Abstract
abstract Keystroke dynamics are becoming a well-known method for strengthening username- and password-based credential sets. The familiarity and ease of use of these traditional authentication schemes combined with the increased trustworthiness associated with biometrics makes them prime candidates for application in many web-based scenarios. Our keystroke dynamics system uses Breiman’s random forests algorithm to classify keystroke input sequences as genuine or imposter. The system is capable of operating at various points on a traditional ROC curve depending on application-specific security needs. As a username/password authentication scheme, our approach decreases the system penetration rate associated with compromised passwords up to 99.15%. Beyond presenting results demonstrating the credential hardening effect of our scheme, we look into the notion that a user’s familiarity to components of a credential set can non-trivially impact error rates.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Adams, A., Sasse, M.A.: Users are not the enemy. Commun. ACM 42(12), 40–46 (1999). http://doi.acm.org/10.1145/322796.322806
Bartlow, N.: Username and Password Verification through Keystroke Dynamics. Master’s Thesis. West Virginia University. 2005
Bartlow, N., Cukic, B.: Evaluating the Reliability of Credential Hardening Through Keystroke Dynamics. In: ISSRE, pp. 117–126 (2006)
Bergadano, F., Gunetti, D., Picardi, C.: User authentication through keystroke dynamics. ACM Trans. Inf. Syst. Secur. 5(4) (2002)
Breiman, L.: Random forests. Machine Learning 45(1), 5–32 (2001)
Brown, M. and Rogers, S.J.: User identification via keystroke characteristics of typed names using neural networks. Int. J. Man-Mach. Stud. 39(6), 999–1014 (1993). http://dx.doi.org/10.1006/imms.1993.1092
Clarke, N.L., Furnell, S.: Authenticating mobile phone users using keystroke analysis. Int. J. Inf. Sec. 6(1), 1–14 (2007)
Collins, D.: Irish computing users and the passwords they choose. National University of Ireland Master’s Thesis (2006). http://hdl.handle.net/10099/13
De Ru, W., Eloff, J.: Enhanced password authentication through fuzzy logic. IEEE Expert [see also IEEE Intelligent Systems and Their Applications] 12(6), 38–45 (Nov/Dec 1997). 10.1109/64.642960
Dowland, P., Furnell, S., Papadaki, M.: Keystroke analysis as a method of advanced user authentication and response. In: SEC, pp. 215–226 (2002)
Dowland, P., Singh, H., Furnell, S.: A preliminary investigation of user authentication using continuous keystroke analysis. In: In Proc. 8th IFIP Annual Working Conf. on Information Security Mangement and Small System Security (2001)
Florencio, D., Herley, C.: A large-scale study of web password habits. In: R. Selva WWW ’07: Proceedings of the 16th international conference on World Wide Web, pp. 657–666. ACM, New York, (2007). http://doi.acm.org/10.1145/1242572.1242661
Furnell, S., Morrissey, J.P., Sanders, P.W., Stockel, C.T.: Applications of keystroke analysis for improved login security and continuous user authentication. In: SEC, pp. 283–294 (1996)
Gaines, R., Lisowksi, W., Press, W., Shapiro, S.: Authentication by keystroke timing: Some preliminary results. Rand Report R-256-NSF, The Rand Corporation, Santa Monica, CA (1980)
Garcia, J.: Personal identification apparatus. Patent 4,621,334, U.S. Patent and Trademark Office, Washington, D.C. (1986)
Gunetti, D., Picardi, C.: Keystroke analysis of free text. ACM Trans. Inf. Syst. Secur. 8(3), 312–347 (2005). http://doi.acm.org/10.1145/1085126.1085129
Ives, B., Walsh, K.R., Schneider, H.: The domino effect of password reuse. Commun. ACM 47(4), 75–78 (2004). http://doi.acm.org/10.1145/975817.975820
How to fix your life in 2004; simple ways to cut travel, college tabs, even waistlines. Wall Street Journal (Eastern Edition) p. D.1. 12/31/2003
Janakiraman, R., Sim, T.: Keystroke dynamics in a general setting. In: ICB, pp. 584–593 (2007)
Joyce, R., Gupta, G.: Identity authentication based on keystroke latencies. Commun. ACM 33(2) (1990)
Lee, J.W., Choi, S.S., Moon, B.R.: An evolutionary keystroke authentication based on ellipsoidal hypothesis space. In: R. Selva GECCO ’07: Proceedings of the 9th annual conference on Genetic and evolutionary computation, pp. 2090–2097. ACM, New York (2007). http://doi.acm.org/10.1145/1276958.1277365
Leggett, J., Williams, G., Usnick, M., Longnecker, M.: Dynamic identity verification via keystroke characteristics. Int. J. Man-Mach. Stud. 35(6), 859–870 (1991). http://dx.doi.org/10.1016/S0020-7373(05)80165-8
Maisuria, L.K., Ong, C.S., Lai, W.K.: A comparison of artificial neural networks and cluster analysis for typing biometrics authentication. In: International Joint Conference on Neural Networks (IJCNN), 5, 3295–3299 (1999)
Monrose, F., Reiter, M.K., Wetzel, S.: Password hardening based on keystroke dynamics. Int. J. Inf. Sec. 1(2), 69–83 (2002)
Noguchi, Y.: Access denied. The Washington Post (2006). http://www.washingtonpost.com/ wp-dyn/content/article/2006/09/22/AR2006092201612_pf.html
Obaidat, M.S., Macchairolo, D.T.: An on-line neural network system for computer access security. IEEE Trans. Ind. Electron. 40(2), 235–241 (1993)
Obaidat, M.S., Sadoun, B.: Verification of computer users using keystroke dynamics. IEEE Trans. Syst. Man Cybern. 27(2), 261–269 (1997)
Schneier, B.: Applied Cryptography: Protocols, Algorithms, and Source Code in C, second edn. Wiley, New York (1996)
Shaffer, G.: Geodsoft good and bad passwords how-to: An example list of common and especially bad passwords (2004). http://geodsoft.com/howto/password/common.htm
Software package c5.0 / see5 (2004). http://www.rulequest.com/see5-info.html
Sung, K.S., Cho, S.: GA SVM Wrapper Ensemble for Keystroke Dynamics Authentication. In: ICB, pp. 654–660 (2006)
Young, J.R., Hammon, R.W.: Method and apparatus for verifying an individuals identity. Patent 4,805,222, U.S. Patent and Trademark Office, Washington, D.C. (1989)
Yu E., Cho S.: Keystroke dynamics identity verification - its problems and practical solutions. Comput. Secur. 23(5), 428–440 (2004)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag London Limited
About this chapter
Cite this chapter
Bartlow, N., Cukic, B. (2009). Keystroke Dynamics-Based Credential Hardening Systems. In: Tistarelli, M., Li, S.Z., Chellappa, R. (eds) Handbook of Remote Biometrics. Advances in Pattern Recognition. Springer, London. https://doi.org/10.1007/978-1-84882-385-3_14
Download citation
DOI: https://doi.org/10.1007/978-1-84882-385-3_14
Publisher Name: Springer, London
Print ISBN: 978-1-84882-384-6
Online ISBN: 978-1-84882-385-3
eBook Packages: Computer ScienceComputer Science (R0)