Abstract
Usernames and passwords stubbornly remain the most prevalent authentication mechanism. Password secrecy ensures that only genuine users are granted access. If the secret is breached, impostors gain the access too. One method of strengthening password authentication is through keystroke dynamics. Keystroke dynamics algorithms typically constrain the authentication entry to one valid sequence of key presses. In this paper, we introduce the concept of event sequences. We explore the nature of variations between multiple valid key-entry sequences and propose a scheme that effectively represents these variations. We test the efficacy of the new authentication method in distinguishing users. The experimental results show that typing proficiency of individuals is not the only determining authentication factor. We show that typing sequence variations contain sufficient discriminatory information to warrant their inclusion into user authentication methods. Based on these results, we present a novel strategy to create feature vectors for keystroke dynamics-based authentication. The proposed approach ensures that the feature vector’s length and structure are related only to the length of the password, independent of its content or the order of keys pressed. This normalization of feature vector structure has multiple advantages including leveraging the discriminatory power of event sequences, faster search-and-retrieval in n-graph-based authentication systems, and simplicity. The proposed authentication scheme is applicable to both static and continual authentication systems.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Allen, J. D. (2010). An analysis of pressure-based keystroke dynamics algorithms. PhD Thesis, Southern Methodist University.
ANSI-INCITS-154-1988. (1988). Office machines and supplies: Alphanumeric machines—keyboard arrangement. http://www.webstore.ansi.org/
Banerjee, S. P., & Woodard, D. L. (2012). Biometric authentication and identification using keystroke dynamics: A survey. Journal of Pattern Recognition Research, 7(1), 116–139.
Bartlow, N., & Cukic, B. (2006). Evaluating the reliability of credential hardening through keystroke dynamics. In 17th international symposium on software reliability engineering, 2006. ISSRE’06 (pp 117–126). IEEE.
Bello, L., Bertacchini, M., Benitez, C., Pizzoni, J. C., & Cipriano, M. (2010). Collection and publication of a fixed text keystroke dynamics dataset. In XVI Congreso Argentino de Ciencias de la Computación.
Bleha, S., Slivinsky, C., & Hussien, B. (1990). Computer-access security systems using keystroke dynamics. IEEE Transactions on Pattern Analysis and Machine Intelligence, 12(12), 1217–1222.
Bortz, J., Lienert, G. A., & Boehnke, K. (2000). Verteilungsfreie methoden in der biostatistik. Berlin: Springer.
Crenshaw, A. (2009). Changing your mac address in window xp/vista, linux and mac os x. http://www.irongeek.com/i.php?page=security/changemac
Friedman, M. (1937). The use of ranks to avoid the assumption of normality implicit in the analysis of variance. Journal of the American Statistical Association, 32(200), 675–701.
Giot, R., El-Abed, M., & Rosenberger, C. (2009). Greyc keystroke: A benchmark for keystroke dynamics biometric systems. In IEEE 3rd international conference on biometrics: Theory, applications, and systems, 2009. BTAS’09 (pp 1–6). IEEE.
Gross, R., & Acquisti, A. (2005). Information revelation and privacy in online social networks. In Proceedings of the 2005 ACM workshop on privacy in the electronic society (pp. 71–80). New York: ACM.
ISO/IEC-9995-3:2010. (2010). Information technology: Keyboard layouts for text and office systems—part 3: Complementary layouts of the alphanumeric zone of the alphanumeric section. http://www.iso.org/iso/home/store.htm
JISX-6002:1980. (1988). Keyboard layout for information processing using the jis 7 bit coded character set. http://www.webstore.jsa.or.jp/
Killourhy, K. S., & Maxion, R. A. (2009). Comparing anomaly-detection algorithms for keystroke dynamics. In IEEE/IFIP international conference on dependable systems and networks, 2009. DSN’09 (pp. 125–134). IEEE.
Microsoft (2014a). The microsoft keyboard layout creator. http://msdn.microsoft.com/en-us/goglobal/bb964665.aspx
Microsoft (2014b) Windows keyboard layouts. http://msdn.microsoft.com/en-us/goglobal/bb964651.aspx
Montalvao, J., Almeida, C. A. S., & Freire, E. O. (2006). Equalization of keystroke timing histograms for improved identification performance. In 2006 International telecommunications symposium (pp. 560–565). IEEE.
Ross, A., & Jain, A. (2004). Biometric sensor interoperability: A case study in fingerprints. In D. Maltoni & A. K. Jain (Eds.), Biometric authentication (pp. 134–145). Berlin, Heidelberg: Springer.
Syed, Z., Banerjee, S., Cheng, Q., & Cukic, B. (2011). Effects of user habituation in keystroke dynamics on password security policy. In 2011 IEEE 13th international symposium on high-assurance systems engineering (HASE) (pp. 352–359). IEEE.
Vu, K. P. L., Bhargav, A., & Proctor, R. W. (2003). Imposing password restrictions for multiple accounts: Impact on generation and recall of passwords. In Proceedings of the human factors and ergonomics society annual meeting (Vol. 47, pp. 1331–1335). London:SAGE.
Young, J., & Hammon, R. (1989). Method and apparatus for verifying an individual’s identity. https://www.google.com/patents/US4805222. US Patent 4,805,222.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Syed, Z., Banerjee, S. & Cukic, B. Normalizing variations in feature vector structure in keystroke dynamics authentication systems. Software Qual J 24, 137–157 (2016). https://doi.org/10.1007/s11219-014-9263-1
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11219-014-9263-1