• International Journal of Fuzzy Logic and Intelligent Systems
• /
• 제15권4호
• /
• pp.295-299
• /
• 2015

The developed security scheme for user authentication, which uses both a password and the various devices, is always open by malicious user. In order to solve that problem, a keystroke dynamics is introduced. A person's keystroke has a unique pattern. That allows the use of keystroke dynamics to authenticate users. However, it has a problem to authenticate users because it has an accuracy problem. And many people use passwords, for which most of them use a simple word such as "password" or numbers such as "1234." Despite people already perceive that a simple password is not secure enough, they still use simple password because it is easy to use and to remember. And they have to use a secure password that includes special characters such as "#!($^*$)^". In this paper, we propose the automatic fortified password generator system which uses special characters and keystroke feature. At first, the keystroke feature is measured while user key in the password. After that, the feature of user's keystroke is classified. We measure the longest or the shortest interval time as user's keystroke feature. As that result, it is possible to change a simple password to a secure one simply by adding a special character to it according to the classified feature. This system is effective even when the cyber attacker knows the password.

• 한국멀티미디어학회논문지
• /
• 제17권8호
• /
• pp.968-976
• /
• 2014

Authentication methods on smartphone are demanded to be implicit to users with minimum users' interaction. Existing authentication methods (e.g. PINs, passwords, visual patterns, etc.) are not effectively considering remembrance and privacy issues. Behavioral biometrics such as keystroke dynamics and gait biometrics can be acquired easily and implicitly by using integrated sensors on smartphone. We propose a biometric model involving keystroke dynamics for implicit authentication on smartphone. We first design a feature extraction method for keystroke dynamics. And then, we build a fusion model of keystroke dynamics and gait to improve the authentication performance of single behavioral biometric on smartphone. We operate the fusion at both feature extraction level and matching score level. Experiment using linear Support Vector Machines (SVM) classifier reveals that the best results are achieved with score fusion: a recognition rate approximately 97.86% under identification mode and an error rate approximately 1.11% under authentication mode.

• 산업공학
• /
• 제25권3호
• /
• pp.290-299
• /
• 2012

Keystroke dynamics refers to a way of typing a string of characters. Since one has his/her own typing behavior, one's keystroke dynamics can be used as a distinctive biometric feature for user authentication. In this paper, two authentication algorithms based on keystroke dynamics of long and free texts are proposed. The first is the K-S score, which is based on the Kolmogorov-Smirnov test, and the second is the 'R-A' measure, which combines 'R' and 'A' measures proposed by Gunetti and Picardi (2005). In order to verify the authentication performance of the proposed algorithms, we collected more than 3,000 key latencies from 34 subjects in Korean and 35 subjects in English. Compared with three benchmark algorithms, we found that the K-S score was outstanding when the reference and test key latencies were not sufficient, while the 'R-A' measure was the best when enough reference and test key latencies were provided.

• 한국정보통신학회논문지
• /
• 제10권5호
• /
• pp.956-961
• /
• 2006

키스트로크 시간간격은 컴퓨터사용자의 검증 및 인식에서 분별적인 특징이 될 수 있다. 본 논문은 키스트로크 시간간격을 특징으로, 신경망의 역전파 알고리즘과 Bayesian 분류기, 그리고 k-NN을 이용한 분류기의 사용자 인식 성능을 비교 실험하였다. 실험 결과, 사용자당 샘플의 개수가 작을 경우에는 k-NN 알고리즘이 가장 성능이 좋았고, 사용자당 샘플의 개수가 많을 경우에는 Bayesian 분류기의 성능이 가장 뛰어난 결과를 보였다. 따라서 웹기반 온라인 사용자인식을 위해서는 사용자별 키스트로크 샘플의 수에 따라 k-NN이나 Bayesian 분류기를 선택적으로 사용하는 것이 바람직할 것으로 보인다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제13권8호
• /
• pp.4076-4092
• /
• 2019

Nowadays, most users access internet through mobile applications. The common way to authenticate users through websites forms is using passwords; while they are efficient procedures, they are subject to guessed or forgotten and many other problems. Additional multi modal authentication procedures are needed to improve the security. Behavioral authentication is a way to authenticate people based on their typing behavior. It is used as a second factor authentication technique beside the passwords that will strength the authentication effectively. Keystroke dynamic rhythm is one of these behavioral authentication methods. Keystroke dynamics relies on a combination of features that are extracted and processed from typing behavior of users on the touched screen and smart mobile users. This Research presents a novel analysis in the keystroke dynamic authentication field using two features categories: timing and no timing combined features. The proposed model achieved lower error rate of false acceptance rate with 0.1%, false rejection rate with 0.8%, and equal error rate with 0.45%. A comparison in the performance measures is also given for multiple datasets collected in purpose to this research.

