Abstract
Research in Keystroke-Dynamics (KD) has customarily focused on temporal features without considering context to generate user templates that are used in authentication. Additionally, work on KD in hand-held devices such as smart-phones and tablets have shown that these features alone do not perform satisfactorily for authentication. In this work, we analyze the discriminatory power of the most-used conventional features found in the literature, propose a set of context-sensitive or word-specific features, and analyze the discriminatory power of proposed features using their classification results. To perform these tasks, we use the keystroke data consisting of over 650K keystrokes, collected from 20 unique users during different activities on desktops, tablets, and phones, over a span of two months. On an average, each user made 12.5K, 9K, and 10K keystrokes on desktop, tablet, and phone, respectively.
We find that the conventional features are not highly discriminatory on desktops and are only marginally better on hand-held devices for user identification. By using information of the context, a subset (derived after analysis) of our proposed word-specific features offers superior discrimination among users on all devices. We find that a majority of the classifiers, built using these features, perform user identification well with accuracies in the range of 90% to 97%, average precision and recall values of 0.914 and 0.901, respectively, on balanced test samples in 10-fold cross validation. We also find that proposed features work best on hand-held devices. This work calls for a shift from using conventional KD features to a set of context-sensitive or word-specific KD features that take advantage of known information such as context.
- Ahmed A. Ahmed and Issa Traore. 2014. Biometric recognition based on free-text keystroke dynamics. IEEE Trans. Cyber. 44, 4 (2014).Google ScholarCross Ref
- Kamran Ali, Alex X. Liu, Wei Wang, and Muhammad Shahzad. 2015. Keystroke recognition using Wi-Fi signals. In Proceedings of the 21st International Conference on Mobile Computing and Networking (MobiCom’15). ACM, New York, NY, 90--102. DOI:https://doi.org/10.1145/2789168.2790109Google ScholarDigital Library
- Md Liakat Ali, John V. Monaco, Charles C. Tappert, and Meikang Qiu. 2017. Keystroke biometric systems for user authentication. J. Sig. Proc. Syst. 86, 2 (1 Mar. 2017), 175--190. DOI:https://doi.org/10.1007/s11265-016-1114-9Google Scholar
- Orcan Alpar. 2017. Frequency spectrograms for biometric keystroke authentication using neural network based classifier. Knowledge-Based Systems 116 (2017), 163--171. DOI:https://doi.org/10.1016/j.knosys.2016.11.006Google ScholarDigital Library
- Arwa Alsultan, Kevin Warwick, and Hong Wei. 2017. Non-conventional keystroke dynamics for user authentication. Pattern Recog. Lett. 89, C (2017).Google Scholar
- Dmitri Asonov and Rakesh Agrawal. 2004. Keyboard acoustic emanations. In Proceedings of the IEEE Symposium on Security and Privacy (S8P’04). 3--11. DOI:https://doi.org/10.1109/SECPRI.2004.1301311Google ScholarCross Ref
- Gabriel L. F. B. G. Azevedo, George D. C. Cavalcanti, and Edson C. B. Carvalho Filho. 2007. An approach to feature selection for keystroke dynamics systems based on PSO and feature weighting. In Proceedings of the IEEE Congress on Evolutionary Computation (CEC’07). IEEE, 3577--3584.Google Scholar
- Kiran Balagani, Vir Phoha, Asok Ray, and Shashi Phoha. 2011. On the discriminability of keystroke feature vectors used in fixed text keystroke authentication. Pattern Recog. Lett. 32, 7 (2011).Google ScholarDigital Library
