IE interfaces (산업공학)

Korean Institute of Industrial Engineers (대한산업공학회)
권호 표지
DOI QR코드

DOI QR Code

A Study on User Authentication based on Keystroke Dynamics of Long and Free Texts

자유로운 문자열의 키스트로크 다이나믹스를 활용한 사용자 인증 연구

  • Kang, Pil-Sung (Department of Industrial and Information Systems Engineering, Seoul National University of Science and Technology (Seoultech)) ;
  • Cho, Sung-Zoon (Industrial Engineering, Seoul National University)
  • 강필성 (서울과학기술대학교 글로벌융합산업공학과) ;
  • 조성준 (서울대학교 산업공학과)
  • Received : 2011.07.18
  • Accepted : 2011.12.30
  • Published : 2012.09.01
Download PDF
⟨ Previous Next ⟩

Abstract

Keystroke dynamics refers to a way of typing a string of characters. Since one has his/her own typing behavior, one's keystroke dynamics can be used as a distinctive biometric feature for user authentication. In this paper, two authentication algorithms based on keystroke dynamics of long and free texts are proposed. The first is the K-S score, which is based on the Kolmogorov-Smirnov test, and the second is the 'R-A' measure, which combines 'R' and 'A' measures proposed by Gunetti and Picardi (2005). In order to verify the authentication performance of the proposed algorithms, we collected more than 3,000 key latencies from 34 subjects in Korean and 35 subjects in English. Compared with three benchmark algorithms, we found that the K-S score was outstanding when the reference and test key latencies were not sufficient, while the 'R-A' measure was the best when enough reference and test key latencies were provided.

Keywords

References

  1. Bleha, S., Slivinsky, C., and Hussien, B. (1990), Computer-access Security Systems using Keystroke Dynamics, IEEE Transactions on Pattern Analysis and Machine Intelligence, 12(12), 1217-1222. https://doi.org/10.1109/34.62613
  2. Chen, W. and Chang W. (2004), Applying Hidden Markov Models to Keystroke Pattern Analysis for Password Verification, Proc. 2004 IEEE Int. Conf. on Information Reuse and Integration, 467-474.
  3. Crawford, H. (2010), Keystroke Dynamics : Characteristics and Opportunities, Proc. Int, Conf. on Privacy, Security, and Trust, 205-212.
  4. Filho, J. R. M. and Freire, E. O. (2006), On the Equalization of Keystroke Timing Histograms, Pattern Recognition, 27(13), 1440-1446. https://doi.org/10.1016/j.patrec.2006.01.010
  5. Frank, J. and Massey, Jr. (1951), The Kolmogorov-Smirnov Test for Goodness of Fit, Journal of the American Statistical Association, 46(253), 68-78. https://doi.org/10.1080/01621459.1951.10500769
  6. Furnell, S. and Clarke, N. (2005), Biometrics : No Silver Bullets, Computer Fraud and Security, 2005(8), 9-14. https://doi.org/10.1016/S1361-3723(05)70243-8
  7. Giot, R., Hemery, B., and Rosenberger, C. (2010), Low Cost and Usable Multimodal Biometric System based on Keystroke Dynamics and 2D Face Recognition, Proc. Int. Conf. on Pattern Recognition, 1128-1131.
  8. Gunetti, D. and Picardi, C. (2005), Keystroke Analysis of Free Text, ACM Transaction on Information System Security, 8(3), 312-347. https://doi.org/10.1145/1085126.1085129
  9. Hosseinzadeh, D. and Krishnan, S. (2008), Gaussian Mixture Modeling of Keystroke Patterns for Biometric Applications, IEEE Transactions on Systems, Man, and Cybernetics-Part C : Applications and Reviews, 38(6), 816-826. https://doi.org/10.1109/TSMCC.2008.2001696
  10. Hu, J., Gingrich, D., and Sentosa, A. (2007), A k-Nearest Neighbor Approach for User Authentication through Biometric Keystroke Dynamics, Proc. 2007 IEEE Int. Conf. on Communications, 1156-1560.
  11. Jain, A. K., Bolle, R., and Pankanti, S. (1999), Biometrics : Personal Identification in Networked Society, Kluwer, Massachusetts, USA.
  12. Kang, P. and Cho, S. (2009), A Hybrid Novelty Score and Its Use in Keystroke Dynamics-based User Authentication, Pattern Recognition, 42(11), 3115-3127. https://doi.org/10.1016/j.patcog.2009.04.009
  13. Kang, P., Park, S., Hwang, S., Lee, H., and Cho, S. (2008), Improvement of Keystroke Data Quality through Artificial Rhythms and Cues, Computers and Security, 27(1-2), 3-11. https://doi.org/10.1016/j.cose.2008.02.001
  14. Monrose, F., Reither, M. K., and Wetzel, S. (2002), Password Hardening based on Keystroke Dynamics, International Journal of Information Security, 1(2), 69-83. https://doi.org/10.1007/s102070100006
  15. Monrose, F. and Rubin, A. D. (2000), Keystroke Dynamics as a Biometric for Authentication, Future Generation Computer Systems, 16(4), 351-359. https://doi.org/10.1016/S0167-739X(99)00059-X
  16. Peacock, A., Ke, X., and Wilkerson, M. (2004), Typing Patterns : A Key to User Identification, IEEE Security and Privacy, 2(5), 40-47.
  17. Prabhakar, S., Pankanti, S., and Jain, A. K. (2003), Biometric Recognition : Security and Privacy Concerns, IEEE Security and Privacy, 1(2), 33-42. https://doi.org/10.1109/MSECP.2003.1193209
  18. Sheng, Y., Phoha, V. V., and Rovnyak, S. M. (2005), A Parallel Decision Treebased Method for User Authentication based on Keystroke Patterns, IEEE Transactions on Systems, Man, and Cybernetics-Part B : Cybernetics, 35(4) 826-833. https://doi.org/10.1109/TSMCB.2005.846648
  19. Sinthupinyo, S., Roadrungwasinkul, W., and Chantan, C. (2009), User Recognition via Keystroke Latencies using SOM and Backpropagation Neural Network, Proc. Int. Joint Conf. on Institute of Control, Robotics, and Systems (ICROS) and Society of Instrument and Control Engineers (SICE), 3160-3165.
  20. Subashini, S. and Kavitha, V. (2011), A Survey on Security Issues in Service Delivery Models of Cloud Computing, Journal of Network and Computer Applications, 34(1), 1-11. https://doi.org/10.1016/j.jnca.2010.07.006
  21. Yager, N. and Dunstone, Y. (2010), The Biometric Menagerie, IEEE Transactions on Pattern Analysis and Machine Intelligence, 32(2), 220-230. https://doi.org/10.1109/TPAMI.2008.291
  22. Yan, J., Blackwell, A., Anderson, R., and Grant, A. (2004), Password Memorability and Security : Empirical Results, IEEE Security and Privacy, 2(5), 25-31. https://doi.org/10.1109/MSP.2004.81
  23. Zhang, Y., Chang, G., Liu, L., and Jia, J. (2010), Authenticating User's Keystroke based on Statistical Models, Proc. 4th Int. Conf. on Genetic and Evolutionary Computing, 578-581.
  24. Zissis, D. and Lekkas, D. (2010), Addressing Cloud Computing Security Issues, Future Generation Computer Systems doi:10.1016/j.future.2010.12.006.