• 한국정보보호학회:학술대회논문집
• /
• 한국정보보호학회 1997년도 종합학술발표회논문집
• /
• pp.345-353
• /
• 1997

Password checking is the most popular user authentication method. The keystroke dynamics can be combined to result in a more secure system. We propose an autoassociator multilayer perceptron which is trained with the timing vectors of the owner's keystroke dynamics and then used to discriminate between the owner and an imposter. An imposter typing the correct password can be detected with a very high accuracy using the proposed approach. The approach can also be used over the internet such as World Wide Web when implemented using a Java applet.

• International journal of advanced smart convergence
• /
• 제5권3호
• /
• pp.40-46
• /
• 2016

The internet allows the information to flow at anywhere in anytime easily. Unfortunately, the network also becomes a great tool for the criminals to operate cybercrimes such as identity theft. To prevent the issue, using a very complex password is not a very encouraging method. Alternatively, keystroke dynamics helps the user to solve the problem. Keystroke dynamics is the information of timing details when a user presses a key or releases a key. A machine can learn a user typing behavior from the information integrate with a proper machine learning algorithm. In this paper, we have proposed mini-batch ensemble (MIBE) method which does the preprocessing on the original dataset and then produces multiple mini batches in the end. The mini batches are then trained by a machine learning algorithm. From the experimental result, we have shown the improvement of the performance for each base algorithm.

• 대한산업공학회지
• /
• 제42권4호
• /
• pp.280-289
• /
• 2016

User authentication is an important issue on computer network systems. Most of the current computer network systems use the ID-password string match as the primary user authentication method. However, in password-based authentication, whoever acquires the password of a valid user can access the system without any restrictions. In this paper, we present a keystroke dynamics-based user authentication to resolve limitations of the password-based authentication. Since most previous studies employed a fixed-length text as an input data, we aims at enhancing the authentication performance by combining four different variable creation methods from a variable-length free text as an input data. As authentication algorithms, four one-class classifiers are employed. We verify the proposed approach through an experiment based on actual keystroke data collected from 100 participants who provided more than 17,000 keystrokes for both Korean and English. The experimental results show that our proposed method significantly improve the authentication performance compared to the existing approaches.

• 정보보호학회논문지
• /
• 제28권2호
• /
• pp.369-383
• /
• 2018

비밀번호 입력 또는 잠금 패턴을 이용한 사용자 인증은 스마트폰의 사용자 인증 방식으로 널리 사용되고 있다. 하지만 엿보기 공격 등에 취약하고 복잡도가 낮아 보안성이 낮다. 이러한 문제점을 보완하기 위해 키스트로크 다이나믹스를 인증에 적용하여 복합 인증을 하는 방식이 등장하였고 이에 대한 연구가 진행되어 왔다. 하지만, 많은 연구들이 분류기 학습에 있어서 비정상 사용자의 데이터를 함께 사용하고 있다. 키스트로크 다이나믹스를 실제 적용 시에는 정상 사용자의 데이터만을 학습에 사용할 수 있는 것이 현실적이고, 타인의 데이터를 비정상 사용자 학습 데이터로 사용하는 것은 인증자료 유출 및 프라이버시 침해 등의 문제가 발생할 수 있다. 이에 대한 대응으로, 본 논문에서는 거리기반 분류기 사용에 있어서, 분류 시 필요한 임계값의 최적 비율을 실험을 통해 구하고, 이를 밝힘으로써 실제 적용에서 정상 사용자 자료만을 이용하여 학습하고, 이 결과에 최적 비율을 적용하여 사용할 수 있도록 공헌하고자 한다.

• 전자공학회논문지CI
• /
• 제45권5호
• /
• pp.25-31
• /
• 2008

이러닝 시스템의 가장 중요한 부분 중 하나가 인증이다. 왜냐하면 적법한 학습자가 학습 시스템에 접속해서 학습하고, 평가 받는 것은 매우 중요하기 때문이다. 하지만, 대부분의 시스템이 학습자의 아이디와 패스워드를 사용한 인증을 사용하고 있다. 이 경우에 해커가 어렵지 않게 아이디와 패스워드를 해킹할 수 있다. 또한, 학습자가 자신의 정보를 다른 동료에게 주어 대신 평가를 받는 수 있다. 이와 같은 문제를 해결하기 위해서는 생체 인증 방법이 보완으로 필요하다. 이와 같은 방법은 상대적으로 많은 비용이 들고 또한 거부감이 있다. 따라서, 본 논문에서는 키스트로크 방법을 이용하여 학습자가 적법한 학습자인가를 판단하는 방법을 제안하였다. 또한, 키스트로크 시스템의 성능을 위해서 통계와 신경망을 적용하였다. 그 결과, 키스트로크의 인증에서 FRR과 FAR의 성능이 개선되었다.