Professional Documents
Culture Documents
TurnitinOriginalityReport
IMPROVINGNETWORKSECURITY SimilaritybySource
USINGKEYSTROKEDYNAMICSby SimilarityIndex
InternetSources: 43%
MichaelBoakye
58%
Publications: 25%
StudentPapers: 37%
FromThesis(MIT)
Processedon14Oct201613:17GMT
ID:720756931
WordCount:21269
sources:
9%match(studentpapersfrom06Oct2004)
1
SubmittedtoGIACon2004106
8%match(Internetfrom05Jul2012)
2
http://arxiv.org/ftp/arxiv/papers/0910/0910.0817.pdf
5%match(publications)
3
SalimaDouhou."Thereliabilityofuserauthenticationthroughkeystrokedynamics",Statistica
Neerlandica,11/2009
3%match(Internetfrom13Jun2015)
4
http://europepmc.org/articles/PMC3835878
3%match(Internetfrom09Apr2010)
5
http://www.cs.columbia.edu/~hgs/teaching/security/hw/keystroke.pdf
2%match(Internetfrom17May2014)
6
http://www.docstoc.com/docs/13025918/InternationalJournalofComputerScienceand
InformationSecurityPDFPDF
2%match(publications)
7
FrancescoBergadano."Userauthenticationthroughkeystrokedynamics",ACMTransactions
onInformationandSystemSecurity,11/1/2002
2%match(Internetfrom29Dec2010)
8
http://www.checco.com/about/john.checco/publications/2003_Keystroke_Biometrics_Intro.pdf
2%match(Internetfrom18May2015)
9
http://misbiometrics.wikidot.com/keystroke
2%match(Internetfrom27May2008)
10
http://sparrow.ece.cmu.edu/~adrian/projects/keystroke/mid.pdf
1%match(Internetfrom15Sep2008)
11
http://www.it.lut.fi/kurssit/0304/010970000/seminars/Ilonen.pdf
1%match(Internetfrom28Mar2003)
12
http://paris.cs.berkeley.edu/~perrig/projects/keystroke/node4.html
1%match(Internetfrom11Aug2016)
13
https://msdn.microsoft.com/enus/library/cc875826.aspx
1%match()
14
http://avirubin.com/fgcs.pdf
1%match(Internetfrom04Jan2015)
15
http://biometrics.derawi.com/?page_id=14
1%match(Internetfrom19Jul2007)
16
http://infosecurityproductsguide.com/technology/BioPassword_Authentication_Solutions_Whitepaper.pdf
1%match(Internetfrom28Oct2014)
17
http://www.infosecwriters.com/text_resources/pdf/Biometrics_MKamal.pdf
1%match(Internetfrom09May2016)
18
http://www.secureidnews.com/newsitem/keystrokedynamicssecurecomputeraccess/
https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 1/47
10/14/2016 TurnitinOriginalityReport
1%match(Internetfrom09Mar2016)
19
http://www.computereconomics.com/article.cfm?id=1181
1%match(Internetfrom02Dec2011)
20
http://paper.ijcsns.org/07_book/201110/20111029.pdf
1%match(studentpapersfrom31Jan2016)
21
SubmittedtoTylerJuniorCollegeon20160131
1%match(Internetfrom03Apr2014)
22
http://brage.bibsys.no/xmlui/bitstream/handle/11250/143781/Barghouthi,H..pdf?sequence=1
1%match(Internetfrom10Jun2010)
23
http://pi1.informatik.unimannheim.de/filepool/theses/diplomarbeit2006elftmann.pdf
<1%match(Internetfrom13Apr2009)
24
http://answers.yahoo.com/question/index?qid=20080316004824AAPVQp9
<1%match(Internetfrom15Apr2016)
25
http://ijseas.com/volume2/v2i1/ijseas20160125.pdf
<1%match(Internetfrom28Mar2003)
26
http://paris.cs.berkeley.edu/~perrig/projects/keystroke/node5.html
<1%match(studentpapersfrom15Aug2016)
27
SubmittedtoKwameNkrumahUniversityofScienceandTechnologyon20160815
<1%match(Internetfrom10Apr2009)
28
http://www.iu.hio.no/nik07/bidrag/Andersen.pdf
<1%match(Internetfrom21Sep2014)
29
http://ijarcce.com/upload/2013/may/30Manpreet%20kaur
SECURITY%20SYSTEM%20BASED%20ON%20USER.pdf
<1%match(Internetfrom05Jul2014)
30
http://tech.speedway.k12.in.us/Mavis%20Beacon/mavis16_userguide.pdf
<1%match(Internetfrom28Mar2003)
31
http://paris.cs.berkeley.edu/~perrig/projects/keystroke/node1.html
<1%match(Internetfrom22Apr2016)
32
http://searchsecurity.techtarget.com/answer/Whataretheprosandconsofusing
keystrokedynamicbasedauthenticationsystems
<1%match(Internetfrom24May2009)
33
http://www.bostonkrownrecords.com/systemanalysisanddesign/
<1%match(Internetfrom25Aug2015)
34
http://www.cccblog.org/2012/03/20/updatebypassingthepassword/
<1%match(studentpapersfrom14Jun2016)
35
SubmittedtoKwameNkrumahUniversityofScienceandTechnologyon20160614
<1%match(publications)
36
Kumar,G.Vinoth,K.Prasanth,S.GovinthRaj,andS.Sarathi."Fingerprintbased
authenticationsystemwithkeystrokedynamicsforrealisticuser",SecondInternational
ConferenceonCurrentTrendsInEngineeringandTechnologyICCTET2014,2014.
<1%match(studentpapersfrom15May2013)
37
SubmittedtoUniversityofCentralLancashireon20130515
<1%match(Internetfrom21Aug2008)
38
http://dmlab.snu.ac.kr/ResearchPapers/%5BChoS_HanC_HanD_KimH%5D(2000)Web_based_Keystroke_Dynamics_Identify_Verification_using_
<1%match(publications)
39
https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 2/47
10/14/2016 TurnitinOriginalityReport
M.Sun."Afastmemorylessintervalbasedalgorithmforglobaloptimization",Journalof
GlobalOptimization,09/19/2009
<1%match(Internetfrom23Jan2013)
40
http://www.articlecape.com/73219/371/TWELVEESSENTIALSTEPSFORSOFTWARE
TESTINGLIFECYCLE.html
<1%match(Internetfrom22Sep2010)
41
http://answers.yahoo.com/question/index?qid=20080228033707AAEZkKx
<1%match(Internetfrom19Apr2010)
42
http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci1318629,00.html
<1%match(studentpapersfrom10Feb2016)
43
SubmittedtoOctoberUniversityforModernSciencesandArts(MSA)on20160210
<1%match(studentpapersfrom19Feb2010)
44
SubmittedtoIntercomProgramming&ManufacturingCompanyLimited(IPMC)on2010
0219
<1%match(Internetfrom18Apr2011)
45
http://statmath.wu.ac.at/courses/dataanalysis/itdtHTML/node58.html
<1%match(Internetfrom11Aug2009)
46
http://lennon.csufresno.edu/~sugarrash/comm165.ppt
<1%match(Internetfrom23Jul2014)
47
http://www.google.com/patents/US7620819
<1%match(Internetfrom04Apr2012)
48
http://iiteeeestudents.wordpress.com/2011/08/28/advantagesanddisadvantagesofvisual
basic/
<1%match(Internetfrom07Apr2016)
49
http://www.ijarcsse.com/docs/papers/Volume_6/3_March2016/V6I30151.pdf
<1%match(studentpapersfrom25May2012)
50
SubmittedtoUniversityofSunderlandon20120525
<1%match(publications)
51
VenkateswaranShanmugapriya."KeystrokeDynamicsAuthenticationUsingNeuralNetwork
Approaches",CommunicationsinComputerandInformationScience,2010
<1%match(publications)
52
AbdulmotalebSaddik."UsingHapticInterfacesforUserVerificationinVirtualEnvironments",
2006IEEESymposiumonVirtualEnvironmentsHumanComputerInterfacesand
MeasurementSystems,07/2006
<1%match(Internetfrom09Mar2012)
53
http://www.slideshare.net/sachin.mk/softwaretestingtechniques10128036
<1%match(publications)
54
Highlander,Tyler,DaleBassett,andDerekBoone."Utilizationofkeyboarddynamicsfor
uniqueidentificationofhumanusers",NAECON2014IEEENationalAerospaceand
ElectronicsConference,2014.
<1%match(studentpapersfrom28Jun2016)
55
SubmittedtoSaintPaulUniversityon20160628
<1%match(Internetfrom04Feb2009)
56
http://www.thegiftsuite.com/teachestyping.html
<1%match(studentpapersfrom16Dec2010)
57
SubmittedtoUniversityofGreenwichon20101216
<1%match(studentpapersfrom26May2015)
58
SubmittedtoKwameNkrumahUniversityofScienceandTechnologyon20150526
<1%match(Internetfrom18Apr2013)
https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 3/47
10/14/2016 TurnitinOriginalityReport
59 http://www.ijest.info/docs/IJEST110310177.pdf
<1%match(studentpapersfrom24May2013)
60
SubmittedtoUniversityofBedfordshireon20130524
<1%match(publications)
61
KhalidSaeed."AKeystrokeDynamicsBasedSystemforUserIdentification",20087th
ComputerInformationSystemsandIndustrialManagementApplications,06/2008
<1%match(studentpapersfrom03Nov2015)
62
SubmittedtoUniversityofDuhokon20151103
<1%match(studentpapersfrom06Apr2010)
63
SubmittedtoINTIUniversityCollegeon20100406
<1%match(studentpapersfrom27May2009)
64
SubmittedtoUniversityofGreenwichon20090527
<1%match(studentpapersfrom15Dec2009)
65
SubmittedtoUniversityofGreenwichon20091215
<1%match(studentpapersfrom28May2010)
66
SubmittedtoUniversityofAbertayDundeeon20100528
<1%match(publications)
67
ZheJin."Typingdynamicsbiometricauthenticationthroughfuzzylogic",2008International
SymposiumonInformationTechnology,08/2008
<1%match(publications)
68
Fernuik,Neal,andMoirHaug."EvaluationofInSituPermeabilityTestingMethods",Journal
ofGeotechnicalEngineering,1990.
<1%match(Internetfrom30Apr2016)
69
http://uir.unisa.ac.za/bitstream/handle/10500/14658/dissertation_nkomo_g.pdf?sequence
<1%match(Internetfrom27Jun2010)
70
http://www3.uji.es/~badia/pubs/carnahan99.pdf
<1%match(Internetfrom25Jul2013)
71
http://tobbynews.com/simplephploginscript.html
<1%match(studentpapersfrom23Oct2015)
72
Class:MIT
Assignment:
PaperID:589193085
<1%match(studentpapersfrom06May2010)
73
SubmittedtoUniversityofWarwickon20100506
<1%match(Internetfrom23Nov2009)
74
http://www.docjax.com/search/index.shtml?q=activity%20based%20cost
<1%match(Internetfrom13Oct2010)
75
http://uni.mcurry.co.uk/FYP/Final%20Year%20Project%20%20Dissertation%20(Report).doc
<1%match(studentpapersfrom12Nov2006)
76
SubmittedtoUniversityofWollongongon20061112
<1%match(studentpapersfrom03Jun2014)
77
SubmittedtoUniversityofGreenwichon20140603
<1%match(Internetfrom29Sep2010)
78
http://dmlab.snu.ac.kr/ResearchPapers/E.YuIEA2003.pdf
<1%match(Internetfrom01Jun2010)
79
http://wiki.answers.com/Q/Q3_What_is_systems_analysis_and_systems_design_Discuss_in_detail
https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 4/47
10/14/2016 TurnitinOriginalityReport
<1%match(studentpapersfrom04Nov2012)
80
SubmittedtoUniversityofEastLondonon20121104
<1%match(studentpapersfrom13Nov2009)
81
SubmittedtoSheffieldHallamUniversityon20091113
<1%match(Internetfrom18Nov2015)
82
http://ir.knust.edu.gh/bitstream/123456789/4475/1/Adams%20Abudu%20thesis.pdf
<1%match(publications)
83
JHCPretorius."AFrameworkforIncreasingProjectMaturityandCapabilityinSouthern
Africa",PICMET072007PortlandInternationalConferenceonManagementof
Engineering&Technology,08/2007
<1%match(Internetfrom10Apr2011)
84
http://cs.unc.edu/~fabian/papers/acm.ccs6.pdf
<1%match(Internetfrom22Apr2016)
85
http://ir.knust.edu.gh/bitstream/123456789/4835/1/Mark%20A.%20Dwamena.pdf
<1%match(Internetfrom27Feb2016)
86
http://divaportal.org/smash/get/diva2:829396/FULLTEXT01.pdf
<1%match(Internetfrom13Feb2016)
87
http://aisel.aisnet.org/cgi/viewcontent.cgi?article=1077&context=ecis2001
<1%match(Internetfrom10Jun2016)
88
http://casmodeling.springeropen.com/articles/10.1186/s4029401400059
<1%match(publications)
89
Akila,M.,andS.S.Kumar."Improvingfeatureextractioninkeystrokedynamicsusing
optimizationtechniquesandneuralnetwork",InternationalConferenceonSustainable
EnergyandIntelligentSystems(SEISCON2011),2011.
<1%match(publications)
90
EncyclopediaofBiometrics,2015.
<1%match(publications)
91
Talukder,."SecurityinSoftwareSystems",ArchitectingSecureSoftwareSystems,2008.
<1%match(publications)
92
K.M.S.Soyjaudah."EnhancingperformanceofBayesclassifierforthehardenedpassword
mechanism",AFRICON2007,09/2007
<1%match(studentpapersfrom11Nov2011)
93
SubmittedtoCityofBathCollege,Avonon20111111
<1%match(publications)
94
Chandrasekar,V.,andS.SureshKumar."Adexterousfeatureselectionartificialimmune
systemalgorithmforkeystrokedynamics",StochasticAnalysisandApplications,2016.
<1%match(publications)
95
FabianMonrose."Passwordhardeningbasedonkeystrokedynamics",InternationalJournal
ofInformationSecurity,02/01/2002
papertext:
82KWAMENKRUMAHUNIVERSITYOFSCIENCEANDTECHNOLOGY,
KUMASI,GHANA
IMPROVINGNETWORKSECURITYUSINGKEYSTROKEDYNAMICSACASESTUDYATANGLICAN
SENIORHIGHSCHOOLBYBoakyeObengMichael
72(B.EdInformationTechnology)AThesisSubmittedtotheDepartmentof
ComputerScience,Collegeof
https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 5/47
10/14/2016 TurnitinOriginalityReport
Sciences
27InpartialfulfillmentoftherequirementforthedegreeofMPHILINFORMATION
TECHNOLOGYNovember,2016iIherebydeclarethatthissubmissionismy
ownworktowardstheMPHILandthat,tothebestofmyknowledge,it
containsnomaterialpreviouslypublishedbyanotherperson,normaterial
whichhasbeenacceptedfortheawardofanyotherdegreeoftheUniversity,
exceptdueacknowledgmenthasbeenmadeinthetext.
..StudentName&ID
..Signature
..DateCertifiedby:
..Supervisor(s)Name
Signature
DateCertifiedby
.HeadofDepartmentName
Signature
..Dateii
ABSTRACTNetworkadministratorsand
16securityprofessionalsknowthatrelyingononlyuserIDanduser
Passwordtoauthenticateusersissimplynotpracticallyeffective,
especiallywherenetworksecurityisatstake.
