ArticlePDF Available

A Secured Authentication System Using an Effective Keystroke Dynamics

Authors:
Jagadamaba Guru at Siddaganga Institute of Technology
Jagadamaba Guru
Sharmila S P at Indian Institute of Technology Indore
Sharmila S P
Thejas Gouda
Thejas Gouda
Thejas Gouda
  • This person is not on ResearchGate, or hasn't claimed this research yet.
Download full-text PDFDownload full-text PDF
Read full-text
Download citation

Abstract and Figures

In the field of computer security, most promising field is securing the data by allowing ease access to authorized users. The biometric techniques like face recognition, voice recognition and digital signatures provide good authentication security. The keystroke dynamics is defined to be a low cost, strong behavioral biometric-based authentication system, based on consistent typing rhythm patterns at a keyboard terminal, which will be individually unique. This paper exhibits an effective, efficient and robust user authentication. Authentication system is based on effective Adaptive Learning Classification (ALC) algorithm, where a self-threshold for each user was decided based on user input. Training and testing data lead to an average false reject rate of 10.00 % and the average false accept rate of 0.0025 %.
Figures - uploaded by Jagadamaba Guru
Author content
All figure content in this area was uploaded by Jagadamaba Guru
Content may be subject to copyright.
A Secured Authentication using Keystroke Dynami
cs.pdf
Content uploaded by Jagadamaba Guru
Author content
All content in this area was uploaded by Jagadamaba Guru on Dec 17, 2020
Content may be subject to copyright.
A Secured Authentication using Keystroke Dynami
cs.pdf
Content uploaded by Jagadamaba Guru
Author content
All content in this area was uploaded by Jagadamaba Guru on Aug 06, 2019
Content may be subject to copyright.
A Secured Authentication System Using
an Effective Keystroke Dynamics
G. Jagadamba, S. P. Sharmila and Thejas Gouda
Abstract In the field of computer security, most promising field is securing the
data by allowing ease access to authorized users. The biometric techniques like
face recognition, voice recognition and digital signatures provide good authenti-
cation security. The keystroke dynamics is defined to be a low cost, strong
behavioral biometric-based authentication system, based on consistent typing
rhythm patterns at a keyboard terminal, which will be individually unique. This
paper exhibits an effective, efficient and robust user authentication. Authentication
system is based on effective Adaptive Learning Classification (ALC) algorithm,
where a self-threshold for each user was decided based on user input. Training and
testing data lead to an average false reject rate of 10.00 % and the average false
accept rate of 0.0025 %.
Keywords Biometrics Keystroke dynamics Rejection rate Acceptance rate
1 Introduction
The increasing use of automated information systems together with our pervasive
use of computers has greatly simplified our lives, while making us immensely
dependent on computers and digital networks. For any information system to serve
G. Jagadamba (&)T. Gouda
Department of Information Science and Engineering, Siddaganga Institute of Technology,
Tumkur-03, India
e-mail: jagadambasu@gmail.com
T. Gouda
e-mail: thejas777777@gmail.com
S. P. Sharmila
Department of Computer Science and Engineering, Siddaganga Institute of Technology,
Tumkur-03, India
e-mail: sharmila.h.shukthij@gmail.com
V. Sridhar et al. (eds.), Emerging Research in Electronics, Computer Science
and Technology, Lecture Notes in Electrical Engineering 248,
DOI: 10.1007/978-81-322-1157-0_46, ÓSpringer India 2014
453
its purpose, information should be protected from unauthorized access, disclosure,
disruption, modification, perusal, inspection, recording or destruction. Information
security includes five security characters [1] like confidentiality, integrity, avail-
ability, authenticity and accountability, which can be mutually exclusive.
‘User authentication is an assurance that communicating entity is the one
claimed.’’ User authentication is the basis for most types of access control and for
user accountability. It can be categorized into three classes [25], namely,
Knowledge based: such as password or secret information.
Object or Possession: such as smart card, passport and driver’s licenses.
Biometric based: such as fingerprint, iris and voice.
Biometrics user authentications are the technologies that are measurable on
physiological or behavioral characteristics [6]. A behavioral biometric recognition
system can run in two different modes; identification and verification. Here,
automated approaches will be defined for an identity for each user (human or
process). The verification process realizes the data capture and the feature
extraction and the comparison with the biometric model. Two commonly used
standards in biometrics according to [1] are False Rejection Rate (FRR) and False
Acceptance rate (FAR), and these should be as less as possible for any good
biometric system. Keystroke rhythm is a natural choice for computer security,
which is an art of recognizing an individual based on typing patterns. It includes
several different measurements like latency between consecutive keystrokes,
duration of the keystroke and hold-time [6], which can be detected when the user
presses the keys in the keyboard. In this paper, we propose an efficient safeguard
system based on authenticating a user to access computers by recognizing certain
unique and habitual patterns with a user’s typing rhythm. Rest of the paper is
organized as follows: Sect. 2 highlights related work, Sect. 3 focuses on keystroke
latency metrics and implementation of user authentication system, Sect. 4 includes
testing results, and Sect. 5 concludes the proposed work.
2 Related Work
The keystroke rhythms of the user are measured to develop a unique biometric
template of the user’s typing pattern for future authentication. Raw measurements
available from each keyboard can be recorded to determine dwell time (the time a
key is pressed) or flight time (the time between key down and the next key down
and the time between key up and the next key up). After recording, data are
processed through the algorithm, which serves the primary pattern for future
comparison and analysis.
Different methodologies have been adopted depending upon dwell time and
flight time. A summary of existing methodologies with remarks has been collected
from [2,610] are listed here (Table 1).
454 G. Jagadamba et al.
3 User Authentication Using Keystroke Dynamics
In this model, we adopt a static keystroke authentication methodology, which is
perfectly suitable to authenticate an individual by asking user to type his own
password. Before login to his computer session, typing rhythm is verified with the
prototype stored in the server database. Changing the password implies to enroll
again, because the methods are not able to work with a different password. When
we build a model, we take the latencies between adjacent keystrokes among
several samples of a user stored in the database and then compute a vector of
means and standard deviations for the latencies between each pair of keystrokes
using an adaptive learning classification (ALC) algorithm. The vector of means
and standard deviations then represents the user’s profile and used to classify the
users as authenticator or intruder.
Table 1 Different keystroke methodologies used for training and testing
Sl.
No
Methodology Remarks
1 Hold key timings Total time periods and pressure were measured using
Euclidian distance measure between two vectors of
typed characters, stored as template
2 Ant colony optimization
technique
Mean and standard deviation was used to extract the
features from the keystroke duration, latency and
digraph
3 Keystroke timings Successive keystrokes were recorded and used for
authentication and result with FAR 4 % for seven
users
4 Standard and measure The mean, standard deviation of keystroke latencies and
digraph between reference profile and test data are
compared. A result of 17 % FAR and 30 % FRR was
obtained
5 Pattern recognition and neural
network
Fuzzy ARTMAP, RBFN and LVQ neural network
paradigms were used. BPSTF, potential function and
Bayes’ rule algorithms gave moderate performance
6 Bio password This technique is fast, accurate, transparent and scalable
7 Parallel decision trees (DTs) on
keystroke patterns
By this method the average false reject rate was 9.62 %
and the average false accept rate was 0.88 %
8 Telling hUman and bot apart
(TUBA)
Monitoring user’s keystroke-dynamics patterns and
identifying intruders. The bot-generated keystroke
sequences are detected with high true positive rates
93 %.
9 Virtual key force This method improves the accuracy by 90.4 % and
reduces the training and testing time within 0.025 s
A Secured Authentication System Using an Effective Keystroke Dynamics 455
3.1 Keystroke Latency Metrics
In our approach, we monitor all the key events that the user types which includes
alphanumeric values including shift, backspace and caps lock. Typing one key
triggers a pair of key events: press and release, which we call a keystroke. The
Press Release-latencies and Release Press-latencies are grouped, respectively, in
three different ways: bigram, trigram and word-gram. A key event can be a bigram
event, a trigram event or a word-gram event [2]. For our proposed system, we
considered the word-gram and bigram event.
