skip to main content
article

Keystroke analysis of free text

Published: 01 August 2005 Publication History

Abstract

Keystroke dynamics can be useful to ascertain personal identity even after an authentication phase has been passed, provided that we are able to deal with the typing rhythms of free text, chosen and entered by users without any specific constraint. In this paper we present a method to compare typing samples of free text that can be used to verify personal identity. We have tested our technique with a wide set of experiments on 205 individuals, obtaining a False Alarm Rate of less than 5% and an Impostor Pass Rate of less than 0.005%. Different trade-offs are, however, possible. Our approach can rely on what is typed by people because of their normal job, and a few lines of text, even collected in different working sessions, are sufficient to reach a high level of accuracy, which improves proportionally to the amount of available information: As a consequence, we argue that our method can be useful in computer security as a complementary or alternative way to user authentication and as an aid to intrusion detection.

References

[1]
Ashbourn, J. 2000a. Biometrics: Advanced Identity Verification. Springer.
[2]
Ashbourn, J. 2000b. The distinction between authentication and identification. Paper available at the Avanti Biometric Reference Site. (homepage.ntlworld.com/avanti).
[3]
Axelsson, S. 1999. The base-rate fallacy and its implications for the difficulty of intrusion detection. In Proc. of the 6th ACM Conf. on Computer and Comm. Security. Singapore.
[4]
BBC 2000. You must remember this… that and other. BBC News. Also available at: news.bbc.co.uk/hi/english/uk/newsid_720000/720976.stm.
[5]
Bergadano, F., Gunetti, D., and Picardi, C. 2002. User authentication through keystroke dynamics. ACM Transactions on Information and System Security 5, 4.
[6]
Bergadano, F., Gunetti, D., and Picardi, C. 2003. Identity verification through dynamic keystroke analysis. Journal of Intelligent Data Analysis 7, 5.
[7]
Bleha, S., Slivinsky, C., and Hussein, B. 1990. Computer-access security systems using keystroke dynamics. IEEE Transactions on Pattern Analysis and Machine Intelligence 12, 12, 1217--1222.
[8]
Brown, M. and Rogers, S. J. 1993. User identification via keystroke characteristics of typed names using neural networks. International Journal of Man-Machine Studies 39, 999--1014.
[9]
Clarke, N., Furnell, S., Lines, B., and Reynolds, P. 2003. Using keystroke analysis as a mechanism for subscriber authentication on mobile handsets. In Proc. 18th Conf. on Information Security. (IFIP/SEC 2003). Kluwer, Athens, Greece.
[10]
Dowland, P., Singh, H., and Furnell, S. 2001. A preliminary investigation of user authentication using continuous keystroke analysis. In Proc. 8th IFIP Annual Working Conf. on Information Security Mangement and Small System Security. Las Vegas, Nevada.
[11]
Dowland, P., Furnell, S., and Papadaki, M. 2002. Keystroke analysis as a method of advanced user authentication and response. In Proc. of the 17th IFIP/SEC 2002 Conference. Kluwer, Cairo, Egypt.
[12]
Furnell, S., Morrissey, J., Sanders, P., and Stockel, C. 1996. Applications of keystroke analysis for improved login security and continuous user authentication. In Proc. 12th Conf. on Information Security. (IFIP/SEC 1996). Samos, Greece.
[13]
Gunetti, D. and Bergadano, F. 2002. Method and apparatus for verifying an individual's identity based on biometric keystroke properties. Italian Industrial Patent n. 1.311.278.
[14]
Joyce, R. and Gupta, G. 1990. User authorization based on keystroke latencies. Communications of the ACM 33, 2, 168--176.
[15]
Lee, J. 1999. Forgot a password? try way2many; better on-line security has meant more passwords, and more frustrate users. The New York Times. See also at: www.azstarnet.com/public/startech/archive/081999/main.htm.
[16]
Leggett, J. and Williams, G. 1988. Verifying identity via keystroke characteristics. International Journal of Man-Machine Studies 28, 1, 67--76.
[17]
Leggett, J., Longnecker, M., Williams, G., and Usnick, M. 1991. Dynamic identity verification via keystroke characteristics. International Journal of Man-Machine Studies 35, 859--870.
[18]
Mansfield, T., Kelly, G., Chandler, D., and Kane, J. 2001. Biometric product testing final report. Deliverable of the biometric working group, National Physical Laboratory. Available at www.cesg.gov.uk/technology/biometrics/media/Biometric%20Test%20Report%20pt1.pdf.
[19]
McHugh, J. 2000. Testing intrusion detection systems. ACM Transactions on Information and System Security 3, 4, 262--294.
[20]
Monrose, F. and Rubin, A. 1997. Authentication via keystroke dynamics. In Proc. of the 4th ACM Conf. on Computer and Communications Security. ACM Press, New York, 48--56.
[21]
Novell ViewPoints (Gartner Group). Find the balance between network security and growing user access demands. Available at www.gartner.com/gc/webletter/novell/issue1/article1/article1.html.
[22]
Obaidat, M. S. and Sadoun, B. 1997. Verification of computer users using keystroke dynamics. IEEE Trans. on Systems, Man, and Cybernetics. Part B: Cybernetics 27, 2, 261--269.
[23]
Polemi, D. 2000. Biometric techniques: Review and evaluation of biometric techniques for identification and authentication, including an appraisal of the areas where they are most applicable. Report prepared for the European Commission DG XIII---C.4 on the Information Society Technologies. Available at: www.cordis.lu/infosec/src/stud5fr.html.
[24]
Ruggles, T. 2002. Comparison of biometric techniques. Biometric Technology, Inc. Available at www.bio-tech-inc.com/bio.htm.
[25]
Umphress, D. and Williams, G. 1985. Identity verification through keyboard characteristics. International Journal of Man-Machine Studies 23, 263--273.
[26]
Volokh, E. 2000. Personalization and privacy. Communications of the ACM 43, 8, 84--88.