19Atechniqueknownaskeystrokedynamics(or,typingdynamics)is
emergingasaneffectivewaytostrengthenuserauthentication.Keystroke
dynamicsisadetaileddescriptionofthetimingofkeydownandkeyupevents
whenusersenterusernames,passwords,oranyotherstringofcharacters.
Becauseauser'skeystroketimingsareaspersonalashandwritingora
signature,keystrokedynamicscanbeusedaspartofaschemetoverifya
user'sidentity.Thatis
the
18ideabehindkeystrokedynamics.Someresearchersanddevelopershavebuilt
manytechniquesaroundusingthiskeystrokedynamicsbiometricasaformof
authentication
18toWebbasedapplications,emailandnetworks.
Thisresearchprojectseekstoprovideimprovedtechniqueovertheworksoftheseresearchersand
developers,providingsecondlayerofsecuritytousersidentityauthenticationandverificationprocess,
usingkeystrokedynamicsontheuserscomputerratherthaninculcatinginnetworkserverauthentication
process.AresultantsoftwareapplicationfromthisresearchprojectisnamedBioNetLogondevelopedin
VB.Netenvironment.Itcomeswithinterfacesthatauthenticateusers(againstdatabaseofuserskeystroke
patterns)afterwindowslogonstage,whilstcontrollingtheuserscomputernetworkservicestoensurethat
onlysuccessfulauthenticatedusergetsaccesstotheWindowsdesktopaswellasnetworkresourcesof
his/hercomputer.Otherwise,theuserisblockedfromgettingaccesstothenetworkenvironmentwiththe
networkservicesdisabled.
55iiiTABLEOFCONTENTS
ABSTRACT...................................................................................................................................
iiiCHAPTER1
...................................................................................................................................1
INTRODUCTION
..........................................................................................................................11.1
Objectives
.................................................................................................................................4
1.2ProblemStatement
https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 6/47
10/14/2016 TurnitinOriginalityReport
....................................................................................................................41.3
Research
Questions...................................................................................................................5
1.4Background
...............................................................................................................................61.5
Justification...............................................................................................................................81.7
Limitation................................................................................................................................
6910CHAPTER2
.................................................................................................................................11
LITERATUREREVIEW
.............................................................................................................112.1Biometric
Measurements........................................................................................................11
2.2ResearchFieldandSubjectofStudy
......................................................................................122.
2.1EaseofUse..........................................................................................................................142.2.2
FeaturesUsedwithKeystrokeDynamics............................................................................142.2.3Typing
Speed.......................................................................................................................162.3Technologies
...........................................................................................................................162.4Verification
Techniques..........................................................................................................172.5Methodsand
Metrics...............................................................................................................182.5.1StaticatLogin
......................................................................................................................182.5.2Periodicand
ContinuousDynamics.....................................................................................182.5.3Keywordand
ApplicationSpecifics....................................................................................182.5.4DigraphandTrigraph
Latencies..........................................................................................192.6Performance
Measures............................................................................................................192.7KeystrokeAnalysis
Approaches.............................................................................................202.8SecurityofKeystroke
Dynamics............................................................................................222.8.1ShoulderSurfing
..................................................................................................................232.8.2RecordingUsers
Information...............................................................................................232.8.3SocialEngineering
...............................................................................................................242.8.4GuessingandBrute
Force....................................................................................................24iv2.8.5Dictionary
Attack.................................................................................................................252.9FalseAlarmandan
ImposterPassRate..................................................................................252.10KeystrokeandDurations
Latencies......................................................................................272.11Latency
Patterns....................................................................................................................292.12Latency
Observation.............................................................................................................302.13Typing
Error..........................................................................................................................322.14Classifications
ofUsers.........................................................................................................332.15TypingTask
..........................................................................................................................332.16ReliabilityofUser
Authentication........................................................................................342.16.1DwellandFlightTime
Calculations..................................................................................372.17PasswordHardening
.............................................................................................................382.18CommercialImplementation
ofKeystrokeDynamics.........................................................402.19ApplicationsUnderKeystroke
Dynamics............................................................................422.20Lessonsand
Conclusion........................................................................................................44CHAPTER3
.................................................................................................................................46METHODOLOGY
ANDDESIGN..............................................................................................463.1Review
....................................................................................................................................463.2System
Analysis......................................................................................................................473.3Requirements
Gathering.........................................................................................................483.3.1Samplingof
ExistingDocumentsandEvents......................................................................483.3.2Interviewwiththe
StaffoftheSchool.................................................................................483.3.3Observationofthe
WorkingEnvironment...........................................................................493.3.4Testingoftheoldsystem
.....................................................................................................493.3.4.2BruteForce
Attack............................................................................................................513.3.4.3SocialEngineering
Attack................................................................................................523.3.4.4Recordinguserinformation
Attack...................................................................................543.4DescriptionofthenewSystem
...............................................................................................553.5TheSoftwareDevelopmentLifecycle
(SDLC)......................................................................563.6.1TheWaterfallModel
Diagram.............................................................................................573.6.2ProjectVersionofthe
WaterfallModel...............................................................................583.7ExplanationofModifiedWaterfall