3.2 Implementation
The system architecture consists of client, server and database. The client acts like
an end user with various types of activities. Client performs activities like login to
system, transactions, view to his data. Server includes the functions like registering
the server with Remote Method Invocation (RMI) registry, establishing the
communication to client, processing of all clients requests, running keystroke
procedure to check for valid user, sending the successful key typing latencies to
database and provides application services to authenticated clients, if any variation
a third-level security policies will be defined. Where third-level policies may
include sending random code to user’s mobile, user’s email account or check
security answer sent by client and proceed further processing. Database is
responsible for storing all the relevant keystroke latency data and also user
information. It will receive the queries from the server process, execute them and
return the corresponding results back to the server process. A database server is
used to store various information required by the server process. Information like
user details, commodity prices, details of transactions, incoming and outgoing
messages is stored on the database in different tables. The secret information of a
user, that is, password will be stored in an encrypted form.
3.3 Adaptive Learning Classification Algorithm
When the user signs up, user typing samples are captured without his knowledge
for first five consecutive times. After sample collection process, the keystroke
biometrics authentication mechanism comes into operation. Whenever the user
tries to login to the system, the average of the recent five successful transactions
typing frequency is considered to cross check with the current typing frequency. In
addition, a threshold value is provided for the respective users, where the threshold
is the standard deviation of the samples. If the typing frequency of the users is
between the above or below the average threshold, then the user is authenticated;
456 G. Jagadamba et al.
otherwise a user is unauthenticated and third-level security policies will be pre-
sented. The following steps are followed in ALC algorithm to make the decision
authenticator or intruder.
ALC Algorithm
1. Initialization: Capturing the values, x =d, from username =‘Specific User’.
2. Template Design: Mean and standard deviation is calculated for the specific
user, and the corresponding threshold is calculated.
l¼Pn
i¼1xi
N
r¼ffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffi
PiðxilÞ2
N
s
Upper Threshold ¼lþrðÞ
Lower Threshold ¼lrðÞ
3. Analysis: if (Lower Threshold BlBUpper Threshold)-authenticator, else
intruder.
4. Decision: if (Authenticator) Service is continued else (intruder) third-level
security policies will be introduced.
4 Testing Results
Testing was carried out in password string latency, that is, flight time between the
first and the last key pressed and password character latency, that is, flight time
between the successive pair of keys pressed. During the experiment, the delete
operations and irrelevant shift key pressed were eliminated from the data. A user is
able to login successfully only when successful match is made between stored
genuine template and live sample falls below the specified threshold. The false
match is registered when a live sample exceeds the specified threshold, then the
user will not be authenticated. In the testing procedure of string latency, four
participants were allowed to login to their own account and data collected where
analyzed. The Fig. 1shows the frequency variations for 10 attempts, and Fig. 2
shows the experimental results where failure rates of FRR falls around 10–40 %.
In the same way, character latencies where collected for 4 participants by allowing
them to login to a particular account and frequency variations are depicted in
Fig. 3. The success rate of FAR falls between 0 and 20 % and success rate of FAR
is almost 0.0025 %, which is shown in Fig. 4. All the tests are done for an Internet
banking application, and the response time was observed to be in terms of 2–5 ms
A Secured Authentication System Using an Effective Keystroke Dynamics 457
with the Internet connectivity of 10.0 Mbps, with some 50 % of traffic in the
channel in client–server architecture. The third-party policy verification response
times are observed to be almost 2 ms for the designed system.
Fig. 1 Frequency variations
of string latency
Fig. 2 FRR and FAR for
string latency
Fig. 3 Frequency variations
of character latency
458 G. Jagadamba et al.
5 Conclusion
We have presented a framework for defining a quick and secure authentication
approach and do not need any special hardware except keyboard for the appli-
cations in the highly connected world of tomorrow. This approach has no effect on
someone’s privacy, since the behavior of an individual is considered. As individual
behavior cannot be copied, it becomes an identification token for verification. Our
keystroke biometrics exhibits an inexpensive user authentication system for
applications like Internet banking. This can be easily adoptable for all online
commerce. Performance can be improved by minimizing the FAR by adapting
relative keystrokes with good fault tolerance methods.
References
1. Giot R, Dorizziy B, Rosenberger C (2011) Analysis of template update strategies for
keystroke dynamics. In: Proceedings of IEEE symposium series on computational
intelligence, vol 1. Paris, pp 21–28
2. Shanmugapriya D, Padmavathi G (2011) An efficient feature selection technique for user
authentication using keystroke dynamics. Proc Int J Comput Sci Netw Secur 11(10):191–195
3. Bishop M (2003) Computer security: art and science. In: Proceedings of 51th symposium on
networked and distributed system security, Addison-Wesley Professional. Boston, MA, ISBN
0-201-44099-7, p 123130
4. Sukhai NB (2004) Access control & biometrics. In: Proceedings of ACM 1st annual
conference on information security curriculum development. New York, pp 124–127
5. Williams JM (2002) Biometrics or biohazards? In: Proceedings of ACM workshop new
security paradigms. New York, pp 97–107
6. Karnan M, Krishnaraj N (2010) Bio password-keystroke dynamic approach to secure mobile
devices. In: Proceedings of conference IEEE-2010, international conference on
computational intelligence and computing research, doi:10.1109/ICCIC
7. O’Gorman L (2003) Comparing passwords, tokens, and biometrics for user authentication.
Proc IEEE 91(12):2019–2040
Fig. 4 FRR and FAR for
character latency
A Secured Authentication System Using an Effective Keystroke Dynamics 459
8. Karnan M, Akila M, Kalamani A (2009) Feature subset selection in keystroke dynamics
using ant colony optimization. Proc J Eng Technol Res 1(5):072–080
9. Sheng Y, Phoha VV, Rovnyak SM (2005) A parallel decision tree-based method for user
authentication based on keystroke patterns. In: Proc IEEE Trans Syst Man Cybern Part B:
Cybern 35(4):826–833
10. Stefan D, Shu X, Yao D (2011) Robustness of keystroke-dynamic based biometrics against
synthetic forgeries. Elsevier ltd, doi:10.1016/j.cose.1011.10.001
460 G. Jagadamba et al.
... In [7], an individual keystroke threshold is calculated utilizing the classification algorithm with the adaptive learning capabilities. The keystroke algorithm uses the recorded data of the user and processes it to serve as a basis of further examinations and comparison. ...
... When the user is accessing the application, keystroke will be captured to calculate the threshold. If the threshold calculated mismatches with the threshold stored in the database, then the user is logged out from the application or else the next character is captured from the keyboard [7]. ...
... A similar system was found [21] which has focused on mouse dynamics and keystroke dynamics separately as well as a combination of both. We have tested the authentication using keystroke with the static password-based authentication [7,24]. We have achieved about 91% of efficiency to identify the genuine user and 84% as a correct impostor. ...
Adaptive E-Learning Authentication and Monitoring
Conference Paper
  • Nov 2020
E-learning enables the transfer of skills, knowledge, and education to a large number of recipients. The E-Learning platform has the tendency to provide face-to-face learning through a learning management system (LMS) and facilitated an improvement in traditional educational methods. The LMS saves organization time, money and easy administration. LMS also saves user time to move across the learning place by providing a web-based environment. However, a few students could be willing to exploit such a system's weakness in a bid to cheat if the conventional authentication methods are employed. In this scenario user authentication and surveillance of end user is more challenging. A system with the simultaneous authentication is put forth through multifactor adaptive authentication methods. The proposed system provides an efficient, low cost and human intervention adaptive for e-learning environment authentication and monitoring system.
View
... Passwords, passphrases, secret codes, certificate based [5]and personal identification numbers (PINs) found as what you know; keys to lock and unlock for what you have and biometric authentication methods like iris, image, fingerprints, and keystroke [6], presents what you are. Once the identity of the user gets declared in the authentication stage, the users were assigned a set of authorizations considered to be the rights, privileges, or permissions associated to do with the resources. ...
... .......... =P i × R i × CS CD .......... (7)……….(8) The overall checksum is found by the formatter through eqn.(6) and eqn.(8) for the user U. A final checksum CS f is considered from eqn.(9) for promoting the user to a higher level. Where CS Ri is the checksum value of resource R i and CS To is the checksum value of the threshold values of the contextual analysis. ...
Adaptive Context-Aware Access Control Model for Ubiquitous Learning Environment
Article
Full-text available
  • Jan 2016
In a ubiquitous environment the users access to any services at anytime, anywhere through any device is the new dictum. Thus, ubiquity and mobility of devices made the access control, adaptive in nature by using the contextual information. However, dynamically changing context does not leverage on access control for the resources requested. We propose an access control mechanism that adapted through means of gathering the dynamically changing contextual information that has an impact on access decisions. As a result, a fine-grained access control decisions is assessed through well-tuned analysis about a user behavior and need before granting or denying. Results and performance analysis is presented for the proposed context-aware access control mechanism.
View
... The three-factor authentication schemes included the biometric as one of the major factors for the user identification. Among three-factor authentication, the password and RIFD became the necessary factor for authentication [4]. Other than biometrics, the questionnaire, and one-time password became the third factor for authentication. ...
... In this regard, an attempt to optimize the keystroke authentication was made [2] based on the simple statistical methodologies. Work on similar approach was done in our earlier work [4] and achieved good efficiency with the adaptive learning algorithm. The work was useful concerning to two-factor authentication technique when compared to [2]. ...
Keystroke DynamicsIn Authentication Scheme
Article
Full-text available
  • Jan 2016
  • Int J Comput Inform Sci
Securing the data by allowing ease access to authorized users is one of the major challenges in the field of information security. The existing biometric techniques like retina scan, palm print, face recognition, etc., provide excellent protection, but expensive in real world implementation. Hence, a better security with low cost was attempted using keystroke biometrics. Keystroke biometrics is one of the efficient and inexpensive authentication technologies that can identify the user in any applications through the typing rhythm. The keystroke dynamics combined with the regular authentication techniques make the authentication scheme stronger and efficient. This paper proposes a user-server three-factor authentication using password, smart card, and keystroke dynamics. The experimentation on a banking environment was implemented and the performance was found to be the cost effective and efficient. The scheme is capable of replacing the synthetic forgeries in applications that require high level security.
View
... Cybersecurity is a rising concern for DCS and its main objective is to protect its assets including human, data, systems, organization and/or country from its known and unknown vulnerabilities, threats and advisories (Jagadamba et al. 2014;Felderer et al. 2014;Ansari and Janghel 2013;House 2014); and its main objectives includes confidentiality, integrity, availability, authenticity and validation (Kriaa et al. 2015). ...
Cybersecurity management for distributed control system: systematic approach
Article
Full-text available
  • Nov 2021
Distributed control systems are the backbone of modern industrial revolution. Its utilization ranges from industries like agriculture, automobiles, petrochemical and refineries to nuclear power plants. Inclusion of cyber capabilities to distributed control systems exposed it to security risk especially once used for critical infrastructure of a country. It is critical for distributed control systems to effectively manage its cybersecurity risks and attacks. In this research, a consolidated cybersecurity management approach is developed which is based on cyclic phases that addresses the risk, security, testing and trust factors of distributed control systems within cyber physical systems domain. This research also identified trust and reputation as two additional components to be included in managing distributed control systems’ cybersecurity. This method enhances the level of security required to safeguard distributed control systems.
View
... Whereas FRR is the possibility of a system/method to reject users and detect them as attackers [15,20,21]. How to get the FAR and FRR values can be seen in formulas (5) and (6), provided that the smaller the value of the FAR or FRR, the better the results of the KDA classification applied [6,22]. ...
View
View
Practical User and Entity Behavior Analytics Methods for Fraud Detection Systems in Online Banking: A Survey
Chapter
  • Jan 2020
User and entity behavior analytics (UEBA) methods in fraud detection and advertising are widely used cognitive science methods in modern online banking systems. But profusion of marketing papers complicates true situation. Most of academic papers contain a systematic error: “Correct sample choice error”. Fed to the input the real data of user behavior in online banking do not nothing benefit. The paper will be submitted to the criticism of several methods on “mouse track analysis” and “keystroke dynamics” algorithms. New type of algorithms will be present: “preference-behavioral chain” methods. One “preference-behavioral chain” algorithm for social engineering detection will be presented.
