Visible to the public Keystroke Analysis

SoS Newsletter- Advanced Book Block

keystroke Analysis

Keystrokes are the basis for behavioral biometrics. The rhythms and patterns of the individual user can become the basis for a unique biological identification. Research into this area of computer security is growing. The work cited here appeared between January and August of 2014.

  • Montalvao, Jugurta; Freirem, Eduardo O.; Bezerra, Murilo A; Garcia, Rodolfo, "Empirical keystroke analysis in passwords," Biosignals and Biorobotics Conference (2014): Biosignals and Robotics for Better and Safer Living (BRC), 5th ISSNIP-IEEE, pp.1,6, 26-28 May 2014. doi: 10.1109/BRC.2014.6880989 Rhythmic patterns in passwords are addressed as a kind of biometrics. Experimental results are obtained through two publicly available databases. A preprocessing step (time interval equalization) is applied to both down-down keystroke latency and key hold-down time. Improvements from this preprocessing step are shown through experiments intentionally adapted from papers by the owners of both databases. Afterwards our main experiments are guided by questions Q1: How long does it take for a typist to develop a proper timing signature associated to a new meaningless password? And Q2: How does the number of symbols affect biometric performance? Measurements show that for the password .tie5Roanl typists need many dozens of repetitions to stabilize their typing rhythm. As for question Q2, experimental results show better performance for the shorter password try4-mbs, and that even for longest one studied, .tie5Roanl, there is room for performance improvement.
    Keywords: Biometrics; keystroke; password (ID#:14-2634)
  • Ahmed, AA; Traore, I, "Biometric Recognition Based on Free-Text Keystroke Dynamics," Cybernetics, IEEE Transactions on, vol. 44, no.4, pp. 458, 472, April 2014. doi: 10.1109/TCYB.2013.2257745 Accurate recognition of free text keystroke dynamics is challenging due to the unstructured and sparse nature of the data and its underlying variability. As a result, most of the approaches published in the literature on free text recognition, except for one recent one, have reported extremely high error rates. In this paper, we present a new approach for the free text analysis of keystrokes that combines monograph and digraph analysis, and uses a neural network to predict missing digraphs based on the relation between the monitored keystrokes. Our proposed approach achieves an accuracy level comparable to the best results obtained through related techniques in the literature, while achieving a far lower processing time. Experimental evaluation involving 53 users in a heterogeneous environment yields a false acceptance ratio (FAR) of 0.0152% and a false rejection ratio (FRR) of 4.82%, at an equal error rate (EER) of 2.46%. Our follow-up experiment, in a homogeneous environment with 17 users, yields FAR=0% and FRR=5.01%, at EER=2.13%.
    Keywords: biometrics (access control);neural nets; text analysis; EER; FAR; FRR; biometric recognition; digraph analysis; equal error rate ;false acceptance ratio; false rejection ratio; free text analysis; free-text keystroke dynamics; monograph analysis; neural network; Biometrics; continuous authentication; free text recognition; keystroke analysis; neural networks (ID#:14-2635)
  • Kowtko, M.A, "Biometric Authentication For Older Adults," Systems, Applications and Technology Conference (LISAT), 2014 IEEE Long Island, pp.1,6, 2-2 May 2014. doi: 10.1109/LISAT.2014.6845213 In recent times, cyber-attacks and cyber warfare have threatened network infrastructures from across the globe. The world has reacted by increasing security measures through the use of stronger passwords, strict access control lists, and new authentication means; however, while these measures are designed to improve security and Information Assurance (IA), they may create accessibility challenges for older adults and people with disabilities. Studies have shown the memory performance of older adults decline with age. Therefore, it becomes increasingly difficult for older adults to remember random strings of characters or passwords that have 12 or more character lengths. How are older adults challenged by security measures (passwords, CAPTCHA, etc.) and how does this affect their accessibility to engage in online activities or with mobile platforms? While username/password authentication, CAPTCHA, and security questions do provide adequate protection; they are still vulnerable to cyber-attacks. Passwords can be compromised from brute force, dictionary, and social engineering style attacks. CAPTCHA, a type of challenge-response test, was developed to ensure