Keystroke Dynamics

1
Keystroke Dynamics

• Jacob Wise and Chong Gu

2
Introduction

• People have unique typing patterns
• Unique in the same way that fingerprints aren't
  proven unique
• Typing patterns could be used for authentication
• Stronger than password
• Harder to copy
• Can use challenge-response
• Inexpensive

3
Previous Work

• Neural Networks
• Less mainstream approach
• Papers co-authored by M.S. Obaidat
• Traditional Approach
• Reference Signatures computed by calculating the
  Mean and Standard Deviations
• Measures distance between Reference Signature
  and Test Signature
• Use digraph/trigraph
• Rick Joyce Gopal Gupta (1990) F. Monrose a.
  Rubin (1997) F. Bergadano, D. Bunetti, and C.
  Picardi (2002)

4
First problem - Collecting Data

• Built-in .NET DateTime class
• Precise only to about 10 milliseconds
• Methods from kernel32.dll
• About 15 significant digits (don't know for sure)

5
First Prototype

• Timing Data for all fields
• User Name
• Password
• Full Name
• Mistakes not allowed
• Signature object is serialized and saved to a file

6
The World of Neural Networks

• User Name / Password / Full Name unsuitable
• Can't train a neural network on only positive
  examples
• Would need to collect break-in attempts by other
  users
• Hence the Counterexample option in the first
  prototype
• Everyone-Types-The-Same-Thing works better
• Hence the passage collection form...

7
The Passage Collection Form
8
Passage Analysis Form

• Tool to help analyze collected keystroke data
• Data is in .psig (PassageSignature) and
  .signature (Signature) files
• We hope this tool will be used and extended in
  future work on this project
• Tabs for BPN (Back-Propagation Network), more
  traditional analyses, and others that are yet to
  come

9
Passage Analysis Form
10
neural networks

• Explain BPN basics
• This started as just a first step
• Ended up taking the whole time to tune

11
Traditional Approach

• Reference Signature
• Computed by calculating the mean and standard
  deviation of samples each user has provided
• Based on Press Time or Flight Time
• Samples that are too far off (greater than a
  certain threshold above the mean) are discarded.
  The Means are recalculated.
• This value needs to be tuned
• 3 std results in 0.85 of samples being discarded
  
• 2 std results in 5 of samples being discarded

12
(No Transcript)
13
Traditional Approach - Reference Signatures
based on Flight Time
14
Traditional Approach - Reference Signatures
based on Press Time
15
Traditional Approach - Reference Signatures

• We have noticed that there is a bigger variance
  between users if we base our Reference Signatures
  on Flight Times.

16
Traditional approach - the Verifier

• Two approaches have been considered, but neither
  is up and running
• Comparing individual Press/flight time of test
  signature with the Mean Reference Signature. A
  press/flight time is considered to be valid if it
  is within x profile standard deviations of the
  mean reference digraph. (where x needs to be
  tuned)
• Comparing the magnitude of difference between the
  mean reference signature (M) and the test
  signature (T). A certain threshold for an
  acceptable size of the magnitude is required. A
  user with a bigger variability of his/her
  signatures, a bigger threshold value should be
  used.
• This approach has had some good results
• Again, the threshold value needs to be tuned.

17
Conclusion

• We have...
• Done lots of work but just barely scratched the
  surface
• Focused getting some usable analysis tools up and
  running
• Implemented fairly standard algorithms according
  to previous research
• There is a lot of work to be done!

18
Epilogue

• Papers that excite us and into which we didn't
  have time to seriously delve
• User Authentication through Keystroke Dynamics
  Bergadano, Gunetti, Picardi (2002)
• Password hardening based on keystroke dynamics
  Monrose, Reiter, Wetzel (2001)
• Not just authentication