View
Keystroke Dynamics in E-Learning and Online Exams
Chapter
Full-text available
  • Jan 2019
In the internet era, the online examination has become an integral component of online processing and online learning. Student assessment in the online education system is submitted remotely without any face-to-face recognition and interaction. However, student authentication is the significant challenge in online education and examination. This chapter aims to examine various authentication systems, potential threats, and solutions to student authentication in the online examinations and learning. In this chapter, a keystroke-based authentication system is discussed for online examinations. Keystroke-based authentication does not require any additional investments as compared to the other existing authentication approaches such as face recognition, iris recognition, fingerprint, and so on.
View
Distributed Control Systems Security for CPS
Chapter
  • Mar 2018
Distributed control systems (DCSs) are one of the founding technologies of the cyber-physical systems (CPSs), which are implemented in industries and grids. The DCSs are studies from the aspect of design, architecture, modeling, framework, management, security, and risk. From the findings, it was identified that the security of these systems is the most vital aspect among the modern issues. To address the security of DCSs, it is important to understand the bridging features between DCSs and the CPSs in order to protect them from cyberattacks against known and unknown vulnerabilities.
View
View
An Efficient Feature Selection Technique for User Authentication using Keystroke Dynamics
Article
Full-text available
  • Jan 2011
Securing the sensitive data and computer systems by allowing ease access to authenticated users and withstanding the attacks of imposters is one of the major challenges in the field of computer security. ID and password are the most widely used method for authenticating the computer systems. But, this method has many loop holes such as password sharing, shoulder surfing, brute force attack, dictionary dttack, guessing, phishing and many more. Keystroke Dynamics is one of the famous and inexpensive behavioral biometric technologies, which identifies the authenticity of a user when the user is working via a keyboard. Keystroke features like dwell time, flight time, di-graph, tri-graph and virtual key force of every user are used in this paper. For the purpose of preprocessing Z-Score method is used. Ant Colony Optimization (ACO), Particle Swarm Optimization (PSO), Genetic Algorithm (GA) algorithm is used with Extreme Learning Machine (ELM) for feature subset selection. In order to classify the obtained results ELM algorithm is used. Comparison of ACO, PSO and GA with ELM respectively is done to find the best method for feature subset selection. From the results, it is revealed that ACO with ELM is best for feature subset selection. Keywords Keystroke Dynamics, Z-Score, Feature Selection, Ant colony Optimization (ACO),Particle Swarm Optimization (PSO), Genetic Algorithm (GA), Extreme Learning Machine (ELM).Virtual Key Force,.
View
Feature subset selection in keystroke dynamics using ant colony optimization
Article
Full-text available
  • Sep 2009
The need to secure sensitive data and computer systems from intruders, while allowing ease of access for authenticated users is one of the main problems in computer security. Traditionally, passwords have been the usual method for controlling access to computer systems but this approach has many inherent flaws. Keystroke Dynamics is a relatively new method of biometric identification and provides a comparatively inexpensive and low profile method of hardening the normal login and password process. This paper presents the feature subset selection in Keystroke Dynamics for identity verification, and it reports the results of experimenting Ant Colony Optimization technique on keystroke duration, latency and digraph for feature subset selection. Here, the Ant Colony Optimization is used to reduce the redundant feature values and minimize the search space. Optimum feature subset is obtained using keystroke duration values when compared with the other two feature values.
View
Analysis of Template Update Strategies for Keystroke Dynamics
Conference Paper
Full-text available
  • May 2011
Keystroke dynamics is a behavioral biometrics showing a degradation of performance when used over time. This is due to the fact that the user improves his/her way of typing while using the system, therefore the test samples may be different from the initial template computed at an earlier stage. One way to bypass this problem is to use template update mechanisms. We propose in this work, new semi-supervised update mechanisms, inspired from known supervised ones. These schemes rely on the choice of two thresholds (an acceptance threshold and an update threshold) which are fixed manually depending on the performance of the system and the level of tolerance in possible inclusion of impostor data in the update template. We also propose a new evaluation scheme for update mechanisms, taking into account performance evolution over several time-sessions. Our results show an improvement of 50% in the supervised scheme and of 45% in the semi-supervised one with a configuration of the parameters chosen so that we do not accept many erroneous data.
