Skip to main content
SpringerLink
Log in

Keystroke Dynamics-Based Credential Hardening Systems

  • Chapter
Handbook of Remote Biometrics

Part of the book series: Advances in Pattern Recognition ((ACVPR))

Abstract

abstract Keystroke dynamics are becoming a well-known method for strengthening username- and password-based credential sets. The familiarity and ease of use of these traditional authentication schemes combined with the increased trustworthiness associated with biometrics makes them prime candidates for application in many web-based scenarios. Our keystroke dynamics system uses Breiman’s random forests algorithm to classify keystroke input sequences as genuine or imposter. The system is capable of operating at various points on a traditional ROC curve depending on application-specific security needs. As a username/password authentication scheme, our approach decreases the system penetration rate associated with compromised passwords up to 99.15%. Beyond presenting results demonstrating the credential hardening effect of our scheme, we look into the notion that a user’s familiarity to components of a credential set can non-trivially impact error rates.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Adams, A., Sasse, M.A.: Users are not the enemy. Commun. ACM 42(12), 40–46 (1999). http://doi.acm.org/10.1145/322796.322806

    Article  Google Scholar 

  2. Bartlow, N.: Username and Password Verification through Keystroke Dynamics. Master’s Thesis. West Virginia University. 2005

    Google Scholar 

  3. Bartlow, N., Cukic, B.: Evaluating the Reliability of Credential Hardening Through Keystroke Dynamics. In: ISSRE, pp. 117–126 (2006)

    Google Scholar 

  4. Bergadano, F., Gunetti, D., Picardi, C.: User authentication through keystroke dynamics. ACM Trans. Inf. Syst. Secur. 5(4) (2002)

    Google Scholar 

  5. Breiman, L.: Random forests. Machine Learning 45(1), 5–32 (2001)

    Article  MATH  Google Scholar 

  6. Brown, M. and Rogers, S.J.: User identification via keystroke characteristics of typed names using neural networks. Int. J. Man-Mach. Stud. 39(6), 999–1014 (1993). http://dx.doi.org/10.1006/imms.1993.1092

    Article  Google Scholar 

  7. Clarke, N.L., Furnell, S.: Authenticating mobile phone users using keystroke analysis. Int. J. Inf. Sec. 6(1), 1–14 (2007)

    Article  Google Scholar 

  8. Collins, D.: Irish computing users and the passwords they choose. National University of Ireland Master’s Thesis (2006). http://hdl.handle.net/10099/13

  9. De Ru, W., Eloff, J.: Enhanced password authentication through fuzzy logic. IEEE Expert [see also IEEE Intelligent Systems and Their Applications] 12(6), 38–45 (Nov/Dec 1997). 10.1109/64.642960

    Google Scholar 

  10. Dowland, P., Furnell, S., Papadaki, M.: Keystroke analysis as a method of advanced user authentication and response. In: SEC, pp. 215–226 (2002)

    Google Scholar 

  11. Dowland, P., Singh, H., Furnell, S.: A preliminary investigation of user authentication using continuous keystroke analysis. In: In Proc. 8th IFIP Annual Working Conf. on Information Security Mangement and Small System Security (2001)

    Google Scholar 

  12. Florencio, D., Herley, C.: A large-scale study of web password habits. In: R. Selva WWW ’07: Proceedings of the 16th international conference on World Wide Web, pp. 657–666. ACM, New York, (2007). http://doi.acm.org/10.1145/1242572.1242661

    Chapter  Google Scholar 

  13. Furnell, S., Morrissey, J.P., Sanders, P.W., Stockel, C.T.: Applications of keystroke analysis for improved login security and continuous user authentication. In: SEC, pp. 283–294 (1996)

    Google Scholar 

  14. Gaines, R., Lisowksi, W., Press, W., Shapiro, S.: Authentication by keystroke timing: Some preliminary results. Rand Report R-256-NSF, The Rand Corporation, Santa Monica, CA (1980)

    Google Scholar 

  15. Garcia, J.: Personal identification apparatus. Patent 4,621,334, U.S. Patent and Trademark Office, Washington, D.C. (1986)

    Google Scholar 

  16. Gunetti, D., Picardi, C.: Keystroke analysis of free text. ACM Trans. Inf. Syst. Secur. 8(3), 312–347 (2005). http://doi.acm.org/10.1145/1085126.1085129

    Article  Google Scholar 

  17. Ives, B., Walsh, K.R., Schneider, H.: The domino effect of password reuse. Commun. ACM 47(4), 75–78 (2004). http://doi.acm.org/10.1145/975817.975820

    Article  Google Scholar 

  18. How to fix your life in 2004; simple ways to cut travel, college tabs, even waistlines. Wall Street Journal (Eastern Edition) p. D.1. 12/31/2003

    Google Scholar 

  19. Janakiraman, R., Sim, T.: Keystroke dynamics in a general setting. In: ICB, pp. 584–593 (2007)

    Google Scholar 

  20. Joyce, R., Gupta, G.: Identity authentication based on keystroke latencies. Commun. ACM 33(2) (1990)

    Google Scholar 

  21. Lee, J.W., Choi, S.S., Moon, B.R.: An evolutionary keystroke authentication based on ellipsoidal hypothesis space. In: R. Selva GECCO ’07: Proceedings of the 9th annual conference on Genetic and evolutionary computation, pp. 2090–2097. ACM, New York (2007). http://doi.acm.org/10.1145/1276958.1277365

    Chapter  Google Scholar 

  22. Leggett, J., Williams, G., Usnick, M., Longnecker, M.: Dynamic identity verification via keystroke characteristics. Int. J. Man-Mach. Stud. 35(6), 859–870 (1991). http://dx.doi.org/10.1016/S0020-7373(05)80165-8

    Article  Google Scholar 

  23. Maisuria, L.K., Ong, C.S., Lai, W.K.: A comparison of artificial neural networks and cluster analysis for typing biometrics authentication. In: International Joint Conference on Neural Networks (IJCNN), 5, 3295–3299 (1999)

    Google Scholar 

  24. Monrose, F., Reiter, M.K., Wetzel, S.: Password hardening based on keystroke dynamics. Int. J. Inf. Sec. 1(2), 69–83 (2002)

    Article  MATH  Google Scholar 

  25. Noguchi, Y.: Access denied. The Washington Post (2006). http://www.washingtonpost.com/ wp-dyn/content/article/2006/09/22/AR2006092201612_pf.html

  26. Obaidat, M.S., Macchairolo, D.T.: An on-line neural network system for computer access security. IEEE Trans. Ind. Electron. 40(2), 235–241 (1993)

    Article  Google Scholar 

  27. Obaidat, M.S., Sadoun, B.: Verification of computer users using keystroke dynamics. IEEE Trans. Syst. Man Cybern. 27(2), 261–269 (1997)

    Article  Google Scholar 

  28. Schneier, B.: Applied Cryptography: Protocols, Algorithms, and Source Code in C, second edn. Wiley, New York (1996)

    Google Scholar 

  29. Shaffer, G.: Geodsoft good and bad passwords how-to: An example list of common and especially bad passwords (2004). http://geodsoft.com/howto/password/common.htm

  30. Software package c5.0 / see5 (2004). http://www.rulequest.com/see5-info.html

  31. Sung, K.S., Cho, S.: GA SVM Wrapper Ensemble for Keystroke Dynamics Authentication. In: ICB, pp. 654–660 (2006)

    Google Scholar 

  32. Young, J.R., Hammon, R.W.: Method and apparatus for verifying an individuals identity. Patent 4,805,222, U.S. Patent and Trademark Office, Washington, D.C. (1989)

    Google Scholar 

  33. Yu E., Cho S.: Keystroke dynamics identity verification - its problems and practical solutions. Comput. Secur. 23(5), 428–440 (2004)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. West Virginia University, Morgantown, WV, USA

    Nick Bartlow & Bojan Cukic

Authors
  1. Nick Bartlow
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Bojan Cukic
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nick Bartlow .

Editor information

Editors and Affiliations

  1. Universitá of Sassari, Dipto. Architettura e Pianificazione, Piazza Duomo, 6, 07041 Alghero SS, Italy

    Massimo Tistarelli (Prof.) (Prof.)

  2. Chinese Academy of Science Institute of Automation, Center Biometrics Research & Security, Room 1227, Zhongguancun 95, 100080 Beijing, China

    Stan Z. Li

  3. University of Maryland, Center for Automation Research, College Park, MD 20742-3275, USA

    Rama Chellappa

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag London Limited

About this chapter

Cite this chapter

Bartlow, N., Cukic, B. (2009). Keystroke Dynamics-Based Credential Hardening Systems. In: Tistarelli, M., Li, S.Z., Chellappa, R. (eds) Handbook of Remote Biometrics. Advances in Pattern Recognition. Springer, London. https://doi.org/10.1007/978-1-84882-385-3_14

Download citation

  • DOI: https://doi.org/10.1007/978-1-84882-385-3_14

  • Publisher Name: Springer, London

  • Print ISBN: 978-1-84882-384-6

  • Online ISBN: 978-1-84882-385-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation