Keystroke recognition is one of the many types of behavioral biometrics that can potentially be the fourth factor of a four-factor authentication system (Zurier, 2016).
Brief History
The history of keystroke recognition brings us back to the telegraph era when telegraph operators used tapping patterns to uniquely identify themselves and be identified by others (Revolvy, n.d.). A popular mechanism used in World War II, “The Fist of the Sender” brought the discovery of "dots and dashes" to uniquely identify individuals, and military intelligence used it to know if the source is either from a friend or a foe i.e., Morse-code (Revolvy, n.d.). Thus, if we include the long distance Telegraph communication technology in 1860 (Revolvy, n.d.), the work on keystroke biometric has been here for more than one and a half century already (Please see Figure 1 below).
Figure 1 – Keystroke Biometric History
Categories of Keystroke Verification (Moskovitch et al., n.d.)
Moskovitch, et al. (n.d.) categorized keystroke verification methods as static and continuous.
Moskovitch, et al. (n.d.) categorized keystroke verification methods as static and continuous.
Static method - identifies user when he enters username and password in the log-in page. Please see the video (on the left) for an example of setting up a static keystroke authentication system (Young, 2012).
Continuous method - checks the identity of the user throughout his interaction with the computer via keyboard (Moskovitch, et al., n.d.). In other words, it can be identified through continuous method if there are multiple users in a single session. Thus, it is very useful in “intrusion detection purposes” (Teh, Teoh, & Yue, 2013, p.7). |
|
Process of Keystroke Biometric
Input Data to Component Processing
From the characters (digits, letters, symbols, etc.), which the user entered in the keyboard (input device), keystroke feature components will be determined based on the type of keystroke metric used. Among those well explored statistics for distance metrics are Euclidean, Mahalanobis & Manhattan distances (as cited in Zhong, Deng, & Jain, 2012).
Moreover, there are three graphs used in measuring dynamic keystroke metrics; namely, di-graph, tri-graph and n-graph (Zhong, Deng & Jain, 2012). Some of the most basic di-graph (di means two keys) components are as follows (Please see Figure 2) (Teh, Teoh, & Yue, 2013):
From the characters (digits, letters, symbols, etc.), which the user entered in the keyboard (input device), keystroke feature components will be determined based on the type of keystroke metric used. Among those well explored statistics for distance metrics are Euclidean, Mahalanobis & Manhattan distances (as cited in Zhong, Deng, & Jain, 2012).
Moreover, there are three graphs used in measuring dynamic keystroke metrics; namely, di-graph, tri-graph and n-graph (Zhong, Deng & Jain, 2012). Some of the most basic di-graph (di means two keys) components are as follows (Please see Figure 2) (Teh, Teoh, & Yue, 2013):
Figure 2 – Keystroke Recognition Key Features
|
Figure 3 – Example of a Keystroke Time Stamp
|
Matching to Verification
With the component features available, statistical algorithms will be used for matching. Among those well explored classifiers are K-Nearest Neighbor, K-means methods, Bayesian classifiers, Fuzzy Logic, Neural Networks and support vector machines (as cited in Zhong, Deng, & Jain, 2012).
With the component features available, statistical algorithms will be used for matching. Among those well explored classifiers are K-Nearest Neighbor, K-means methods, Bayesian classifiers, Fuzzy Logic, Neural Networks and support vector machines (as cited in Zhong, Deng, & Jain, 2012).
As with the other biometric types (Please see biometric types in Module 3) the accuracy of keystroke recognition system is tied to the accuracy of its algorithms, among others. Tuning of thresholds used in keystroke technology can greatly affect the acceptance rates and rejection rates such as in the experiment of Monrose & Rubin (n.d.).
Pros and Cons
The main advantages of keystroke biometric aside from its use of a widely available and familiar device - keyboard – are: it is easily integrated and scalable over enterprise networks (Lee, 2015); it is relatively non-invasive which can enhance its consumer acceptance (Lee, 2015); and, affordable (Shanmugapriya & Padmavathi, 2010). However, its main disadvantage is keystroke identification can be literally keyboard dependent which can be unhelpful in "continuously" authenticating users. This means that the system will likely misidentify the user if the user takes some time off from the keyboard i.e., take a coffee break, stop typing to do conventional desk work (writing notes on post its, check cell phone, etc.) (Please see video below for its pros and cons) (CNET, 2012).
|
Current State and Future
Current research on keystroke biometric has expanded in the areas of machine learning and advanced classification techniques (Zhong, Deng, & Jain, 2012). Moreover, the applicability of keystroke biometric (together with voice recognition) is currently being verified by US military for battleground purposes (King, 2016). However, despite its advantages and potential use, there lies malware issues; specifically, keyloggers. Fortunately, IT security has some answer to this problem. Eddie Schwartz, chair of Information Systems Audit and Control Association (ISACA) Cybersecurity Task Force thinks if keystroke recognition is integrated in an OS (embedded scheme), the buffers in the OS can easily protect its integrity (Zurier, 2016).