that user inputs were not manipulated by machine-based attacks. Unfortunately, CAPTCHA are now being exploited by new vulnerabilities and exploits. Insecure implementations through code or server interaction have circumvented CAPTCHA. New viruses and malware now utilize character recognition as means to circumvent CAPTCHA [1]. Security questions, another challenge response test that attempts to authenticate users, can also be compromised through social engineering attacks and spyware. Since these common security measures are increasingly being compromised, many security professionals are turning towards biometric authentication. Biometric authentication is any form of human biological measurement or metric that can be used to identify and authenticate an authorized user of a secure system. Biometric authentication- can include fingerprint, voice, iris, facial, keystroke, and hand geometry [2]. Biometric authentication is also less affected by traditional cyber-attacks. However, is Biometrics completely secure? This research will examine the security challenges and attacks that may risk the security of biometric authentication. Recently, medical professionals in the TeleHealth industry have begun to investigate the effectiveness of biometrics. In the United States alone, the population of older adults has increased significantly with nearly 10,000 adults per day reaching the age of 65 and older [3]. Although people are living longer, that does not mean that they are living healthier. Studies have shown the U.S. healthcare system is being inundated by older adults. As security with the healthcare industry increases, many believe that biometric authentication is the answer. However, there are potential problems; especially in the older adult population. The largest problem is authentication of older adults with medical complications. Cataracts, stroke, congestive heart failure, hard veins, and other ailments may challenge biometric authentication. Since biometrics often utilize metrics and measurement between biological features, anyone of the following conditions and more could potentially affect the verification of users. This research will analyze older adults and their impact of biometric authentication on the verification process.
    Keywords: authorisation; biometrics (access control);invasive software; medical administrative data processing; mobile computing; CAPTCHA; Cataracts; IA;T eleHealth industry; US healthcare system; access control lists; authentication means; biometric authentication; challenge-response test; congestive heart failure; cyber warfare; cyber-attacks; dictionary; hard veins; healthcare industry; information assurance; machine-based attacks; medical professionals; mobile platforms; network infrastructures; older adults; online activities; security measures; security professionals; social engineering style attacks; spyware; stroke; username-password authentication; Authentication; Barium; CAPTCHAs; Computers; Heart; Iris recognition; Biometric Authentication; CAPTCHA; Cyber-attacks; Information Security; Older Adults; Telehealth (ID#:14-2636)<
  • Pei-Yuan Wu; Chi-Chen Fang; Chang, J.M.; Gilbert, S.B.; Kung, S.Y., "Cost-effective Kernel Ridge Regression Implementation For Keystroke-Based Active Authentication System," Acoustics, Speech and Signal Processing (ICASSP), 2014 IEEE International Conference on, pp.6028,6032, 4-9 May 2014. doi: 10.1109/ICASSP.2014.6854761 In this study a keystroke-based authentication system is implemented on a large-scale free-text keystroke data set, where cost effective kernel-based learning algorithms are designed to enable trade-off between computational cost and accuracy performance. The authentication process evaluates the user's typing behavior on a vocabulary of words, where the judgments based on each word are concatenated by weighted votes, whose weights are also trained to provide optimal fusion of independent judgments. A novel truncated-RBF kernel is also implemented to provide better cost-performance trade-off. Experimental results validate the cost-effectiveness of the developed authentication system.
    Keywords: learning (artificial intelligence); message authentication; radial basis function networks; regression analysis; cost effective kernel-based learning algorithm; cost-effective kernel ridge regression; keystroke-based authentication system; large-scale free-text keystroke data set; truncated-RBF kernel; Accuracy; Authentication; Complexity theory; Kernel; Polynomials; Training; Vectors; active authentication; cost-effective; fusion methods; kernel methods; keystroke; truncated-RBF (ID#:14-2637)


Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.