Cited By

View all
  • (2025)Normalizing flow-based latent space mapping for implicit pattern authentication on mobile devicesApplied Soft Computing10.1016/j.asoc.2024.112469169(112469)Online publication date: Jan-2025
  • (2025)Free-text keystroke authentication using transformers: a comparative study of architectures and loss functionsSoft Computing10.1007/s00500-025-10524-zOnline publication date: 8-Feb-2025
  • (2025)Keystroke DynamicsEncyclopedia of Cryptography, Security and Privacy10.1007/978-3-030-71522-9_1637(1370-1375)Online publication date: 8-Jan-2025
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Information and System Security
ACM Transactions on Information and System Security  Volume 8, Issue 3
August 2005
89 pages
ISSN:1094-9224
EISSN:1557-7406
DOI:10.1145/1085126
Issue’s Table of Contents

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 August 2005
Published in TISSEC Volume 8, Issue 3

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. Biometric techniques
  2. identity verification
  3. keystroke analysis of free text

Qualifiers

  • Article

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)49
  • Downloads (Last 6 weeks)5
Reflects downloads up to 14 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2025)Normalizing flow-based latent space mapping for implicit pattern authentication on mobile devicesApplied Soft Computing10.1016/j.asoc.2024.112469169(112469)Online publication date: Jan-2025
  • (2025)Free-text keystroke authentication using transformers: a comparative study of architectures and loss functionsSoft Computing10.1007/s00500-025-10524-zOnline publication date: 8-Feb-2025
  • (2025)Keystroke DynamicsEncyclopedia of Cryptography, Security and Privacy10.1007/978-3-030-71522-9_1637(1370-1375)Online publication date: 8-Jan-2025
  • (2024)Evaluation of the Informativeness of Features in Datasets for Continuous VerificationОценивание информативности признаков в наборах данных для проведения продлённой аутентификацииInformatics and AutomationИнформатика и автоматизация10.15622/ia.23.1.323:1(65-100)Online publication date: 11-Jan-2024
  • (2024)Spotting Fake Profiles in Social Networks via Keystroke Dynamics2024 IEEE 21st Consumer Communications & Networking Conference (CCNC)10.1109/CCNC51664.2024.10454821(525-533)Online publication date: 6-Jan-2024
  • (2024)M2auth: A multimodal behavioral biometric authentication using feature-level fusionNeural Computing and Applications10.1007/s00521-024-10403-y36:34(21781-21799)Online publication date: 1-Dec-2024
  • (2024)TypeFormer: transformers for mobile keystroke biometricsNeural Computing and Applications10.1007/s00521-024-10140-236:29(18531-18545)Online publication date: 1-Oct-2024
  • (2024)Design and Implementation of Three-Defense Wall Authentication FrameworkIdentification and Mitigation of Fraudulent Online Transactions Using Authentication and Fraud Detection System10.1007/978-981-97-4888-4_5(71-90)Online publication date: 29-Nov-2024
  • (2024)Linux Kernel Keyloggers and Information SecurityHuman Aspects of Information Security and Assurance10.1007/978-3-031-72559-3_16(231-242)Online publication date: 28-Nov-2024
  • (2023)Network detection of interactive SSH impostors using deep learningProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620477(4283-4300)Online publication date: 9-Aug-2023
  • Show More Cited By

View Options

Login options

Full Access

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media