Some Remarks on Keystroke Dynamics - Global Surveillance, Retrieving Information and Simple Countermeasures

Marek Klonowski, Piotr Syga, Wojciech Wodo

2012

Abstract

In this paper we discuss some security issues related to keystroke dynamics. Up to now these methods have been used mainly for supporting authentication protocols. We point out that they can be also used against privacy and potentially lead to some other malicious behavior like for example impersonation. We also present some simple fairly realistic and usable countermeasures. We discuss fundamental issues about efficient and accurate representation of user’s profile in keystroke dynamic methods. More precisely, we discuss statistics of so–called timings used for building user’s profile. We give some observations about distributions of timings that substantially differ from assumptions used in numerous papers. Some of our theories are supported by experimental results.

References

  1. Bergadano, F., Gunetti, D., and Picardi, C. (2002). User authentication through keystroke dynamics. ACM Trans. Inf. Syst. Secur., 5(4):367-397.
  2. BioPassword Inc. (2007). Authentication Solutions Through Keystroke Dynamics. Technical report.
  3. Cho, S. and Hwang, S. (2006). Artificial rhythms and cues for keystroke dynamics based authentication. In (Zhang and Jain, 2006), pages 626-632.
  4. Chudá, D. and Durfina, M. (2009). Multifactor authentication based on keystroke dynamics. In Rachev, B. and Smrikarov, A., editors, CompSysTech, page 89. ACM.
  5. Gaines, R. S., Lisowski, W., Press, S. J., and Shapiro, N. (1980). Authentication by keystroke timing: Some preliminary results. Technical report, RAND Corporation.
  6. Joyce, R. and Gupta, G. K. (1990). Identity authentication based on keystroke latencies. Commun. ACM, 33(2):168-176.
  7. Lilliefors, H. W. (1967). On the kolmogorov-smirnov test for normality with mean and variance unknown. Journal of the American Statistical Association, 62(318):399-402.
  8. Monrose, F. and Rubin, A. D. (1997). Authentication via keystroke dynamics. In Graveman, R., Janson, P. A., Neumann, C., and Gong, L., editors, ACM Conference on Computer and Communications Security, pages 48-56. ACM.
  9. Revett, K. (2009). A bioinformatics based approach to user authentication via keystroke dynamics. International Journal Of Control Automation And Systems, 7(1):7- 15.
  10. Revett, K., Gorunescu, F., Gorunescu, M., Ene, M., de Magalhães, S., and Santos, H. (2007). A machine learning approach to keystroke dynamics based user authentication. J. Electronic Security and Digital Forensics, 1(1):55-70.
  11. Serjantov, A. and Newman, R. E. (2003). On the anonymity of timed pool mixes. In Gritzalis, D., di Vimercati, S. D. C., Samarati, P., and Katsikas, S. K., editors, SEC, volume 250 of IFIP Conference Proceedings, pages 427-434. Kluwer.
  12. Shapiro, S. S. and Wilk, M. B. (1965). An analysis of variance test for normality (complete samples). Biometrika, 52(3/4):591-611.
  13. Sheng, Y., Phoha, V. V., and Rovnyak, S. M. (2005). A parallel decision tree-based method for user authentication based on keystroke patterns. IEEE Transactions on Systems, Man, and Cybernetics, Part B, 35(4):826- 833.
  14. Sim, T. and Janakiraman, R. (2007). Are digraphs good for free-text keystroke dynamics? In CVPR. IEEE Computer Society.
  15. Song, D. X., Wagner, D., and Tian, X. (2001). Timing analysis of keystrokes and timing attacks on ssh. In Proceedings of the 10th conference on USENIX Security Symposium - Volume 10, pages 25-25, Berkeley, CA, USA. USENIX Association.
  16. Stefan, D., Shu, X., and Yao, D. D. (2012). Robustness of keystroke-dynamics based biometrics against synthetic forgeries. Computers & Security, 31(1):109- 121.
  17. Zhang, D. and Jain, A. K., editors (2006). Advances in Biometrics, International Conference, ICB 2006, Hong Kong, China, January 5-7, 2006, Proceedings, volume 3832 of Lecture Notes in Computer Science. Springer.
  18. Zhang, K. and Wang, X. (2009). Peeping tom in the neighborhood: Keystroke eavesdropping on multi-user systems. In USENIX Security Symposium, pages 17-32. USENIX Association.
  19. Zhang, S., Janakiraman, R., Sim, T., and Kumar, S. (2006). Continuous verification using multimodal biometrics. In (Zhang and Jain, 2006), pages 562-570.
Download


Paper Citation


in Harvard Style

Klonowski M., Syga P. and Wodo W. (2012). Some Remarks on Keystroke Dynamics - Global Surveillance, Retrieving Information and Simple Countermeasures . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012) ISBN 978-989-8565-24-2, pages 296-301. DOI: 10.5220/0004072602960301


in Bibtex Style

@conference{secrypt12,
author={Marek Klonowski and Piotr Syga and Wojciech Wodo},
title={Some Remarks on Keystroke Dynamics - Global Surveillance, Retrieving Information and Simple Countermeasures},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012)},
year={2012},
pages={296-301},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004072602960301},
isbn={978-989-8565-24-2},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012)
TI - Some Remarks on Keystroke Dynamics - Global Surveillance, Retrieving Information and Simple Countermeasures
SN - 978-989-8565-24-2
AU - Klonowski M.
AU - Syga P.
AU - Wodo W.
PY - 2012
SP - 296
EP - 301
DO - 10.5220/0004072602960301