KEYSTROKE PATTERN
RECOGNITION PREVENTING
ONLINE FRAUD
DANISH JAMIL
Department of Computer Engineering, Sir Syed University of Engineering & Technology, Main University Road, Karachi, Sindh-75300, Pakistan
MUHAMMAD NUMAN ALI KHAN
Department of Computer Engineering, Sir Syed University of Engineering & Technology, Main University Road, Karachi, Sindh-75300, Pakistan
Abstract:
In the past years, global access to information has become available at all time through different network architectures and computers for an ever-changing target of employees, suppliers, and clients. In this sense, Internet has been defining the latest trends for the online companies and their customers. Together with the growth of the role that Internet plays in the continuous extending of the online environment as a potential for business, also increased the chances of online malicious attacks and intrusions. They all have at their basis the stealing of user’s identity. User names and passwords are weak and can always be cracked with a little effort from the attacker's side. Users credentials can be phished, stolen, discovered and hacked in multiple ways. In order to contra-attack the new growing threats, efficient, rapid and reliable means for an automatic recognition of the identity of online users are being developed. Biometric security systems enable more secure authentication methods to access a computer's resources. This paper basically presents a developing biometric access control measure: computer access via keystroke pattern recognition and discusses its direct connection to preventing electronic identity thefts.
Keywords: Keystroke recognition; online fraud; computer access security; pattern recognition; identity thefts; biometric authentication; keystroke dynamics.
1. INTRODUCTION
Organisations are challenged to keep applications and networks secure in the limits of cost-security balance maintenance. Relying on only userID and userPassword to authenticate users is neither practical nor efficient. Traditional security measures like one time passwords, tokens, access cards, PINs or device signatures are expensive, hard to deploy and add an extra difficulty at the applications usage [2]. As we accelerate in the 21st century, new challenges appear. Elaborated measures to stop the unauthorized access to computer resources and information are being developed [1]. The paper presents one safeguard based on authenticated access to resources via recognising some unique patterns in the user's typing rhythm: keystroke recognition. The process of key typing and its rhythm can disclose individual patterns, which combined form the basis of the biometric technology known as keystroke dynamics. Its main purpose is to confirm the identity of the user, rather than uniquely identify it. Keystroke recognition is simple to implement because it supports mainly a software implementation. Due to that, the deployment of systems based on keystroke recognition is made in low-stakes, computer-centric applications such as content filtering or digital rights management where the password to download the info is bolstered with by keystroke dynamic verification to prevent the password sharing. [4].
1.1. Authentication Process
the system to decide if it accepts or rejects the authentication attempt coming from that user. There are four possible results, with the first and the last from the cases being targeted [5]:
Acceptance of authentic (AA) Rejection of authentic (RA) Acceptance of impostor (IA) Rejection of impostor (RI)
The authentication process supports mainly two phases: Identification process
Verification process
Once a user is authenticated, the access to the specific resources will be given based on his credentials. Once authenticated, the vast majority of the existent systems in the online market don't need to demonstrate that the user is the real person claimed through the login process [6]. Despite of this, some few applications have periodical authentication forced upon the user, or they attempt to learn the behaviour of the specific user for automatically detecting unusual patterns deviating from the historical behaviour. Because the authentication process can be altered by phishing, stealing, discovering and cracking the credentials with a direct effect on the identification or verification subprocesses, multi factor authentication and strong biometric identification systems as safeguards are essential for the integrity of the online businesses.
1.2. Keystroke Dynamics: A Better Biometric
Considering the flaws in the authentication process presented in the A section of this chapter, a new biometric is being used as a building brick in developing stronger authentication systems. It is the keystroke dynamic (typing dynamics). Because a user's keystroke timing is unique, it can be successfully used in the verification sub process of the user authentication. The potential of keystroke dynamic is major and its efficiency can be easily understood. The importance of the keystroke dynamics is underlined by the following authentication factors [7]:
what the user knows: user names and passwords, or the additional questions required for identifying the user.
what the user has: cookies used by the majority of websites, or special PIN based cards what the user is: behavioral or physical features of the users themselves
Keystroke dynamics can be collected as a part of the user's normal login process so that multiple challenges, which can make the process longer or more difficult, are not required anymore when a login appears. Keystroke recognition is therefore more simple to use, implement and gives a costeffective solution to strengthen user authentication. [7]
2. METHODOLOGY
Keystroke pattern recognition measures the key down and key up event timings while the user types a text [1]. These measurements can be read from any keyboard and they are used to calculate the dwell time (time between key up and key down events) and the flight time (time between to key up or key down events) as shown in fig 1.
