Keystroke Biometric Studies Security Research at Pace Keystroke Biometric Drs. Charles Tappert and Allen Stix Seidenberg School of CSIS

Keystroke Biometric Studies

Security Research at PaceKeystroke Biometric

Drs. Charles Tappert and Allen StixSeidenberg School of CSIS


Introduction Validate importance of study –

applications

Internet authentication application Authenticate (verify) student test-takers

Internet identification application Identify perpetrators of inappropriate email

Internet security for other applications Important as more businesses move toward

e-commerce


Introduction Define Keystroke Biometric

The keystroke biometric is one of the less-studied behavioral biometrics

Based on the idea that typing patterns are unique to individuals and difficult to duplicate


Introduction Appeal of Keystroke

Biometric

Not intrusive – data captured as users type Users type frequently for business/pleasure

Inexpensive – keyboards are common No special equipment necessary

Can continue to check ID with keystrokes after initial authentication As users continue to type


Introduction Previous Work on Keystroke

Biometric

One early study goes back to typewriter input Identification versus authentication

Most studies were on authentication Two commercial products on hardening passwords

Few on identification (more difficult problem) Short versus long text input

Most studies used short input – passwords, names Few used long text input –copy or free text

Other keystroke problems studies One study detected fatigue, stress, etc. Another detected ID change via monitoring


Introduction Feature Measurements

Features derived from raw data Key press times and key release times Each keystroke provides small amount of data

Data varies from different keyboards, different conditions, and different entered texts

Using long text input allows Use of good (statistical) feature measurements Generalization over keyboards, conditions, etc.


Introduction Make Case for Using

Data over the internet Required by applications

Long text input More and better features Higher accuracy

Free text input Required by applications Predefined copy texts unacceptable


Introduction Summary of Scope and

Methodology

Determine distinctiveness of keystroke patterns

Two application types Identification (1-of-n problem) Authentication (yes/no problem)

Two indep. variables (4 data quadrants) Keyboard type – desktop versus laptop Entry mode – copy versus free text


Keystroke Biometric System Components

Raw keystroke data capture Feature extraction Classification for identification Classification for authentication


Keystroke Biometric SystemRaw Keystroke Data Capture


Keystroke Biometric SystemRaw Keystroke Data Capture


Keystroke Biometric SystemFeature Extraction

Mostly statistical features Averages and standard deviations

Key press times Transition times between keystroke pairs

Individual keys and groups of keys – hierarchy

Percentage features Percentage use of non-letter keys Percentage use of mouse clicks

Input rates – average time/keystroke



A two-key sequence (th) showing the two transition measures



Hierarchy tree for the 39 duration categories



Hierarchy tree for the 35 transition categories



Two preprocessing steps Outlier removal

Remove duration and transition times > threshold

Feature standardization Convert features into the range 0-1

minmax

min'xx

xxx


Keystroke Biometric SystemClassification for Identification

Nearest neighbor using Euclidean distance

Compare a test sample against the training samples, and the author of the nearest training sample is identified as the author of the test sample


Experimental Design and Data Collection Design

Two independent variables Keyboard type

Desktop – all Dell Laptop – 90% Dell + IBM, Compaq, Apple, HP,

Toshiba Input mode

Copy task – predefined text Free text input – e.g., arbitrary email


Experimental Design and Data Collection


Experimental ResultsIdentification Experimental

Results

90%

95%

100%

0 20 40 60 80 100

Number of Subjects

Per

cen

t A

ccu

racy

Desk-Copy

Lap-Copy

Desk-Free

Lap-Free

Identification performance under ideal conditions(same keyboard type and input mode, leave-one-out

procedure)


Experimental Results System hierarchical model and

parameters

70

75

80

85

90

95

100

1 2 3 4

Enrollment Samples

Per

cen

t A

ccu

racy

Identification accuracy versus enrollment samples


Experimental Results System hierarchical model and

parameters

Distributions of “u” duration times for each entry mode


Conclusions

Results are important and timely as more people become involved in the applications of interest Authenticating online test-takers Identifying senders of inappropriate email

High performance (accuracy) results if 2 or more enrollment samples/user Users use same keyboard type

Documents

Keystroke Biometric Studies Security Research at Pace Keystroke Biometric Drs. Charles Tappert and Allen Stix Seidenberg School of CSIS