User authentication using keystroke dynamics offers many advances in the domain of cyber security, including no extra hardware cost, continuous monitoring, and nonintrusiveness. Many algorithms have been proposed in the literature. Here, we introduce two new algorithms to the domain: the Gaussian mixture model with the universal background model (GMM-UBM) and the deep belief nets (DBN). Unlike most existing approaches, which only use genuine users’ data at training time, these two generative model-based approaches leverage data from background users to enhance the model’s discriminative capability without seeing the imposter’s data at training time. These two new algorithms make no assumption about the underlying probability distribution and are fast for training and testing. They can also be extended to free text use cases. Evaluations on the CMU keystroke dynamics benchmark dataset show over 58% reduction in the equal error rate over the best published approaches. 1. Introduction With the ever increasing demand for more secure access control in many of today’s security applications, traditional methods fail to keep up with the challenges because pins, tokens, and passwords are too many to remember. Even carefully crafted user name and password can be hacked, which compromises the system security. On the other hand, biometrics [1–5] based on “who” the person is or “how” the person acts, as compared with what the person has (key) and knows (password), presents a significant security advancement to meet these new challenges. Among them, keystroke dynamics [6] provides a natural choice for secure “password-free” computer access with no additional hardware required. Keystroke dynamics refers to the habitual patterns or rhythms an individual exhibits while typing on a keyboard input device. These rhythms and patterns of tapping are idiosyncratic, [7] the same way as handwritings or signatures are, due to their similar governing neurophysiological mechanisms. Back in the 19th century, telegraph operators could recognize each other based on one’s specific tapping style [8]. Recently, it is shown that typing text can be deciphered simply based on the sound of key typing [9]. As such, it is believed that the keystroke dynamics contains enough information to be a good biometrics to ascertain a user at the keyboard. Compared with other biometrics, keystroke biometrics has additional attractiveness for its user-friendliness and nonintrusiveness. Keystroke dynamics data can be collected without a user’s awareness. Continuous authentication is possible using
References
[1]
A. K. Jain, R. Bolle, and S. Pankanti, Eds., Biometrics: Personal Identification in Networked Society, Kluwer Academic, 1999.
[2]
A. K. Jain, S. Pankanti, S. Prabhakar, H. Lin, and A. Ross, “Biometrics: a grand challenge,” in Proceedings of the 17th International Conference on Pattern Recognition (ICPR '04), pp. 935–942, August 2004.
[3]
A. K. Jain, A. Ross, and S. Prabhakar, “An introduction to biometric recognition,” IEEE Transactions on Circuits and Systems for Video Technology, vol. 14, no. 1, pp. 4–20, 2004.
[4]
S. Prabhakar, S. Pankanti, and A. K. Jain, “Biometric recognition: security and privacy concerns,” IEEE Security and Privacy, vol. 1, no. 2, pp. 33–42, 2003.
[5]
J. D. Woodward, N. M. Orlans, and P. T. Higgins, Biometrics: Identity Assurance in the Information Age, McGraw-Hill, New York, NY, USA, 2003.
[6]
F. Monrose and A. D. Rubin, “Keystroke dynamics as a biometric for authentication,” Future Generation Computer Systems, vol. 16, no. 4, pp. 351–359, 2000.
[7]
A. Dvorak, N. Merrick, W. Dealey, and G. Ford, Typewriting Behavior, American Book Company, New York, NY, USA, 1936.
[8]
J. Leggett and G. Williams, “Verifying identity via keystroke characteristics,” International Journal of Man-Machine Studies, vol. 28, no. 1, pp. 67–76, 1988.
[9]
L. Zhuang, F. Zhou, and J. D. Tygar, “Keyboard acoustic emanations revisited,” ACM Transactions on Information and System Security, vol. 13, no. 1, article 3, 2009.
[10]
R. V. Yampolskiy and V. Govindaraju, “Behavioral biometrics: a survey and classification,” International Journal of Biometrics, vol. 1, no. 1, pp. 81–113, 2008.
[11]
K. S. Killourhy and R. A. Maxion, “Comparing anomaly-detection algorithms for keystroke dynamics,” in Proceedings of the IEEE/IFIP International Conference on Dependable Systems and Networks (DSN '09), pp. 125–134, Lisbon, Portugal, July 2009.
[12]
Y. Zhong, Y. Deng, and A. K. Jain, “Keystroke dynamics for user authentication,” in Proceedings of the IEEE Computer Society Conference on Computer Vision and Pattern Recognition Workshops (CVPRW '12), pp. 117–1123, Providence, RI, USA, 2012.
[13]
J. D. Allen, An analysis of pressure-based keystroke dynamics algorithms [M.S. thesis], Southern Methodist University, Dallas, Tex, USA, 2010.
[14]
L. Bello, M. Bertacchini, C. Benitez, J. C. Pizzoni, and M. Cipriano, “Collection and publication of a fixed text keystroke dynamics dataset,” in Proceedings of the Argentine Congress on Computer Science (CACIC '10), October 2010.