Model.............................................................................593.8NonFunctionalRequirementsofthe
System.........................................................................59v3.8.1BusinessRules
.....................................................................................................................603.9Functional
Requirements........................................................................................................603.10TheUseCase
Models...........................................................................................................603.10.1UseCaseSurvey
................................................................................................................613.10.2UseCasesDescription
https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 7/47
10/14/2016 TurnitinOriginalityReport
.......................................................................................................613.10.3UseCase
Diagram..............................................................................................................623.11ContextDiagram,
DataFlowDiagramsandEntityRelationalDiagrams............................633.12DataFlow
Diagram...............................................................................................................643.13MainArchitecture
Design.....................................................................................................653.14ProcessAnalysis
...................................................................................................................663.16.1Context
Diagram................................................................................................................663.15The
Algorithm.......................................................................................................................673.15.1The
SystemAlgorithm.......................................................................................................673.15.2SystemFlow
Chart.............................................................................................................683.16TheLogon
Process................................................................................................................693.17BackEndDesign
..................................................................................................................693.18FrontEnd
Design..................................................................................................................703.29Technical/
HardwareRequirements.....................................................................................703.20Hardware
Equipment............................................................................................................713.21
Testing...................................................................................................................................713.21.1
StaticandDynamicTesting...............................................................................................723.22
Implementation.....................................................................................................................733.22.1
ShoulderSurfing................................................................................................................733.22.2
RecordingUserInformation..............................................................................................753.22.3Social
Engineering.............................................................................................................773.22.4Guessingand
BruteForce..................................................................................................793.22.5Dictionary
Attack...............................................................................................................81CHAPTER4
.................................................................................................................................82
Analysis.........................................................................................................................................824.3.1
Uniqueness...........................................................................................................................854.3.2
TransparencyandNoninvasiveness....................................................................................854.3.3
IncreasePasswordStrengthandLifespan............................................................................85vi4.3.4
ReplicationPreventionandAdditionalSecurity..................................................................864.3.6
Disadvantages......................................................................................................................864.3.7
SystemEvaluationCriteria..................................................................................................874.3.8
Effectiveness........................................................................................................................874.3.9
Efficiency.............................................................................................................................884.3.10
AdaptabilityandRobustness..............................................................................................88CHAPTER5
.................................................................................................................................89Conclusion
....................................................................................................................................895.1Summaryof
theResearch.......................................................................................................905.1.1
Findings................................................................................................................................905.1.2
Recommendations................................................................................................................915.2Areaof
application..................................................................................................................925.3Further
work............................................................................................................................92REFERENCES
.............................................................................................................................93
Appendix.......................................................................................................................................99viiLIST
OFTABLESTable.1:ApproachestoKeystrokeAnalysis...19
39Table.2:Summaryoftestresultsfor
shouldersurfingattackexperiment....................................47
68Table.3:Summaryoftestresultsforguessingand
bruteforceattackexperiment........................48
39Table.4:Summaryoftestresultsfor
socialengineeringattackexperiment.................................50
39Table.5:Summaryoftestresultsfor
recordinguserinformationattackexperiment...................59Table.6:UseCase
survey..............................................................................................................58Table.7:UseCase
Description......................................................................................................58Table.8:Hardware
requirements...................................................................................................68
39Table.9:Summaryoftestresultsfor
shouldersurfingattackexperiment....................................71
https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 8/47
10/14/2016 TurnitinOriginalityReport
39Table.10:Summaryoftestresultsfor
recordinguserinformationattackexperiment.................73
39Table.11:Summaryoftestresultsfor
socialengineeringattackexperiment...............................75
39Table.12:Summaryoftestresultsfor
guessingandbruteforceattackexperiment......................77viiiLISTOFFIGURESFigure.1:Dwelland
FlightTimeCalculation....34Figure.2:TheWaterfallModel
Diagram......................................................................................54Figure.3:ProjectVersionofthe
WaterfallModel........................................................................55
77Figure.4:UseCaseDiagram
.........................................................................................................59Figure.5:Data
FlowDiagram.......................................................................................................61
Figure.6:
MainArchitectureDesign.............................................................................................62Figure.7:Process
Analysis............................................................................................................63ixABBREVIATIONSALT
AlternativeATMAutomatedTellerMachineCCTVClosedcircuitTelevisionCERCrossOverRate
62DNADeoxyribonucleicacidEEREqualErrorRateEREntityRelationFAR
FallsAcceptanceRate
62FNMRFalseNonMatchRateFRRFallsRejectionRate
IDIdentityIDEInteractive
75DevelopmentEnvironmentIEEEInstituteofElectricalandElectronics
EngineersIPInternetProtocol
IPRImpostorPassRatePINPersonnelIdentificationNumberRADRapidApplicationDevelopment
SDKSoftwareDevelopmentKitSDLCSoftwareDevelopmentLifecyclesTCPTransmissionControl
ProtocolxCHAPTER1INTRODUCTION
16Organizationsarechallengeddailytokeepapplicationsandnetworks
securedwhilemaintainingabalancebetweenusability,securityandcost.