2.1. Keystroke rhythms for biometric authentication. Analysis Methods
A very simple methodology to compare the users keystroke was proposed by Rock Joyce and Gopal Gupta [8].
The methodology starts from the hypothesis that the input is based on two keystroke data with n being the number of latencies:
M= {m1, m2, m3,…,mn} T= {t1, t2, t3,………,tn}
M is the mean reference signature for each user. T is the training signature inputed by the user.
||M-T|| norm is used to have an acceptable difference vector between M and T.
In keystroke recognition, like in all the other biometrics, there can be three classical analysis methods [9]: Euclidian Distance Measure Methodology
This method is based on the distance between pattern vectors. In the case of two N-dimensional vectors, the distance between them will take the form shown in fig. 2
Fig. 2 Euclidian distance's mathematical model
where R=[r1,r2,r3,...,rn] and U=[u1,u2,u3,...,un].
It has a simple mathematical approach; the model is easily adaptable to computer programming. The biggest disadvantage of the Euclidian distance usage is that it has limited possibilities for being improved and extended.
Non-Weighted Probability Methodology
It is based on calculating the score between a reference profile R and unknown profile as in fig. 3 where Sui is defined in fig. 4 and X(u)ij is the jth occurrence of the ith feature of U.
Fig. 3 Score's mathematical model
Fig. 3 Score for each i,j's mathematical model
The score for each ui is based on the probability of observing the value uij in the reference prole R, given the mean (ri ) and standard deviation (ri) for that feature in R. Intuitively we assign higher probabilities to values of ui that are close to ri and lower probabilities to those further away. The “unknown" vector is then associated with the nearest neighbour in the database. [1]
Weighted Probability Methodology
The weighted probability methodology approach uses the weights concept and defines the score between profiles R and U as shown by fig. 5[9], where the weight of the feature ui is the ratio of its occurrences relative to all other features.
Fig.4 Score's mathematical model
Pattern recognition, such as neural network approaches [1] or minimum distance based approaches. The neural networking approach of keystroke dynamics was too expensive to implement. The newer and simpler method [9], based on the minimum distance approach, takes two vectors and tries to find distances for each of them accordingly to Euclidian distance method previously presented. For each, error rate is calculated and the case that returns the minimal error supplies the best classification. ||x-mk|| returns the norm of the new vector [9]. The keystroke dynamic historical results and approaches are captured in TABLE I[5].
TABLE 1
KESYTROKE DYNAMICS RESULTS [5]
Work Algorithm Input Scope Performance
Joyce & Gupta (1990)
Latencies between reference strings using deviation of latency distance vectors
Usernames & Passwords & First/Last names 8 times each 33 users of varying ability FAR 0.25%, FRR 16.36% Obaidat &Macchiarol o (1993)
Latencies between reference strings using neural networks
15 character phrases, 20 times each
6 users 97%
Overall accuracy
Obaidat & Sadoun (1997)
Latencies and key hold times using multiple machine learning algorithms
Usernames 225 times/ day for 8
weeks
15 users N/A
Monroze, Weiter & Wetzel (2001) Bergadano, Gunetti & Picardi (2002) Latencies and key hold times
with an unclear algorithm
Trigraph duration using degree of disorder 8 character Passwords 683 characters, 5 times 20 users 44 users FAR N/A FRR 45% FAR 0.0.4% FRR 4%
BioPassword Parented by Young, 1989
N/A N/A N/A
Finally, an example of system that successfully implements the keystroke dynamics is guided by the following steps ( fig. 6):
Decision making phase Up to date phase
Fig. 5 Keystroke implementing system [9]
2.2. INTEGRATION ISSUES
Keystroke recognition technology is easy to integrate in current environment and processes [11]. The technology is scalable for operating both across the internet and throughout the enterprises. Usually the keystroke dynamic authentication services are installed on an existing authentication server so the installation and integration costs to be minimal. The data collector installed on the client side, is usually a simple web based flash application that takes the data then encrypts it and sends it to the server for further processing. The installation process is minimal, very simple to follow and low cost.
