User Identification Through Keystroke Biometrics
Seminar Report
INTRODUCTION:The increasing use of automated information systems
together with our pervasive use of computers has greatly simplified
our lives, while making us overwhelmingly dependent on computers
and digital networks. Technological achievements over the past
decade have resulted in improved network services, particularly in
the areas of performance, reliability, and availability, and have
significantly reduced operating costs due to the more efficient
utilization of these advancements. Some authentication mechanisms
recently developed requires users to perform a particular action
and then some behavior of that action is examined. The traditional
method of signature verification falls in this category.
Handwritten signatures are extremely difficult to forge without
assistance of some copier. A number of identification solutions
based on verifying some physiological aspect known as BIOMETRICS
have emerged. Biometrics, the physical traits and behavioral
characteristics that make each of us unique, are a natural choice
for identity verification. Biometrics is an excellent candidate for
identity verification because unlike keys or passwords, biometrics
cannot be lost, stolen, or overheard, and in the absence of
physical damage they offer a potentially foolproof way of
determining someone's identity. Physiological (i.e., static)
characteristics, such as fingerprints, are good candidates for
verification because they are unique across a large section of the
population. Indispensable to all biometric systems is that they
recognize a living person and encompass both physiological and
behavioral characteristics.www.seminarsonly.com
User Identification Through Keystroke Biometrics
Seminar Report
Biometrics is of two kinds. One deals with the physical traits
of the user and the other deals with the behavioral traits of the
user. Retinal scanning, fingerprint scanning, face recognition,
voice recognition and DNA testing comes under the former category,
while typing rhythm comes under the later category. Physiological
characteristics such as fingerprints are
relatively stable physical features that are unalterable without
causing trauma to the individual. Behavioral traits, on the other
hand, have some physiological basis, but also react to a person's
psychological makeup. Most systems make use of a personal
identification code in order to authentication the user. In these
systems, the possibility of a malicious user gaining access to the
code cannot be ruled out. However, combing the personal
identification code with biometrics provides for a robust user
authentication system. Authentication using the typing rhythm of
the user on keyboard or a keypad takes advantage of the fact that
each user would have a unique manner of typing the keys. It makes
use of the interstroke gap that exists between consecutive
characters of the user identification code. While considering any
system for authenticity, one needs to consider the false acceptance
rate and the false rejection rate. The False Acceptance Rate (FAR)
is the percentage of un-authorised users accepted by the system and
the False Rejection Rate (FRR) is the percentage of authorised
users not accepted by the system. An increase
www.seminarsonly.com
User Identification Through Keystroke Biometrics
Seminar Report
in one of these metrics decreases the other and vice versa. The
level of error must be controlled in the authentication system by
the use of a suitable threshold such that only the required users
are selected and the others who are not authorised are rejected by
the system. In this technique, standard deviation of the user's
training period entry is used as a threshold. The correct
establishment of the threshold is important since too strong a
threshold would lead to a lot of difficulty in entry even for the
legal user, while a lax threshold would allow un-authorised
entry.
www.seminarsonly.com
User Identification Through Keystroke Biometrics
Seminar Report
KEYSTROKE BIOMETRICS ON A KEYBOARDAn authentication system based
on key stroke pattern and measure of the inter stroke gap can be
easily implemented. One major drawback in using other biometrics
for authentication is the overhead incurred. Both the amount of
space and the money incurred in using typing characteristics for
authentication are comparatively less. As the security mechanism is
not visible, unauthorized users cant have an idea of the security
measure. Further, the operating system doesnt have to perform any
task other than maintaining the database of each user and running
the program every time one logs onto the system. The time gap
between consecutive keystrokes is a unique characteristic of the
user. The typing rhythm is self-tuned by the user to suit his
needs. As the keyboard has duplicate keys, the typing rhythm also
depends on whether the user is a left handed person or a
righthanded person. Both the FAR and the FRR depend to some extent
on the deviation allowed from the reference level and on the number
of characters in the identification code. It has been observed that
providing a small deviation lowers the FAR to almost nil but at the
same time tends to increase the FRR. This is due to the fact that
the typing rhythm of the user depends to some extent on the mental
state of the user. A balance would have to be established taking
both the above factors into consideration.
www.seminarsonly.com
User Identification Through Keystroke Biometrics
Seminar Report
Keystroke dynamics include several different measurements which
can be detected when the user presses keys in the keyboard.
Possible measurements include: Latency between consecutive
keystrokes. Duration of the keystroke, hold-time. Overall typing
speed. Frequency of errors (how often the user has to use
backspace). The habit of using additional keys in the keyboard, for
example writing numbers with the numpad.
In what order does the user press keys when writing capital
letters, is shift or the letter key released first.
The force used when hitting keys while typing (requires a
special keyboard).
www.seminarsonly.com
User Identification Through Keystroke Biometrics
Seminar Report
IMPLEMENTATION DETAILSWhen a user types his authentication code,
there exists a particular rhythm or fashion in typing the code. If
there does not exist any abrupt change in this rhythmic manner,
this uniqueness can be used as an additional security constraint.
It has been proved experimentally that the manner of typing the
same code varies from user to user. Thus this can be used as a
suitable biometric. Further, if the user knows beforehand about the
existence of this mechanism, he can intentionally introduce the
rhythm to suit his needs.
The mechanism: As the user logs onto the system for the first
time, adatabase entry is created for the user. He is then put
through a training period, which consists of 15-20 iterations.
During this time, one obtains the inter-stroke timings of all the
keys of the identification code. The mean and standard deviation of
the above code are calculated. This is done in order to provide
some leverage to the user typing the code. The system has to incur
the additional overhead of maintaining the database, which would
contain all the users information. These details can also be
incorporated onto the systems password files in order to save the
additional overhead incurred. The inter stroke interval between the
keys is measured in milliseconds. The systems delay routine can be
used to serve the purpose. The delay routine measures in
milliseconds and the amount of delay incurred between successive
strokes can be used as a counter to record this time interval. Like
any other normal system, a new user is asked to register in order
to add his name onto the database. The onlywww.seminarsonly.com
User Identification Through Keystroke Biometrics
Seminar Report
difference that exists now is that he would have to go through a
training period of about 15-20 iterations wherein one obtains the
reference level and the deviation for the user. The reference level
that we chose is the mean of the training period and the rounded
standard deviation is used as the leverage allotted per user. These
values are fed into the database of the user.
Fig .1 Authentication. Dotted areas are added to the normal
authentication procedure.
www.seminarsonly.com
User Identification Through Keystroke Biometrics
Seminar Report
The mean and the standard deviation can be determined by using
the relationship given below: Mean = 1/n x(i) Standard Deviation =
Sqrt {[ x(i) Mean] 2/n} Once the database entry has been allotted
for the user, this can be used in all further references to the
user. The next time the user tries to login, one would obtain the
entered inter stroke timing along with the password. A combination
of both the metrics is used a security check of the user.
www.seminarsonly.com
User Identification Through Keystroke Biometrics
Seminar Report
ALGORITHM:The algorithm given in the following section gives the
details of obtaining the authorization for a particular user.
system delay routine available. Input: User database, User name,
password. Output: Acceptance of the user if registered or
registration of a new user. Main () { If (user = = new) {
//register the user //add the user to the database Obtain the
password Add user (database); } else { read (user): read
(deviation); if(usercount