Keyboard Dynamics Authentication through Contour Map Pattern Matching Technique

This paper attempts at authenticating users in the hardened password mechanism, through the use of contour mapping techniques. Students of the computer science department at the University of Mauritius have been dealing with contour mapping techniques in computer graphics and password mechanisms during their final year. This work aims at introducing them to the development of simple components not only for assignment purposes but also for research purposes. Additionally it encourages them to participate in research through data gathering and analysis. We propose a lightweight, self learning mechanism that is trained with the timing vectors of the owners keystroke dynamics and then later used to discriminate between owners and impostors. Using a prototype implementation of our scheme we evaluate the practical viability of our approach in terms of results achieved, ease of implementation and use. KeywordsBiometric, keystroke dynamics, chain code, pattern matching. Introduction Password is the de facto identity verification technique in the computer security domain. Its inherent simplicity, being based on textual data, has also made it vulnerable to impersonation attacks and hence the need to investigate more advanced safeguards against unauthorised access to computer resources (de Ru & Eloff, 1996). One such safeguard is keyboard dynamics which aims at identifying users based on their habitual typing patterns. It was the aim of this project to investigate the design and development of a real time enhanced password security system through typing biometrics. This mini project/assignment was undertaken by a group of six MSc students at the University of Mauritius. It forms part of the continuous assessment for the module data security. They had six weeks to complete and hand in the report; after which data collection on a larger scale would be carried out. The students have three to four years of core computer experience and have enrolled for an MSc in advance computer science and engineering. The technical requirement for the project was a good mastery of the visual basic language which they have learnt during their undergraduate degree. This will ease accommodating the inherent functions of the language in their written code. Furthermore an understanding of authentication was essential and this was already revisited during the first two weeks of lecture. They were encouraged to interact with academics or those doing research in the field of security/graphics for further information. Biometrics refers to a measurable physical characteristic or personal behavioral trait that is used to recognize the identity Material published as part of this publication, either on-line or in print, is copyrighted by the Informing Science Institute. Permission to make digital or paper copy of part or all of these works for personal or classroom use is granted without fee provided that the copies are not made or distributed for profit or commercial advantage AND that copies 1) bear this notice in full and 2) give the full citation on the first page. It is permissible to abstract these works so long as credit is given. To copy in all other cases or to republish or to post on a server or to redistribute to lists requires specific permission and payment of a fee. Contact [email protected] to request redistribution permission. Keyboard Dynamics Authentication 588 of an individual. Behavioral, the main concern of this paper, concerns traits such as the shape of the vocal cord in a voice scan, dexterity of hands and fingers in a signature. In broad terms it focuses on an action being performed. Typing dynamics stems from observations that the neurophysiological factors which make written signatures unique are also exhibited in a user typing pattern (Joyce and Gupta, 1990) i.e. a user keystroke pattern is highly repeatable but distinct from other users. The sequel is organized as follows: After an introduction to the field of biometrics, we set focus on the system proposed. We then proceed with the classification and identification strategies as well as a brief on chain codes. Our observations and findings are discussed in the subsequent section and finally the paper ends with a discussion on future work which could be carried in this field. Background Theory Biometric systems can be subdivided into two; namely identification and verification. A verification system tries to find a match between the input and those existing in the system database. Most biometric systems do not store a replica of the biometric feature being used, but only a set of measurements (template or code) derived from the raw biometric data itself (Bolle, Connell, Pankati, Ratha, & Senior, 2003). Two samples of the same biometric characteristic from the same person are never exactly the same due to imperfect imaging conditions (e.g., sensor noise and dry fingers), changes in the user’s physiological or behavioral characteristics (e.g., cuts and bruises on the finger), ambient conditions (e.g., temperature and humidity) and also the user interaction with the sensor (e.g. finger placement position and orientation etc.) (Jain, Prabhakar, & Ross, 2004). Compared to traditional password/pin code mechanisms, a binary decision (yes/no) is not possible but only a matching score which indicates the similarity or correlation between the input and stored data. The performance of any biometric system is indicated by the false acceptance rate (FAR) and the false rejection rate (FRR). Basically false acceptance can be considered as accepting an impostor as being the authorized user while false rejection is mistaking two biometric measurements from the same person to be from two different persons. The response of a biometric matching system is given in the form of a matching score (value) that quantifies the similarity between the input and the database template representations. The higher the score, the more certainty exists that the two biometric measurements come from the same person (Barral, Coron, & Naccache, 2004). Acceptance or rejection of a user depends on the score obtained relative to a threshold which varies depending on application and environment being considered. Figure 1 details the trade off between FAR and FRR with varying value of the threshold (t) High-Security Access Civilian Applications Forensic Applications FRR FAR % Error