- Jorge Blasco, Thomas M. Chen, Juan Tapiador, and Pedro Peris-Lopez. 2016. A survey of wearable biometric recognition systems. ACM Comput. Surv. 49, 3, Article 43 (Sept. 2016), 35 pages. DOI:https://doi.org/10.1145/2968215Google Scholar
- David Guy Brizan, Adam Goodkind, Patrick Koch, Kiran Balagani, Vir V. Phoha, and Andrew Rosenberg. 2015. Utilizing linguistically enhanced keystroke dynamics to predict typist cognition and demographics. Int. J. Hum.-Comput. Stud. 82 (2015), 57--68. DOI:https://doi.org/10.1016/j.ijhcs.2015.04.005Google ScholarDigital Library
- Nitesh V. Chawla, Kevin W. Bowyer, Lawrence O. Hall, and W. Philip Kegelmeyer. 2002. SMOTE: Synthetic minority over-sampling technique. J. Artif. Int. Res. 16, 1 (June 2002), 321--357. Retrieved from: http://dl.acm.org/citation.cfm?id=1622407.1622416.Google ScholarDigital Library
- Y. Chen, T. Li, R. Zhang, Y. Zhang, and T. Hedgpeth. 2018. EyeTell: Video-assisted touchscreen keystroke inference from eye movements. In Proceedings of the IEEE Symposium on Security and Privacy (SP’18). 144--160. DOI:https://doi.org/10.1109/SP.2018.00010Google Scholar
- F. Ciuffo and G. M. Weiss. 2017. Smartwatch-based transcription biometrics. In Proceedings of the IEEE 8th Ubiquitous Computing, Electronics and Mobile Communication Conference (UEMCON’17). 145--149. DOI:https://doi.org/10.1109/UEMCON.2017.8249014Google Scholar
- N. L. Clarke and S. M. Furnell. 2006. Authenticating mobile phone users using keystroke analysis. Int. J. Inf. Secur. 6, 1 (2006).Google ScholarDigital Library
- Mark Davies. 2010. Corpus of contemporary American English. Retrieved from: https://www.english-corpora.org/coca/.Google Scholar
- H. Davoudi and E. Kabir. 2009. A new distance measure for free text keystroke authentication. In Proceedings of the 14th International CSI Computer Conference. 570--575. DOI:https://doi.org/10.1109/CSICC.2009.5349640Google Scholar
- K. Delac and M. Grgic. 2004. A survey of biometric recognition methods. In Proceedings of the 46th International Symposium on Electronics in Marine (Elmar’04). 184--193.Google Scholar
- Song Fang, Ian Markwood, Yao Liu, Shangqing Zhao, Zhuo Lu, and Haojin Zhu. 2018. No training hurdles: Fast training-agnostic attacks to infer your typing. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. ACM, 1747--1760.Google ScholarDigital Library
- Adam Goodkind, David Guy Brizan, and Andrew Rosenberg. 2017. Utilizing overt and latent linguistic structure to improve keystroke-based authentication. Image Vis. Comput. 58 (2017), 230--238. DOI:https://doi.org/10.1016/j.imavis.2016.06.003Google ScholarDigital Library
- Daniele Gunetti and Claudia Picardi. 2005. Keystroke analysis of free text. ACM Trans. Inf. Syst. Secur. 8, 3 (Aug. 2005), 312--347. DOI:https://doi.org/10.1145/1085126.1085129Google ScholarDigital Library
- Daniele Gunetti, Claudia Picardi, and Giancarlo Ruffo. 2005. Dealing with different languages and old profiles in keystroke analysis of free text. In AI*IA 2005: Advances in Artificial Intelligence. Springer Berlin Heidelberg, 347–358.Google Scholar
- Jiacang Ho and Dae-Ki Kang. 2017. Mini-batch bagging and attribute ranking for accurate user authentication in keystroke dynamics. Pattern Recog. 70 (2017), 139--151. DOI:https://doi.org/10.1016/j.patcog.2017.05.002Google ScholarDigital Library
- J. Huang, D. Hou, and S. Schuckers. 2017. A practical evaluation of free-text keystroke dynamics. In Proceedings of the IEEE International Conference on Identity, Security and Behavior Analysis (ISBA’17). 1--8. DOI:https://doi.org/10.1109/ISBA.2017.7947695Google Scholar