Informationmustbeaccessibleatalltimesthroughdiversecomputingand
networkingarchitecturesforaneverchangingpopulationofstudents,teachers
andnonteachingstaff.Withthesechallengescomesubstantialsecurity
requirementsforverifyingidentities,protectingdata,ensuringprivacy,proving
compliance,andshieldingtheschoolfromgrowinginternalandexternalfraud.
13Theprimarytaskofanattackerwhohasinfiltratedanetworkistoinitiate
escalationofprivilegesthatishowanattackerattemptstogainmoreaccess
fromtheestablishedfootholdthattheyhavecreated.Afteranescalationof
privilegeshasoccurred,thereislittlelefttostopanintruderfromwhatever
intentthatattackerhas.Attackerscanusemanydifferentmechanismsto
achieveanescalationofprivileges,butprimarilytheyinvolvecompromising
existingaccounts,especiallythosewithadministratorequivalentprivileges.
Mostbusinessesorcorporate
13networksoftenemploysomemeasureofsecuritycontrolsoverstandarduser
accounts,butoftendonotexertmanycontrolsoverserviceaccounts,thereby
https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 9/47
10/14/2016 TurnitinOriginalityReport
makingsuchaccountsvulnerableandpopulartargetsforattackers.Afteran
attackerhascompromisedanetworktothepointwhereacriticalaccountwith
highprivilegesiscompromised,theentirenetworkcanneverbeconsideredas
completelytrustworthyagainunlessitisflattenedandcompletelyrecreated.
Thereforethelevelofsecurityforallmannerofaccountsisaveryimportant
aspectofanynetworksecurityinitiative.Asidefromtherisksthatexternal
threatsposetoabusinessnetwork,internalthreatsalsohavethepotentialto
causeagreatdealofharm.Internalthreatsembodynotonlymalicioususers
butalsothosewhomightcauseunintentionalharm.Theseeminglyinnocuous
attemptstocircumventsecuritymeasuresbyusersthatseekaccessto
resourcesarebutoneexample.Alltoooften,usersandservicesaregranted
accesstogreaterprivilegesthannecessaryforreasonsofconvenience.
Althoughthisapproachguaranteeusershaveaccesstotheresourcesthey
needtodotheirjobs,italsoincreasestheriskofasuccessfulattackuponthe
network.
Networkadministratorsand
16securityprofessionalsknowthatrelyingononlyuserIDandpasswordto
authenticateusersissimplynotpracticallyeffective.Thesuccessofcostlyand
highlyvisibleattacks(includingphishing,keystrokelogging,spyware,and
simplebruteforcepasswordcracks)onbothprivateand
publicnetworks,
16withsensitiveandvaluableinformationcontinuestogainmomentumand
garnerglobalattention.Responsiblecorporatemanagementandgovernment
legislationarenowmandatingsecuritystrategiesincorporatingmultifactor
authenticationcombiningsomethingyouknow(apasswordorpassphrase)
withsomethingyouare(abiometric)orsomethingyouhave(eg.asmartcard).
19Atechniqueknownaskeystrokedynamics(or,typingdynamics)is
emergingasaneffectivewaytostrengtheninguserauthentication.Keystroke
dynamicsisadetaileddescriptionofthetimingofkeydownandkeyupevents
whenusersenterusernames,passwords,oranyotherstringofcharacters.
Becauseauser'skeystroketimingsareaspersonalashandwritingora
signature,keystrokedynamicscanbeusedaspartofaschemetoverifya
user'sidentity.
The
37ideabehindKeystrokeDynamicshasbeenaroundsinceWorldWarII.Itwas
welldocumentedduringthewarthattelegraphoperatorsonmanyU.S.ships
couldrecognizethesendingoperator.KnownastheFistoftheSender,the
uniquenessinthekeyingrhythm,coulddistinguishoneoperatorfromanother.
15Everyhumanbeingwhousesthecomputeralsousesakeyboard.The
keyboardisplacedseparatelyinfrontofthemonitor,attachedinsidethe
laptoporeveninthesmartphones.Somepeoplewriteslowly,othersfast.The
typingrhythmmightchangeovertime,dependingonthemoodandtimeofthe
day.Biometrickeystrokerecognitionisthetechnologyofrecognizingpeople
fromthewaytheytype.Byusingdifferentdataanalysistechniques,itmightbe
thateveryhumanbeinghasauniquewayoftyping.
15Researchingatdifferentmethodologiestoanalysethefeaturesofkeystroke
isincreasing
https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 10/47
10/14/2016 TurnitinOriginalityReport
sincetheWorldWarIIandbecoming
15popularareaofresearchinkeystrokebiometrics.Featureextractionfrom
typingiscrucialfortheefficientkeystrokerecognition.Throughouthistory,
manydifferentfeatureswereusedsuchaslatency,duration,pressure,etc.
Astudyofvariousresearchworksdepictsthat
22therearetwotypesofkeystrokedynamics.Thefirstoneisstatickeystroke
dynamicsinwhichthekeystrokesareanalysedonlyatspecifictimese.g.
duringlogin.Thesecondoneiscontinuouskeystrokedynamicsinwhichthe
typingcharacteristicsareanalysedduringacompletesession.Static
approachesprovidemorerobustuserverificationthansimplepasswords.
