1 / 18

Keystroke Dynamics

Jacob Wise and Chong Gu. Keystroke Dynamics. Introduction. People have “unique” typing patterns “Unique” in the same way that fingerprints aren't proven unique Typing patterns could be used for authentication Stronger than password Harder to copy Can use challenge-response Inexpensive.

edith
Download Presentation

Keystroke Dynamics

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Jacob Wise and Chong Gu Keystroke Dynamics

  2. Introduction • People have “unique” typing patterns • “Unique” in the same way that fingerprints aren't proven unique • Typing patterns could be used for authentication • Stronger than password • Harder to copy • Can use challenge-response • Inexpensive

  3. Previous Work • Neural Networks • Less mainstream approach • Papers co-authored by M.S. Obaidat • “Traditional” Approach • Reference Signatures computed by calculating the Mean and Standard Deviations • Measures “distance” between Reference Signature and Test Signature • Use digraph/trigraph • Rick Joyce & Gopal Gupta (1990); F. Monrose & a. Rubin (1997); F. Bergadano, D. Bunetti, and C. Picardi (2002)

  4. First problem - Collecting Data • Built-in .NET DateTime class • Precise only to about 10 milliseconds • Methods from kernel32.dll • About 15 significant digits (don't know for sure)

  5. First Prototype • Timing Data for all fields • User Name • Password • Full Name • Mistakes not allowed • Signature object is serialized and saved to a file

  6. The World of Neural Networks • User Name / Password / Full Name unsuitable • Can't train a neural network on only positive examples • Would need to collect break-in attempts by other users • Hence the “Counterexample” option in the first prototype • Everyone-Types-The-Same-Thing works better • Hence the passage collection form...

  7. The Passage Collection Form

  8. Passage Analysis Form • Tool to help analyze collected keystroke data • Data is in .psig (PassageSignature) and .signature (Signature) files • We hope this tool will be used and extended in future work on this project • Tabs for BPN (Back-Propagation Network), more traditional analyses, and others that are yet to come

  9. Passage Analysis Form

  10. [neural networks] • Explain BPN basics • This started as just a first step • Ended up taking the whole time to tune

  11. “Traditional” Approach • Reference Signature • Computed by calculating the mean and standard deviation of samples each user has provided • Based on Press Time or Flight Time • Samples that are too far off (greater than a certain threshold above the mean) are discarded. The Means are recalculated. • This value needs to be tuned • 3 std results in 0.85% of samples being discarded • 2 std results in 5% of samples being discarded

  12. “Traditional” Approach - Reference Signatures based on Flight Time

  13. “Traditional” Approach - Reference Signatures based on Press Time

  14. “Traditional” Approach- Reference Signatures • We have noticed that there is a bigger variance between users if we base our Reference Signatures on Flight Times.

  15. “Traditional” approach- the Verifier • Two approaches have been considered, but neither is up and running • Comparing individual Press/flight time of test signature with the Mean Reference Signature. A press/flight time is considered to be valid if it is within x profile standard deviations of the mean reference digraph. (where x needs to be tuned) • Comparing the magnitude of difference between the mean reference signature (M) and the test signature (T). A certain threshold for an acceptable size of the magnitude is required. A user with a bigger variability of his/her signatures, a bigger threshold value should be used. • This approach has had some good results • Again, the threshold value needs to be tuned.

  16. Conclusion • We have... • Done lots of work but just barely scratched the surface • Focused getting some usable analysis tools up and running • Implemented fairly standard algorithms according to previous research • There is a lot of work to be done!

  17. Epilogue • Papers that excite us and into which we didn't have time to seriously delve: • “User Authentication through Keystroke Dynamics” Bergadano, Gunetti, Picardi (2002) • “Password hardening based on keystroke dynamics” Monrose, Reiter, Wetzel (2001) • Not just authentication

More Related