View
A Parallel Decision Tree-Based Method for User Authentication Based on Keystroke Patterns
Article
Full-text available
  • Sep 2005
We propose a Monte Carlo approach to attain sufficient training data, a splitting method to improve effectiveness, and a system composed of parallel decision trees (DTs) to authenticate users based on keystroke patterns. For each user, approximately 19 times as much simulated data was generated to complement the 387 vectors of raw data. The training set, including raw and simulated data, is split into four subsets. For each subset, wavelet transforms are performed to obtain a total of eight training subsets for each user. Eight DTs are thus trained using the eight subsets. A parallel DT is constructed for each user, which contains all eight DTs with a criterion for its output that it authenticates the user if at least three DTs do so; otherwise it rejects the user. Training and testing data were collected from 43 users who typed the exact same string of length 37 nine consecutive times to provide data for training purposes. The users typed the same string at various times over a period from November through December 2002 to provide test data. The average false reject rate was 9.62% and the average false accept rate was 0.88%.
View
Comparing passwords, tokens, and biometrics for user authentication
Article
Full-text available
  • Jan 2004
For decades, the password has been the standard means for user authentication on computers. However, as users are required to remember more, longer, and changing passwords, it is evident that a more convenient and secure solution to user authentication is necessary. This paper examines passwords, security tokens, and biometrics-which we collectively call authenticators-and compares these authenticators and their combinations. We examine their effectiveness against several attacks and suitability for particular security specifications such as compromise detection and nonrepudiation. Examples of authenticator combinations and protocols are described to show tradeoffs and solutions that meet chosen, practical requirements. The paper endeavors to offer a comprehensive picture of user authentication solutions for the purposes of evaluating options for use and identifying deficiencies requiring further research.
View
View
View
Access control & biometrics
Article
  • Oct 2004
This paper introduces readers to the world of information technology and data security as a part of it. It talks about access control, its components, and levels and types of access control. The paper recognizes the importance of identifying and authenticating any given user in the business areas. Therefore, it gives full attention to biometrics as one of the access control technology and discusses variety and performance of other known techniques; points out the advantages and disadvantages of using them. The paper also presents some real life examples of companies, implementing biometric solutions in their businesses.
View
Biometrics or ... biohazards?
Article
  • Sep 2002
IPSE DIXIT Biometrics as an array of deployable technologies presumes an elaborate infrastructure, including underlying science that justifies its claims of detection, classification, identification and authentication of individual human identities; particularly of those who are runaways, illegal immigrants, fugitives, criminals, terrorists, and so on.This will now too often be literally a matter of life and death, both for the public and the individuals identified.The "New Security Paradigm" emerges from the recognition that the the old paradigm is not securable because it is without scientific substance and/or proof for most of its claims, and composed of inherently inadequate infrastructure, technology, and implementation. Secure biometric applications can't be built from flawed components---one can't make a silk purse from a sow's ear, Irish folk wisdom reminds us. Revolution, not evolution, must be the new paradigm.To make this case, I begin with a detailed consideration of the "the bedrock forensic identifier of the 20th century," fingerprint identification as practiced in the US, the UK and other advanced societies, for more than 100 years, and which has in many cases been used to establish with "absolute certainty" the identity of some who have paid with their lives. I will demonstrate that the US government has not met its own Supreme Court standards of scientific or technical validity for the FBI or any other fingerprint system, despite partially successful legal maneuvering (but nothing of substance) to reinforce this sine qua non of law enforcement.I shall then enumerate by trade-name, when available, the significant failures of fingerprint-, iris-, and face-recognition systems, tested this year in Japan and Germany.The paper concludes with comments on the "bedrock forensic identifier of the 21st century," by an expert witness, the 1993 Nobel Prize winner in Chemistry, and I shall close with a glimpse of the Big Picture, the dismal state of biometrics and related surveillance technology in society at large.
View
Biometrics or biohazards? In: Proceedings of ACM workshop new security paradigms
  • Jm Williams