Skip to main content
Log in

Secure and privacy preserving data processing support for active authentication

  • Published:
Information Systems Frontiers Aims and scope Submit manuscript

Abstract

Keystroke dynamics and mouse movements are effective behavioral biometric modalities for active authentication. However, very little is done on the privacy of collection and transmission of keyboard and mouse data. In this paper, we develop a rule based data sanitization scheme to detect and remove personally identifiable and other sensitive information from the collected data set. Preliminary experiments show that our scheme incurs on average 5.69 % false negative error rate and 0.64 % false positive error rate. We also develop a data transmission scheme using the Extensible Messaging and Presence Protocol (XMPP) to guarantee privacy during transmission. Using these two schemes as a basis, we develop two distinct architectures for providing secure and privacy preserving data processing support for active authentication. These architectures provide flexibility of use depending upon the application environment.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

References

  • Ahmed, A., & Traore, I. (2005). Anomaly Intrusion Detection based on Biometrics. In Proceedings of the 2005 I.E. Workshop on Information Assurance. West Point.

  • Ahmed, W., & Athreya, J. (2013). Data Masking Best Practices. An Oracle White Paper (June 2013).

  • Bergadano, F., Gunetti, D., & Picardi, C. (2002). User authentication through keystroke dynamics. ACM Transactions on Information and System Security, 5, 367–397.

    Article  Google Scholar 

  • Garg, A., Rahalkar, R., Upadhyaya, S., & Kwiat, K. (2006). Profiling Users in GUI Based Systems for Masquerade Detection. In Proceedings of 7th Annual IEEE Information Assurance Workshop (IAW 2006). United States Military Academy, West Point.

  • Goecks, J., & Shavlik, J. (1999). Automatically Labeling Web Pages Based on Normal User Actions. In IJCAI Workshop on Machine Learning for Information Filtering. Stockholm.

  • Gunetti, D., & Picardi, C. (2005). Keystroke analysis of free text. ACM Transactions on Information and System Security (ACM TISSEC), 8(3), 312–347.

    Article  Google Scholar 

  • Gupta, A., Asthana, A., & Gupta, N. (2008). Masquerade Detection using Typing Pattern. In Proceedings of 2nd National Conference on Challenges and Opportunities in Information Technology (COIT-2008). Mandi Gobindgarh.

  • Jabber Inc. (1998). Jabber.org.

  • Johansson, L. (2005). XMPP as MOM. Greater NOrdic Middleware Symposium (GNOMIS). Oslo: University of Stockholm.

  • Leggett, J., Williams, G., Usnick, M., & Longnecker, M. (1991). Dynamic identity verification via keystroke characteristics. International Journal of Man-Machine Studies, 35.6(1991), 859–870.

    Article  Google Scholar 

  • Monrose, F., & Rubin, A. (1997). Authentication via Keystroke Dynamics. In ACM Conference on Computer and Communications Security. Zurich, pages 48–56.

  • Pusara, M., & Brodley, C. E. (2004). User re-authentication via mouse movements. In VizSEC/DMSEC04: Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security. Washington DC, pages 1–8.

  • Radhakrishnan, R., Kharrazi, M., & Memon, N. (2005). Data masking: a new approach for steganography? The Journal of VLSI Signal Processing, 41(3), 293–303.

    Article  Google Scholar 

  • Ravikumar, G. K., Manjunath, T. N., Ravindra, S., & Umesh, I. M. (2011). A survey on recent trends, process and development in data masking for testing. IJCSI, 534.

  • Shavlik, J., Shavlik, M., & Fahland, M. (2001). Evaluating Software Sensors for Actively Profiling Windows 2000 Computer Users. In Fourth International Symposium on Recent Advances in Intrusion Detection. Davis.

Download references

Acknowledgments

This research is supported in part by NSF Grant No. CNS: 1314803. Usual disclaimers apply. A preliminary version of this paper was presented at the 6th Secure Knowledge Management Conference at Dubai, UAE in December 2014.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Shambhu Upadhyaya.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Sun, Y., Upadhyaya, S. Secure and privacy preserving data processing support for active authentication. Inf Syst Front 17, 1007–1015 (2015). https://doi.org/10.1007/s10796-015-9587-9

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10796-015-9587-9

Keywords

Navigation