- Jiaju Huang, Daqing Hou, Stephanie Schuckers, and Shambhu Upadhyaya. 2016. Effects of text filtering on authentication performance of keystroke biometrics. In Proceedings of the IEEE International Workshop on Information Forensics and Security (WIFS’16).Google ScholarCross Ref
- Rajkumar Janakiraman and Terence Sim. 2007. Keystroke dynamics in a general setting. In Advances in Biometrics, Seong-Whan Lee and Stan Z. Li (Eds.). Springer Berlin, 584--593.Google Scholar
- K. Jin, S. Fang, C. Peng, Z. Teng, X. Mao, L. Zhang, and X. Li. 2017. ViViSnoop: Someone is snooping your typing without seeing it! In Proceedings of the IEEE Conference on Communications and Network Security (CNS’17). 1--9. DOI:https://doi.org/10.1109/CNS.2017.8228624Google Scholar
- Rick Joyce and Gopal Gupta. 1990. Identity authentication based on keystroke latencies. Commun. ACM 33, 2 (Feb. 1990), 168--176. DOI:https://doi.org/10.1145/75577.75582Google ScholarDigital Library
- Hassan Khan, Urs Hengartner, and Daniel Vogel. 2018. Augmented reality-based mimicry attacks on behaviour-based smartphone authentication. In Proceedings of the 16th International Conference on Mobile Systems, Applications, and Services (MobiSys’18). ACM, New York, NY, 41--53. DOI:https://doi.org/10.1145/3210240.3210317Google ScholarDigital Library
- H. S. Lee, T. S. Lau, W. K. Lai, Y. C. King, and L. L. Lim. 2017. User identification of numerical keypad typing patterns with subtractive clustering fuzzy inference. In Proceedings of the IEEE 15th Student Conference on Research and Development (SCOReD’17). 83--88. DOI:https://doi.org/10.1109/SCORED.2017.8305416Google Scholar
- Jian Liu, Yan Wang, Gorkem Kar, Yingying Chen, Jie Yang, and Marco Gruteser. 2015. Snooping Keystrokes with Mm-level audio ranging on a single phone. In Proceedings of the 21st International Conference on Mobile Computing and Networking (MobiCom’15). ACM, New York, NY, 142--154. DOI:https://doi.org/10.1145/2789168.2790122Google ScholarDigital Library
- L. Lu, J. Yu, Y. Chen, Y. Zhu, X. Xu, G. Xue, and M. Li. 2019. KeyLiSterber: Inferring keystrokes on QWERTY keyboard of touch screen through acoustic signals. In Proceedings of the IEEE Conference on Computer Communications (INFOCOM’19). 775--783. DOI:https://doi.org/10.1109/INFOCOM.2019.8737591Google Scholar
- A. Maiti, M. Jadliwala, J. He, and I. Bilogrevic. 2018. Side-channel inference attacks on mobile keypads using smartwatches. IEEE Trans. Mob. Comput. 17, 9 (Sept. 2018), 2180--2194. DOI:https://doi.org/10.1109/TMC.2018.2794984Google ScholarCross Ref
- Merylin Monaro, Chiara Galante, Riccardo Spolaor, Qian Qian Li, Luciano Gamberini, Mauro Conti, and Giuseppe Sartori. 2018. Covert lie detection using keyboard dynamics. Sci. Rep. 8, 1 (2018), 1976. DOI:https://doi.org/10.1038/s41598-018-20462-6Google Scholar
- S. Mondal and P. Bours. 2017. Person identification by keystroke dynamics using pairwise user coupling. IEEE Trans. Inf. Forens. Secur. 12, 6 (June 2017), 1319--1329. DOI:https://doi.org/10.1109/TIFS.2017.2658539Google ScholarDigital Library
- Soumik Mondal and Patrick Bours. 2017. A study on continuous authentication using a combination of keystroke and mouse biometrics. Neurocomputing 230 (2017), 1--22. DOI:https://doi.org/10.1016/j.neucom.2016.11.031Google ScholarDigital Library