2.3. KEYSTROKE DYNAMICS: PREVENTING ELECTRONIC FRAUD?
Keystroke dynamics used in authentication software delivers a solution that is fast, accurate, and scalable to millions of users, requires no change in user behaviour and is immediately deployable across the organization and the Internet without the need for expensive tokens, cards or other specialized hardware [11]. It is quick and can be a very secure verification of identity. Due to the fact that the user doesn't have to be trained to use it and because it doesn't support an interface so the user doesn't feel the uncomfort of being monitored, and because no additional tokens are needed, just the user's credentials, keystroke recognition is the first choice for any sized business who requires a stronger authentication system. Another advantages of keystroke dynamics based system are that the user rhythm cannot be lost or forgotten neither shared and a password with a biometric print is easily reset [14]. By using keystroke dynamics based systems to monitor and authenticate users, organizations can quickly and cost effectively implement secure access, comply with regulatory requirements, and substantially reduce the risks of fraud.
3. CONCLUSIONS
computer resources and sensitive data. There are numerous applications which can benefit from its success, and additional studies will further validate its use as an identity verifier
4. ACKNOWLEDGMENT
I convey my honest thanks to Mr. Hassan Zaki Lecturer in the Sir Syed University of Engineering and Technology for providing me the leadership and conveniences for this paper. I expand my truthful gratitude to Mr. Muhammad Imran Saleem for his cooperation for presenting this paper. I also extend my sincere thanks to all other faculty members of Sir Syed University of Engineering and Technology and my friends for their support and encouragement.
5. REFERENCES
[1] F. Monrose and A. D. Rubin, “Keystroke Dynamics as a Biometric for Authentication”, Research Paper, AT&T Lab, Amsterdam, The Netherlands, 2000.
[2] N. Roiter, “Keystroke Recognition Aids Online Authentication at Credit Union”, Information Security Magazine,April 2008. [3] (2003) The Electronic Frontier Foundation website. [Online].Available: http://www.eff.org/wp/biometrics-whos-watching-you . [4] K. Revett, “A Bioinformatics Based Approach to Behavioural Biometrics”, pp 665-670, 2007 Frontiers in the Convergence of
Bioscience and Information Technologies.
[5] Andersen, “Biometric Authentication and Identification using Keystroke Dynamics with Alert Levels”, M.Sc. thesis, Oslo University College, Oslo, Norway,May 2007.
[6] “The Business Case for Keystroke Dynamics in Multi-Factor Authentication”, Computer Economics. [Online]. Available: http://www.computereconomics.com/custom.cfm?name=postPaymentGateway.cfm&id=1185&CFID=6843483&CFTOKEN=744713 04.
[7] Rick Joyce and Gopal Gupta, “Identity Authorization Based on Keystroke Latencies”. Communications of the ACM , pp. 168–176, February, 1990.
[8] A. Guven and I. Sogukpinar, “Understanding User’s Keystroke Patterns for Computer Access Security”, Research Paper, Dogus University, Istanbul, Turkey, 2003.
[9] F. Monrose , “Authentication via Keystroke Dynamics.“. Proceedings of 4th ACM conference on Computer and communications security, Zurich, Switzerland, 1997.
[10] J. Pfost, The Science Behind Keystroke Dynamics: Biometric Technology Today, February, 2007, vol . 15. [11] Authentication Solutions Through Keystroke Dynamics, BIOPassword, 2006.
[12] Online Fraud and Theft under Attack with Keystroke Recognition ,ID Control,2007.
[13] E. Lau, X. Liu, C. Xiao and X. You, “Enhanced User Authentication Through Keystroke Biometrics”, final project report, M.I.T., Boston, December, 2004.
[14] N. Bartlow, “Username and Password Verification, through Keystroke Dynamics”, M.S.c. thesis, College of Engineering and Mineral Resources West Virginia, Virginia University, 2005.
![TABLE 1 KESYTROKE DYNAMICS RESULTS [5]](https://thumb-us.123doks.com/thumbv2/123dok_us/9641330.1492097/4.612.90.518.167.654/table-kesytroke-dynamics-results.webp)
![Fig. 5 Keystroke implementing system [9]](https://thumb-us.123doks.com/thumbv2/123dok_us/9641330.1492097/5.612.209.391.102.314/fig-keystroke-implementing-system.webp)
