1 / 12

Keystroke Authentication It’s All in How You Type

bioChec™. Keystroke Authentication It’s All in How You Type. John C. Checco BiometriTech 2003. Overview. What is Keystroke Authentication How Effective is Keystroke Authentication Advantages of Keystroke Authentication Markets for Keystroke Authentication

kendra
Download Presentation

Keystroke Authentication It’s All in How You Type

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. bioChec™ Keystroke AuthenticationIt’s All in How You Type John C. Checco BiometriTech 2003

  2. Overview • What is Keystroke Authentication • How Effective is Keystroke Authentication • Advantages of Keystroke Authentication • Markets for Keystroke Authentication • Future for Keystroke Authentication

  3. What is Keystroke Authentication • Biological Measurements • Measurement of physical aspects of a person that determine identity • Static measurement • Absolute match • Quality of measurement is only variable by the quality of the capture device. • Examples: • DNA, • Iris/Retina Scan, • Fingerprint, • Hand Geometry … • Behavioral Measurements • Measurement of characteristic traits exhibited by a person that can determine identity • Dynamic measurement • Confidence match • Quality of measurement varies by behavioral and other external factors. • Examples: • Keystroke Heuristics, • Handwriting Analysis, • Voice Verification …

  4. What is Keystroke Authentication • Keystroke Heuristics / Keystroke Dynamics • Pattern exhibited by a person using an input device in a consistent manner • Keyboard, Keypad, Stylus • Relies on spatial configuration, timing, cadence, and content. • Measurements captured are already available by the input device: • Dwell time • Flight time • Absolute versus Relative timing • Processing consists of deducing a series of key factors from an arbitrary data stream: • Robotic vision, Economic trending, Quantum physics • Being consistent as well as consistently inconsistent.

  5. What is Keystroke Authentication • History of the World, Part I • 1979: • Technology originally developed by SRI International. • 1984: • National Bureau of Standards (NBS) study concluded that computer keystroke authentication of 98% accuracy. • 1988: • Keystroke authentication hardware device passes NIST Computer Security Act of 1987. • 2000: • Keystroke authentication passes the Financial Services Technology Consortium (FSTC) / International Biometric Group (IBG) Comparative Testing program. • Patents (partial list): • 4621344, 5557686, 4805222, 4962530, 4998279, 5056141

  6. How Effective is Keystroke Authentication • Fingerprint • FAR= ~0% • FRR= ~1% • Keystroke Heuristics • FAR = ~0.01% • FRR = ~3.0% • Manufacturer recommended settings • Variable (application-defined) • Facial Recognition • FAR/FRR vary according to: compression, distance, illumination, media, pose, resolution, and other temporal factors. • Voice Recognition • FAR = ~1.6% • FRR = ~8.1%

  7. How Effective is Keystroke Authentication • What If …. • I injure my hand? • How many people have you met that have had hand injuries? • How many people have you met that forgot their password? • I enrolled on one keyboard and want to login on another? • Tactile versus membrane • Full-size versus compact • Key-character layout • My connection is hijacked and someone replays my keystrokes? • Fraud detection methods vary by manufacturer. • I have a bad day?

  8. Advantages of Keystroke Authentication • Deployment / Maintenance: • No physical hardware to install or maintain. • No manpower needed on client-side deployment for installations or upgrades. • Technical: • Inherently narrows the identification pool to achieve authentication FAR/FRR. • Portable: • Users are not limited to individual or specific workstations. • Can support remote access and telecommuting • Adjustable: • Application and/or user managed levels of security. • Can constantly adjust/refine a user’s biometric template over time. • Breadth: • Software-only components allow integration into any software project. • User Acceptance: • Non-invasive capture • Can support invisible (background) enrollment. • Works better with phrases familiar (easy to remember) for the user.

  9. Markets for Keystroke Authentication • Network Security: • Integration with Single Sign-on Solutions. • RADIUS integration • Integration into terminal access applications. • Integration into NTFS Volume Protection. • Promote proper use of existing licensing. • Logging of biometric access creates better forensic evidence. • Personal Information Security: • Primary authorization for individual document encryption. • Secondary authorization mechanism for online purchases. • Asset Identification: • Integration with Online Training/Testing. • Document signing (e.g. HIPAA) • Software Licensing and Registration.

  10. Future for Keystroke Authentication • Consumer Market: • ATM • PDA • RIM • Cell phones • Home Security Access Pads

  11. Questions and Comments • Notes:

  12. Contact Information • John C. Checco • President, bioChec™ • Checco Services, Inc. • info@biochec.com • 1-845-942-4246

More Related