- Fabian Monrose and Aviel Rubin. 1997. Authentication via keystroke dynamics. In Proceedings of the 4th ACM Conference on Computer and Communications Security (CCS’97). ACM, New York, NY, 48--56. DOI:https://doi.org/10.1145/266420.266434Google ScholarDigital Library
- Tuan Nguyen and Jonathan Voris. 2017. Touchscreen biometrics across multiple devices. In Proceedings of the USENIX Symposium on Usable Privacy and Security (SOUPS’17).Google Scholar
- M. Obaidat and Balqies Sadoun. 1997. Verification of computer users using keystroke dynamics. IEEE Trans. Syst. Man Cyber. Part B: Cyber. 27, 2 (1997)Google ScholarDigital Library
- Avar Pentel. 2019. Predicting user age by keystroke dynamics. In Artificial Intelligence and Algorithms in Intelligent Systems, Radek Silhavy (Ed.). Springer International Publishing, Cham, 336--343.Google Scholar
- Paulo Henrique Pisani and Ana Carolina Lorena. 2013. A systematic review on keystroke dynamics. J. Braz. Comput. Soc. 19, 4 (1 Nov. 2013), 573--587. DOI:https://doi.org/10.1007/s13173-013-0117-7Google ScholarCross Ref
- Oxford University Press. 2011. The Oxford English corpus: Facts about the language. OxfordDictionaries.com. Retrieved from https://web.archive.org/web/20111226085859/ Retrieved from http://oxforddictionaries.com/words/the-oec-facts-about-the-language.Google Scholar
- K. A. Rahman, K. S. Balagani, and V. V. Phoha. 2013. Snoop-forge-replay attacks on continuous verification with keystrokes. IEEE Trans. Inf. Forens. Sec. 8, 3 (Mar. 2013), 528--541. DOI:https://doi.org/10.1109/TIFS.2013.2244091Google ScholarDigital Library
- Kenneth Revett, Sérgio Tenreiro de Magalhães, and Henrique M. D. Santos. 2005. Enhancing login security through the use of keystroke input dynamics. In Advances in Biometrics, David Zhang and Anil K. Jain (Eds.). Springer Berlin, 661--667.Google Scholar
- Seong seob Hwang, Sungzoon Cho, and Sunghoon Park. 2009. Keystroke dynamics-based authentication for mobile devices. Comput. Sec. 28, 1 (2009), 85--93. DOI:https://doi.org/10.1016/j.cose.2008.10.002Google ScholarDigital Library
- Abdul Serwadda and Vir V. Phoha. 2013. Examining a large keystroke biometrics dataset for statistical-attack openings. ACM Trans. Inf. Syst. Sec. 16, 2, Article 8 (Sept. 2013), 30 pages. DOI:https://doi.org/10.1145/2516960Google Scholar
- Yong Sheng, Vir Phoha, and S. M. Rovnyak. 2005. A parallel decision tree-based method for user authentication based on keystroke patterns. IEEE Trans. Syst. Man Cyber. Part B: Cyber. 35 (9 2005), 826--833. DOI:https://doi.org/10.1109/TSMCB.2005.846648Google Scholar
- D. Shukla and V. V. Phoha. 2019. Stealing passwords by observing hands movement. IEEE Trans. Inf. Forens. Sec. 14, 12 (Dec. 2019), 3086--3101. DOI:https://doi.org/10.1109/TIFS.2019.2911171Google ScholarCross Ref
- T. Sim and R. Janakiraman. 2007. Are digraphs good for free-text keystroke dynamics? In Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition. 1--6. DOI:https://doi.org/10.1109/CVPR.2007.383393Google Scholar
- D. Stefan and D. Yao. 2010. Keystroke-dynamics authentication against synthetic forgeries. In Proceedings of the 6th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom’10). 1--8. DOI:https://doi.org/10.4108/icst.collaboratecom.2010.16Google Scholar
- A. E. Sulavko, A. V. Eremenko, and A. A. Fedotov. 2017. Users’ identification through keystroke dynamics based on vibration parameters and keyboard pressure. In Proceedings of the Dynamics of Systems, Mechanisms and Machines Conference (Dynamics’17). 1--7. DOI:https://doi.org/10.1109/Dynamics.2017.8239514Google Scholar