Further, according to Global Industry Analysts, Inc. (2015), keystroke dynamics is finding fortuity in the rise of smartphones use globally especially in the U.S. and the Asia-Pacific. Global market drivers indicated in Global Industry Report (2015) are growing security risks, identified need of security solutions in the health and education sectors, demand for affordable and non-intrusive security solutions i.e., keystroke dynamics, and “adoption of keystroke dynamics in the banking and financial services sectors (Global Industry Analysts, Inc., 2015).”
Further, according to Global Industry Analysts, Inc. (2015), keystroke dynamics is finding fortuity in the rise of smartphones use globally especially in the U.S. and the Asia-Pacific. Global market drivers indicated in Global Industry Report (2015) are growing security risks, identified need of security solutions in the health and education sectors, demand for affordable and non-intrusive security solutions i.e., keystroke dynamics, and “adoption of keystroke dynamics in the banking and financial services sectors (Global Industry Analysts, Inc., 2015).”
References:
- Checco, J. (n.d.). Keystroke dynamics and corporate security. Revolvy. Retrieved on June 25, 2016 from www.checcoservices.com/publications/2003_Keystroke_Biometrics_Intro.pdf
- CNET. (2012). How keystroke authentication could replace passwords - CNET News [youtube file]. Retrieved on July 10, 2016 from https://www.youtube.com/watch?v=49YCfhiFeUY
- Global Industry Analysts, Inc. (2015). The global keystroke dynamics market. Trends, drivers & projections. Retrieved on June 26, 2016 from www.strategyr.com/MarketResearch/Keystroke_Dynamics_Market_Trends.asp
- Lee, J. (2015, March 11). Keystroke dynamics market to reach nearly $800m by 2020: report. Biometric Update. Retrieved on June 25, 2016 from www.biometricupdate.com/201503/keystroke-dynamics-market-to-reach-nearly-800m-by-2020-report
- Monrose, F & Rubin, A. (n.d.). Authentication via keystroke dynamics. Retrieved on June 23, 2016 from cs.unc.edu/~fabian/papers/acm.ccs4.pdf
- Moskovitch, R., Feher, C., Messerman, A., Kirschnick, N., Mustafic, T., Camtepe, A., Lohlein, B., Heister, U., Moller, S., Rokach, L. & Elovici, Y. (n.d.). Identity theft, computers and behavioral biometrics. Retrieved on June 25, 2016 from www.ise.bgu.ac.il/faculty/liorr/idth.pdf
- King, R. (2016, April 14). U.S. army evaluating biometrics for mobile devices on the battlefield. Retrieved on June 26, 2016 from www.biometricupdate.com/201604/u-s-army-evaluating-biometrics-for-mobile-devices-on-the-battlefield
- Revolvy. (n.d.). Keystroke dynamics. Retrieved on June 25, 2016 from www.revolvy.com/main/index.php?s=Keystroke%20dynamics&uid=1575
- Shanmugapriya, V. & Padmavathi, G. (2010). Keystroke dynamics authentication using neural network approaches. In Vinu, D. & Vijaykumar, R. (Eds.), Information and Communication Technologies (pp. 686-690). Retrieved on June 25, 2016 from link.springer.com/chapter/10.1007%2F978-3-642-15766-0_121
- Teh, P.S., Teoh, A.B.J. & Yue, S. (2013). A survey of keystroke dynamics biometrics. The Scientific World Journal, vol. 2013, doi:10.1155/2013/408280
- Young, T. (2012, November 30). KeystrokeDynamics.js demo video. Retrieved on July 10, 2016 from www.youtube.com/watch?v=MmbFywjs-PE
- Zhong, Yu, Deng, Y. & Jain, A. (2012). Keystroke dynamics for user authentication. Retrieved on June 25, 2016 from lsia.fi.uba.ar/papers/zhong12.pdf
- Zurier, S. (2016, April 19). The future of biometrics could be in what you type. Keystroke dynamics authentication may have the potential to halt identity theft. Retrieved on June 25, 2016 from www.biztechmagazine.com/article/2016/04/keying-another-type-biometrics