Biometric Products Michael Isola John Granger, Wojciech Hojdysz, Arthur Gadayev
Dec 19, 2015
Evaluate several keylogger applications so as to record all keystrokes on a machine on which it is installed.
Test keylogger output by converting the keylogger output into the raw-data input format of the Pace University Keystroke Biometric System.
Once the format of the keylogger output is converted, obtain system performance on users by running the converted format data through Pace University Keystroke Biometric System.
KEYLOGGERProject Description
KEYLOGGERMethod of Communication
Primary method of communication consists of e-mail.
E-mail is used due to the feasibility of communication and the ability to preserve conversations.
Team website is used to communicate project status updates to team customers.
KEYLOGGER
Evaluate existing keylogger applications for additional functionality if requirement specifies.
If requirement change is outside the current functionality of existing applications, seek and evaluate other applications for specified functionality.
Addressing Requirement Changes
KEYLOGGER
Common output format across all 7 keyloggers used is .HTML format
Several other formats are also available. They range from .CSV to .PDF
While all output can be converted to PKS format, no biometric way to distinguish between users. New requirement was added.
Analyses Completed
KEYLOGGER
New functionality required from software: Keystroke DynamicsKeystroke Dynamics include:
• Overall typing speed.• Variations of speed moving between specific keys.• Common errors.• The length of time that keys are depressed.
Analyses Completed Continued
KEYLOGGER
Basic Key Logger is a standalone key logger which has the ability to capture keyboard and mouse inputs from any application running in parallel.
Basic Key Logger also has the ability to record the detailed timing information that describes exactly when each key was pressed and when it was released as a person is typing at a computer keyboard.
Key Logger records types of operations, keys that are automatically generated, dates, timestamps, durations, overlap, and duration of quiet periods.
Application Description
KEYLOGGERBasic Key logger generates two logs (Key Logs, KPC Logs) once monitoring is stopped.Five individuals were given the task to write ten, one hundred word arbitrary paragraphs. The result was 50 Key Logs and 50 KPC logs either one can be used for training and testing.The difference between Key Logs and KPC logs is what each log file records.KPC Logs only log keystrokes.Key Logs in addition to logging keystroke, also log mouse movement and mouse button press and release timings.Gathered logs are available on the Team 3 project website for download and analysis.
Key Log Data Gathering
If the key is visible (it writes something when you use it in a text editor), the key logger log will contain a non-null ASCII code and the key of the corresponding key pressed.
For invisible keys (arrows, tabs), the key is a string, e.g., “LSHIFT”.
Keys may also be prefixed. The prefix “ALT+” is added if some ALT key is currently press, and “CTRL+” is added if some Control key is pressed.
The prefix “SHIFT+” is added only if the key is not a letter (and some SHIFT key is currently pressed).
For instance, the “!” character would result in a “SHIFT+1” to be logged.
“SHIFT+a” will not be logged, instead the character “A” will be logged.
KEYLOGGERLog Keystroke Attributes
Develop procedure for security testing & demonstration by comparing several test subjects for similarity matrix
Use test phrase “My name is…” for all test subjects and “I am a Pace University student”
Must use same phrase since product does not allow manipulation of wav file
False Acceptance Rate (FAR)-false positives
False Rejection Rate (FRR)-false negatives
FAR & FRR to be used to grade VoiceCipher biometric
Create a file for each test subject to encode with their voice key for testing
VOICEMethodology:
PC/Laptop with microphone attachment
Windows XP, Windows 2000,Windows Vista, Windows 7
Microphone
Downloadable trials from Voicelatch
VOICESystem Environment:
10 test subjects selected-5 male,5 female
2 unrecognizable by software (women's’ voices), decided to increase male test subject to 6 for a total of 9 test subjects
Each test subject repeated “My name is…” and “I am a Pace University student” 3 times for training system
VOICETraining and Recognition:
Each test subject encoded/secured a document file using their voice biometric
Each test subject then tried to decode their encoded/secured file with their own voice
Each test subject then tried to decode other test subjects encoded/secured file
Test subjects(9 total) decoding own files –‘My name is’ phrase- 4 failures,5 successful for a False Rejection Rate 44%‘I am a Pace University student’ – 2 failures,7 successful for a False Rejection rate 22%
Each test subject decoding all other test subjects encoded files – ‘My name is’ - 16 times accessed of 72 attempts .. False Acceptance Rate 22%‘I am a Pace University student’ – 10 times accessed of 72 attempts..False Acceptance Rate 14%
VOICETest Results:
VOICE ‘My name is’ phrase
Test Results: VoiceCipher Success/Failure RateSecured by :Attempted by:
Mike Andy Anthony
Sam Joe Len Chris Louise Theresa
Mike access access access
Andy access access access
Anthony access access
Sam access access
Joe access access access
Len access
Chris access access access
Louise access access access
Theresa access access access
VOICE ‘I am a Pace University student’ phrase
Test Results: VoiceCipher Success/Failure RateSecured by :Attempted by:
Mike Andy Anthony
Sam Joe Len Chris Louise Theresa
Mike access access
Andy access access
Anthony access access
Sam access access
Joe access
Len access
Chris access
Louise access access access
Theresa access access access
The tests were repeatable as was proven with ‘My name is’ phrase from first half of semester with same results.
Although the software product allowed for a shorter phrase to be used it is more accurate with a longer phrase creating more voice vectors.
Future study - Attempt to decode the encoded files using telephone/cassette record voices
Try multiple attempts decoding other subjects’ files for a larger pool instead of just one attempt
VOICEConclusion – Follow-Up:
Provides additional security for online identification/authentication
Law enforcement to confirm identity (e.g. policing a parole, sex offender, remote monitor alcohol testing for DUI felons and border patrol
Accuracy is a challenge for voice biometrics due to high error rates (e.g. change in a person’s voice due to illness or mood)
VOICEVoice Biometric Applications: