USER AUTHENTICATION THROUGH TYPING PATTERNS
The argument surrounding this research topic is that the use of keystroke rhythm is a natural choice for computer security. This argument stems from observations that similar neuro-physiological factors that make written signatures unique are also exhibited in a user's typing pattern. The keystroke dynamics of a computer user's login string provide a characteristic pattern that can be used for verification of the user's identity. Keystroke patterns combined with other security schemes can provide a very powerful and effective means of authentication and verification of computer users. Keystroke dynamics are rich with individual mannerism and traits and they can be used to extract features that can be used to authenticate/verify access to computer systems and networks. The methods used to prove the theory that typing patterns can be used as a means of verification is the many scholarly articles and findings of individuals that have taken an interest in this method of identification. Through these findings we are able to understand the pitfalls and work on implementing this form of identification.
There are a multitude of biometric techniques either widely used or under investigation. These include, facial imaging, hand and finger geometry, eye based methods, signature, voice, vein geometry, keystroke, finger- and palm-print imaging and DNA. The strength of DNA as a biometric identification tool lies primarily in the uniqueness of the DNA sequence. DNA, as a tool for identity verification and management, is considered to be very strong. Personal identification is a process of associating a particular individual with an identity. Knowledge-based and token-based automatic personal identification approaches have been the two traditional techniques widely used. Token-based approaches use something you have to make a personal identification, such as a passport, driver's license, ID card, credit card, or keys. Knowledge-based approaches use something you know to make a personal identification, such as a password or a personal identification number (PIN). Because knowledge based and token-based approaches are unable to differentiate between an authorized person and an imposter who fraudulently acquires the token or knowledge of the authorized person, they are unsatisfactory means of achieving the security requirements of our electronically interconnected information society. Biometric Identification refers to identifying an individual based on his or her distinguishing physical and/or behavioral characteristics. An imposter may attempt to spoof the biometric trait of a legitimately enrolled user in order to circumvent the system. This type of attack is especially relevant when behavioral traits such as signature and voice are used. However Physical traits like fingerprints, palm prints and eye based methods are also susceptible to spoof attacks . Because many physiological or behavioral characteristics are distinctive to each person, biometric identifiers are inherently more reliable and more capable than knowledge-based and token-based techniques in differentiating between an authorized person and a fraudulent imposter. The ideal biometric should be universal, where each person possesses the characteristics; unique, where no two persons should share the characteristic; permanent, where the characteristics should neither change nor be alterable; and collectable, where the characteristics is readily presentable to a sensor and is easily quantifiable . Some systems incorrectly assume that biometric measurements are secret and grant access to any user presenting matching measurements. Such systems cannot handle situations in which user's biometric measurements are disclosed, because biometrics cannot be changed (unless the user has an organ transplant). Moreover, users would not know that their biometrics had been disclosed. People leave...
References: 1. Jain, A.K., Hong, L. and Pankanti S. "Biometric Identification," Communications of the ACM, Vol. 43, No.2, pp. 90 – 98, February 2000.
2. Jain, A.K. and Ross, A. "Multibiometric System," Communications of the ACM, Vol. 47, No.1, pp. 34 – 40, January 2004.
3. Matyáš, V. and Øíha, Z. "Toward Reliable Users Authentication through Biometrics," IEEE Security & Privacy, Vol. 1, No. 3, pp. 45- 49, May-June 2003.
4. Monrose, F. and Rubin, A. Keystroke dynamics as a biometric for authentication, Future Generation Computer System 16 (2000) 351 – 359.
5. Chirillo, J., Blaul, S., Implementing Biometric Security, Indianapolis, Indiana, 2003.
7. Yu, E., Cho, S. "Keystroke dynamics identity verification-its problems and practical solutions," Computers & Security. Vol. 23, no. 5, pp. 428-440. July 2004.
8. Ross A.J. Everitt, Peter W. McOwan, "Java-Based Internet Biometric Authentication System," IEEE Transactions on Pattern Analysis and Machine Intelligence, vol. 25, No. 9, pp. 1166-1172, Sept 2003.
Please join StudyMode to read the full document