[15]
R. Giot, M. El-Abed, and C. Rosenberger, “GREYC keystroke: a benchmark for keystroke dynamics biometric systems,” in Proceedings of the IEEE 3rd International Conference on Biometrics: Theory, Applications and Systems (BTAS '09), Washington, DC, USA, September 2009.
[16]
J. R. Montalv?o Filho and E. O. Freire, “On the equalization of keystroke timing histograms,” Pattern Recognition Letters, vol. 27, no. 13, pp. 1440–1446, 2006.
[17]
T. Sim and R. Janakiraman, “Are digraphs good for free-text keystroke dynamics?” in Proceedings of the IEEE Computer Society Conference on Computer Vision and Pattern Recognition (CVPR '07), pp. 17–22, Minneapolis, Minn, USA, June 2007.
[18]
F. Bergadano, D. Gunetti, and C. Picardi, “User authentication through Keystroke dynamics,” ACM Transactions on Information and System Security, vol. 5, no. 4, pp. 367–397, 2002.
[19]
D. Gunetti and C. Picardi, “Keystroke analysis of free text,” ACM Transactions on Information and System Security, vol. 8, no. 3, pp. 312–347, 2005.
[20]
F. Monrose, M. K. Reiter, and S. Wetzel, “Password hardening based on keystroke dynamics,” in Proceedings of the 6th ACM Conference on Computer and Communications Security (ACM CCS '99), pp. 73–82, November 1999.
[21]
G. Forsen, M. Nelson, and R. Staron Jr., “Personal attributes authentication techniques,” Tech. Rep. RADC-TR-77-333, Rome Air Development Center, 1977.
[22]
R. Spillane, “Keyboard apparatus for personal identification,” IBM Technical Disclosure Bulletin, vol. 17, no. 3346, 1975.
[23]
S. P. Banerjee and D. L. Woodard, “Biometric authentication and identification using keystroke dynamics: a survey,” Journal of Pattern Recognition Research, vol. 7, pp. P116–P139, 2012.
[24]
R. Gaines, W. Lisowski, S. Press, and N. Shapiro, “Authentication by keystroke timing: some preliminary results,” Rand Rep. R-2560-NSF, Rand Corporation, 1980.
[25]
S. Bleha, C. Slivinsky, and B. Hussien, “Computer-access security systems using keystroke dynamics,” IEEE Transactions on Pattern Analysis and Machine Intelligence, vol. 12, no. 12, pp. 1217–1222, 1990.
[26]
S. Cho, C. Han, D. H. Han, and H.-I. Kim, “Web-based keystroke dynamics identity verification using neural network,” Journal of Organizational Computing and Electronic Commerce, vol. 10, no. 4, pp. 295–307, 2000.
[27]
L. C. F. Araújo, L. H. R. Sucupira, M. G. Lizárraga, L. L. Ling, and J. B. T. Yabu-uti, “User authentication through typing biometrics features,” in Proceedings of the 1st International Conference on Biometric Authentication (ICBA '04), vol. 3071 of Lecture Notes in Computer Science, pp. 694–700, Springer, Berlin, Germany, 2004.
[28]
R. Joyce and G. Gupta, “Identity authentication based on keystroke latencies,” Communications of the ACM, vol. 33, no. 2, pp. 168–176, 1990.
[29]
S. Haider, A. Abbas, and A. K. Zaidi, “Multi-technique approach for user identification through keystroke dynamics,” in Proceedings of the IEEE Interantional Conference on Systems, Man and Cybernetics, pp. 1336–1341, October 2000.
[30]
C. L. Chen, K. L. Weng, and P. L. Chee, “Keystroke patterns classification using the ARTMAP-FD neural network,” in Proceedings of the 3rd International Conference on Intelligent Information Hiding and Multimedia Signal Processing (IIHMSP '07), pp. 61–64, Kaohsiung, Taiwan, November 2007.
[31]
E. Yu and S. Cho, “Ga-SVM Wrapper approach for feature subset selection in keystroke dynamics identity verifcation,” in Proceedings of the International Joint Conference on Neural Networks, pp. 2253–2257, IEEE Press, 2003.
[32]
P. Kang, S. Hwang, and S. Cho, “Continual retraining of keystroke dynamics based authenticator,” in Proceedings of the 2nd International Conference on Biometrics (ICB ’07), pp. 1203–11211, Springer, Berlin, Germany, 2007.
[33]
D. Hosseinzadeh and S. Krishnan, “Gaussian mixture modeling of keystroke patterns for biometric applications,” IEEE Transactions on Systems, Man and Cybernetics Part C, vol. 38, no. 6, pp. 816–826, 2008.
[34]
D. A. Reynolds, “Comparison of Background Normalization Methods for Text-independent Speaker Verification,” EuroSpeech, 1997.
[35]
G. E. Hinton, S. Osindero, and Y.-W. Teh, “A fast learning algorithm for deep belief nets,” Neural Computation, vol. 18, no. 7, pp. 1527–1554, 2006.
[36]
R. Salakhutdinov, Learning deep generative models [Ph.D. thesis], University of Toronto, 2009.
[37]
G. E. Hinton, “Training products of experts by minimizing contrastive divergence,” Neural Computation, vol. 14, no. 8, pp. 1771–1800, 2002.
