) on 2015.; This paper studies ways to detect good users for biometric recognition based on keystroke dynamics. Keystroke dynamics is an active research field for the biometric scientific community. Despite the great efforts made during the last decades, the performance of keystroke dynamics recognition systems is far from the performance achieved by traditional hard biometrics. This is very pronounced for some users, who generate many recognition errors even with the most sophisticate recognition algorithms. On the other hand, previous works have demonstrated that some other users behave particularly well even with the simplest recognition algorithms. Our purpose here is to study ways to distinguish such classes of users using only the genuine enrollment data. The experiments comprise a public database and two popular recognition algorithms. The results show the effectiveness of the Kullback-Leibler divergence as a quality measure to categorize users in comparison with other four statistical measures.
Biometrics technologies are gaining popularity today since they provide more
reliable and efficient means of authentication and verification. Keystroke
Dynamics is one of the famous biometric technologies, which will try to
identify the authenticity of a user when the user is working via a keyboard.
The authentication process is done by observing the change in the typing
pattern of the user. A comprehensive survey of the existing keystroke dynamics
methods, metrics, different approaches are given in this study. This paper also
discusses about the various security issues and challenges faced by keystroke
dynamics.; Comment: 5 pages IEEE format, International Journal of Computer Science and
Information Security, IJCSIS 2009, ISSN 1947 5500, Impact Factor 0.423,
Most keystroke dynamics studies have been evaluated using a specific kind of
dataset in which users type an imposed login and password. Moreover, these
studies are optimistics since most of them use different acquisition protocols,
private datasets, controlled environment, etc. In order to enhance the accuracy
of keystroke dynamics' performance, the main contribution of this paper is
twofold. First, we provide a new kind of dataset in which users have typed both
an imposed and a chosen pairs of logins and passwords. In addition, the
keystroke dynamics samples are collected in a web-based uncontrolled
environment (OS, keyboards, browser, etc.). Such kind of dataset is important
since it provides us more realistic results of keystroke dynamics' performance
in comparison to the literature (controlled environment, etc.). Second, we
present a statistical analysis of well known assertions such as the
relationship between performance and password size, impact of fusion schemes on
system overall performance, and others such as the relationship between
performance and entropy. We put into obviousness in this paper some new results
on keystroke dynamics in realistic conditions.; Comment: The Eighth International Conference on Intelligent Information Hiding
and Multimedia Signal Processing (IIHMSP 2012)...
Biometric key generation techniques are used to reliably generate
cryptographic material from biometric signals. Existing constructions require
users to perform a particular activity (e.g., type or say a password, or
provide a handwritten signature), and are therefore not suitable for generating
keys continuously. In this paper we present a new technique for biometric key
generation from free-text keystroke dynamics. This is the first technique
suitable for continuous key generation. Our approach is based on a scaled
parity code for key generation (and subsequent key reconstruction), and can be
augmented with the use of population data to improve security and reduce key
reconstruction error. In particular, we rely on linear discriminant analysis
(LDA) to obtain a better representation of discriminable biometric signals.
To update the LDA matrix without disclosing user's biometric information, we
design a provably secure privacy-preserving protocol (PP-LDA) based on
homomorphic encryption. Our biometric key generation with PP-LDA was evaluated
on a dataset of 486 users. We report equal error rate around 5% when using LDA,
and below 7% without LDA.
Significant portion of contemporary computer users are children, who are
vulnerable to threats coming from the Internet. To protect children from such
threats, in this study, we investigate how successfully typing data can be used
to distinguish children from adults. For this purpose, we collect a dataset
comprising keystroke data of 100 users and show that distinguishing child
Internet users from adults is possible using Keystroke Dynamics with equal
error rates less than 10 percent. However the error rates increase
significantly when there are impostors in the system.; Comment: 18 pages
Keystroke Dynamics is an important biometric solution for person
authentication. Based upon keystroke dynamics, this paper designs an embedded
password protection device, develops an online system, collects two public
databases for promoting the research on keystroke authentication, exploits the
Gabor filter bank to characterize keystroke dynamics, and provides benchmark
results of three popular classification algorithms, one-class support vector
machine, Gaussian classifier, and nearest neighbour classifier.; Comment: 25 pages,17 figures,5 tables
We present in this paper a study on the ability and the benefits of using a
keystroke dynamics authentication method for collaborative systems.
Authentication is a challenging issue in order to guarantee the security of use
of collaborative systems during the access control step. Many solutions exist
in the state of the art such as the use of one time passwords or smart-cards.
We focus in this paper on biometric based solutions that do not necessitate any
additional sensor. Keystroke dynamics is an interesting solution as it uses
only the keyboard and is invisible for users. Many methods have been published
in this field. We make a comparative study of many of them considering the
operational constraints of use for collaborative systems.