Howeverstaticmethodsdonotprovidecontinuoussecurity,specificallythey
cannotdetectsubstitutionoftheuseraftertheinitialverification.Continuous
verificationmonitorstheuserstypingbehaviourthroughoutthesession.
Thereforeitcanbeusedtodetectuncharacteristictypingrhythmcausedby
saydrowsiness.Alotofreportscanbefoundonkeystrokedynamicsdealing
withastaticauthentication.LesscanbefoundonKeystrokedynamicsbased
oncontinuousauthentication.
1.1Objectives
18Apersonstypingpatternscanbeasuniqueasafingerprintorsignature.
Thatstheideabehindkeystrokedynamics.Someresearchersanddevelopers
havebuiltmanytechniquesaroundusingthiskeystrokedynamicbiometricasa
formofauthentication
18toWebbasedapplications,emailandnetworks.
Thisresearchprojectseekstoprovideanimproved
89techniquetouseridentityauthenticationusingkeystrokedynamics
thatwillcheck
88toensurethatonlyauthenticatedusershaveaccesstothenetworkand
withoutwastingnetworkbandwidthbyprocessingallthekeystrokedynamicsissuesontheworkstationor
localmachine.Onfailuretoconfirmauthentication,theauthenticationsystemorapplicationwillblockthe
workstationmachinedesktop,therebypreventingtheintruderfromloggingontothesystem.1.2Problem
StatementAccesstoATMisusuallycontrolledbypasswordsorPINs.AftertheuserentershisusersID
(hiscard)inanATMmachine,theuserwillbeaskedtoenterhisPINorpassword.Themainproblem
appearswhenauserloseshiscardandthecardfallsinthewronghands,theguessingofPINor
passwordcanbepossibleaftermanytries.Sogettingholdofacard(withoutknowingthepassword)does
notnecessarilyallowaccesstothecardowneraccount.However,currentlyifanimpostergetsboththe
cardandpasswordofanaccountowner,thereisnowaytostoptheimposterfromusingthecardand
cashingmoneyfromtheaccount.TheuserID(card)andPIN(password)areavailabletothelegitimate
userandtotheimposter,howtostoptheimposterandtoallowthelegitimateusertoaccessthesystem.
Inthesamemanner,ifahackersucceedsinhavingaccesstoanetworkedcomputernothingcanstop
himfrompretendingtobeanauthorizeduseronthatcomputer,andinheritalltheprivilegesoftheuser
whoseaccounthehashijacked.Thisscenariocanaffordthecrackersomerightstolaunchmalicious
attackonthenetworkresources.Exceptsomehowalluseractivities(onthecomputer)arestopped,or
deactivatedpendingcurrentusersverificationandauthorization.
34Continuousmonitoringofausersbehaviourisanessentialelementof
useridentityauthenticationusingkeystrokedynamicsinnetworksecurity.
34Becauseoftheconventionalpasswordbasedsystemsusedtoday,thereis
practicallynowaytoverifythattheuseroriginallyauthenticatedistheuserstill
https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 11/47
10/14/2016 TurnitinOriginalityReport
incontrolofthekeyboard.
Networksecurityisusuallyfocusedonessentialnetworkresourcessuchasservers,networked
computers,datastoragedevices,inputandoutputdevices.Userauthenticationpartofthenetwork
securityusuallyoccursatloginstage.Continuousauthenticationispracticallyoutofthewayinaserver
clientmodel.Thereisnowaythenetworkgateway(orservers)orfirewallmayperiodicallyrequestforany
formofuserauthenticationinothertoascertain
34thattheuseroriginallyauthenticatedisthesameuserstillincontrolofthe
keyboard.
Implementationofthismayincreasenetworklatencies,accesstoserverornetworkresourcesmaybe
interruptedunexpectedly,andsometimescausepacketretransmission,creatingheavytrafficintheentire
network.Therefore,theoreticallyitwillbeexpedienttoresttheauthenticationtechniqueontheworkstation
ratherthanonanetworkserverorterminal.Currently,thekeystrokedynamicstechniquesormethodsin
themarketwerenotdevelopedwithcontinuousnetworkbasedremoteauthenticationinmind.Itisupon
thisproblemthatthisresearchprojectturnstoprovideanimprovedsolutionforsteadiernetworksecurity.
1.3ResearchQuestionsCananentirenetworklogicalconnectionbecomeslessbusy,withloadof
keystrokedynamicsauthenticationtraffic,tryingtoauthenticateeveryoneonthenetwork?Theuseof
behavioural
23traitratherthanphysiologicalcharacteristicsasasignofidentityhas
limitations,
cankeystrokedynamicssolvethisproblem?.Cankeystrokedynamicsimplementationmadecheaper
since
92theonlyhardwarerequiredisakeyboard,which
makesitalmostfree?1.4BackgroundSecuring
20sensitivedataandcomputersystemsbyallowingeaseofaccessto
authenticatedusersandwithstandingtheattacksofimpostersisoneofthe
majorchallengesinthefieldofcomputersecurity.IDandpasswordarethe
mostwidelyusedmethodforauthenticatingthecomputersystems.Butthese
methodshavemanyloopholessuchaspasswordsharing,shouldersurfing,
bruteforceattack,dictionaryattack,guessing,phishingandmanymore.
