Utilizing Keystroke Dynamics as Additional Security Measure to Protect Account Recovery Mechanism

Ahmed Wahab; Daqing Hou; Stephanie Schuckers; Abbie Barbir

doi:10.5220/0010191200330042

Utilizing Keystroke Dynamics as Additional Security Measure to Protect Account Recovery Mechanism

Ahmed Wahab, Daqing Hou, Stephanie Schuckers, Abbie Barbir

2021

Abstract

Account recovery is ubiquitous across web applications but circumvents the username/password-based login step. Therefore, it deserves the same level of security as the user authentication process. A common simplistic procedure for account recovery requires that a user enters the same email used during registration, to which a password recovery link or a new username could be sent. Therefore, an impostor with access to a user’s registration email and other credentials can trigger an account recovery session to take over the user’s account. To prevent such attacks, beyond validating the email and other credentials entered by the user, our proposed recovery method utilizes keystroke dynamics to further secure the account recovery mechanism. Keystroke dynamics is a type of behavioral biometrics that uses the analysis of typing rhythm for user authentication. Using a new dataset with over 500,000 keystrokes collected from 44 students and university staff when they fill out an account recovery web form of multiple fields, we have evaluated the performance of five scoring algorithms on individual fields as well as feature-level fusion and weighted-score fusion. We achieve the best EER of 5.47% when keystroke dynamics from individual fields are used, 0% for a feature-level fusion of five fields, and 0% for a weighted-score fusion of seven fields. Our work represents a new kind of keystroke dynamics that we would like to call it ‘medium fixed-text’ as it sits between the conventional (short) fixed text and (long) free text research.

Download

Paper Citation

in Harvard Style

Wahab A., Hou D., Schuckers S. and Barbir A. (2021). Utilizing Keystroke Dynamics as Additional Security Measure to Protect Account Recovery Mechanism.In Proceedings of the 7th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-491-6, pages 33-42. DOI: 10.5220/0010191200330042

in Bibtex Style

@conference{icissp21,
author={Ahmed Wahab and Daqing Hou and Stephanie Schuckers and Abbie Barbir},
title={Utilizing Keystroke Dynamics as Additional Security Measure to Protect Account Recovery Mechanism},
booktitle={Proceedings of the 7th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2021},
pages={33-42},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010191200330042},
isbn={978-989-758-491-6},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 7th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Utilizing Keystroke Dynamics as Additional Security Measure to Protect Account Recovery Mechanism
SN - 978-989-758-491-6
AU - Wahab A.
AU - Hou D.
AU - Schuckers S.
AU - Barbir A.
PY - 2021
SP - 33
EP - 42
DO - 10.5220/0010191200330042