- A. Sulong, Wahyudi, and M. U. Siddiqi. 2009. Intelligent keystroke pressure-based typing biometrics authentication system using radial basis function network. In Proceedings of the 5th International Colloquium on Signal Processing and Its Applications. 151--155. DOI:https://doi.org/10.1109/CSPA.2009.5069206Google Scholar
- Yan Sun, H. Ceker, and S. Upadhyaya. 2017. Anatomy of secondary features in keystroke dynamics —achieving more with less. In Proceedings of the IEEE International Conference on Identity, Security and Behavior Analysis (ISBA’17). 1--6. DOI:https://doi.org/10.1109/ISBA.2017.7947691Google Scholar
- Pin Shen Teh, Andrew Beng Jin Teoh, and Shigang Yue. 2013. A survey of keystroke dynamics biometrics. Sci. World J. (Sept. 2013). DOI:https://doi.org/10.1155/2013/408280Google Scholar
- Ioannis Tsimperidis, Avi Arampatzis, and Alexandros Karakos. 2018. Keystroke dynamics features for gender recognition. Dig. Investig. 24 (2018), 4--10. DOI:https://doi.org/10.1016/j.diin.2018.01.018Google ScholarCross Ref
- Mindaugas Ulinskas, Robertas Damaševičius, Rytis Maskeliūnas, and Marcin Woźniak. 2018. Recognition of human daytime fatigue using keystroke data. Procedia Comput. Sci. 130 (2018), 947--952. DOI:https://doi.org/10.1016/j.procs.2018.04.094Google ScholarDigital Library
- Umphress and G. Williams. 1985. Identity verification through keyboard characteristics. Int. J. Man-Mach. Stud. 23, 3 (1985), 263–273.Google ScholarCross Ref
- Changsheng Wu, Wenbo Ding, Ruiyuan Liu, Jiyu Wang, Aurelia C. Wang, Jie Wang, Shengming Li, Yunlong Zi, and Zhong Lin Wang. 2018. Keystroke dynamics enabled authentication and identification using triboelectric nanogenerator array. Mater. Today 21, 3 (2018), 216--222. DOI:https://doi.org/10.1016/j.mattod.2018.01.006Google ScholarCross Ref
- Tong Zhu, Qiang Ma, Shanfeng Zhang, and Yunhao Liu. 2014. Context-free attacks using keyboard acoustic emanations. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS’14). ACM, New York, NY, 453--464. DOI:https://doi.org/10.1145/2660267.2660296Google ScholarDigital Library
- John Zulueta, Piscitello Andrea, Mladen Rasic, Rebecca Easter, Pallavi Babu, Scott Langenecker, Melvin McInnis, Olusola Ajilore, Peter Nelson, Kelly Ryan, and Alex Leow. 2017. Predicting mood disturbance severity in bipolar subjects with mobile phone keystroke dynamics and metadata. Bio. Psych. 81, 10 (May 2017).Google Scholar
Index Terms
- Discriminative Power of Typing Features on Desktops, Tablets, and Phones for User Identification
Recommendations
User authentication through typing biometrics features
This paper uses a static keystroke dynamics in user authentication. The inputs are the key down and up times and the key ASCII codes captured while the user is typing a string. Four features (key code, two keystroke latencies, and key duration) were ...
Continuous user authentication using multi-modal biometrics
As modern mobile devices increase in their capability and accessibility, they introduce additional demands in terms of security - particularly authentication. With the widely documented poor use of PINs, Active Authentication is designed to overcome the ...
Mobile user identification through authentication using keystroke dynamics and accelerometer biometrics
MOBILESoft '16: Proceedings of the International Conference on Mobile Software Engineering and SystemsBiometrics is everything that can be measured in a human being. It has two types; behavioral and physiological. This paper discusses the use of keystroke dynamics, a form of behavioral biometrics that deals with the measure of how a person types, and ...
Comments