KeystrokeDynamicsisoneofthefamousandinexpensivebehavioural
biometrictechnologies,whichidentifiestheauthenticityofauserwhenthe
userisworkingviaakeyboard
andnotapreytomalicioushackingorcrackingfeast.
20UserAuthenticationpreventsunauthorizedaccessofinformationwhen
providinginformationsecurity.Thisisdoneforthepurposeofperforming
trustedcommunicationsbetweenparties
(Joyceetal,1990).
20Userauthenticationisbasedonthreecategories:Knowledgebased
ObjectorTokenbasedBiometricbased
8Biometricsisthestatisticalanalysisofbiologicalobservationsand
phenomena.Biometricmeasurementscanbeclassifiedasphysicaland
behavioural.
8KeystrokeDynamics,beingabehaviouralmeasurement,isapatternexhibited
byanindividualusinganinputdeviceinaconsistentmanner.Raw
measurementsalreadyavailablebythestandardkeyboardcanbemanipulated
https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 12/47
10/14/2016 TurnitinOriginalityReport
todetermine:Dwelltime(thetimeonekeepsakeypressed)andFlighttime
(thetimeittakesapersontojumpfromonekeytoanother).Variationsof
algorithmsdifferentiatebetweenabsoluteversusrelativetiming.Thecaptured
dataisthenanalysedtodetermineaggregatefactorssuchas:Rhythm,Content,
SpatialCorrections,andConsistency.Thisisthenfedthroughasignature
processingroutine,whichdeducestheprimary(andsupplementary)patterns
forlaterverification.Userauthenticationisonewayto
achievethis.The
38biometricbasedapproachesarefreefromloss,theftormemoryproblems.
Buttheyarenotperfect,andinvolvetwotypesoferrors.Falseacceptrate
(FAR)denotestheratethatanimposterisallowedaccess.Falserejectrate
(FRR)denotestheratethatthelegitimateuserisdeniedaccess.
8KeystrokeDynamicshasalreadyfounditswayintomanyareasinthepast
fewyears.Forcorporations,thistechnologyhasfoundusesinNetwork
Security(singlesignon,multipasswordmanagement,RADIUS,application
accessanddocumentcontrolmanagement)aswellasAssetIdentification
(onlinetraining,documentsigning,softwarelicensing).Oneofthe
manywaystoimprovenetworksecurityistocontrolnetworkaccessonnetworkclients,bycontrolling
networkservicesandprotocolsrunningontheclient.Clientservermodelsusuallyinvolvetheclient
initiatingconnectiontotheserverthroughspecialauthenticationtoken.Onmeetingspecificconditions,the
clientnodeiseither
90grantedorrefusedaccesstothenetwork(orthe
server)resources.However,anetworknodewhichisphysicallyconnectedtoanetwork,canbe
configuredwiththenetworkIP/TCPcredentials(incaseofstaticIPconfiguration)inothertohaveaccess
tothenetwork.Gettingaccesstoresourcesavailableontheothernetworknodes(includingtheserver)
dependsonconditionsavailableonthatnetworknode.Throughmanyavailablehackingandcracking
techniques,unauthorizednetworknodebeingintroducedtoanetworkinthismannermaybefreeto
launchmaliciousattackonthenetworkitself(oronspecifictargets)therebycompromisingthenetwork
security.Keystrokedynamicsauthenticationcanbeappliedtoimprovenetworksecuritybycontrollinguser
accessonnetworknodethroughauthenticationandverificationmechanism.1.5Justification
28Authenticationandverificationofusersincomputersecurityareareas
whichgainsalotofattention.Areasonforthisisthehighnumberofinside
attacks,wherealreadyauthenticateduseraccountsareusedtogainaccessto
prohibitedinformationorprivileges.Sessionhijacking,password
stealing/guessingorperimeterpossessionareexamplesofareaswhere
ordinaryauthenticationhasbeenknowntofail.Asecretpasswordandpublic
usernameisthemostwidespreadauthenticationandverificationscheme
used.
32Biometricsareconsideredoneofthetoughestauthenticationsystemsto
break,becausetheyarethehardesttospooforduplicate,unlikeuserIDsand
passwords,whichcanbeeasilystolenandused.
32Combiningtwoauthenticationfactorstogethercreatesanadditionallayerof
defenseforasystem.Ifattackersbreakthroughonefactor,theystillhavethe
secondonetocrackbeforegainingmaliciousaccess.
Inthisresearchwork,keystrokedynamicsapplication(inMicrosoftWindows.Netplatform)isdeveloped
asanadditionalsecuritylayerforuserssystemandthenetworkinwhichtheusersPCistobeconnected
to.Thus,itformssecondsecuritylayer,afterwindowsusuallogonauthenticationprocess.Thistechnique
isnecessary,becauseitensuresthat:Propersecurityauthenticationandauthorizationisensuredatthe
userleveloneachPCinanetwork.Unauthorizedpersonsarenotallowedintothenetwork(orthe
serverresources)throughlegitimatecomputersinthenetwork.Duringauthentication,networkservices
https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 13/47
10/14/2016 TurnitinOriginalityReport
aretotallydisabled(ontheuserscomputer)untiltheprocessissuccessful.Intheeventofan
unsuccessfulauthenticationorverification,theuserscomputerwillstillremainconnectionless.The
followingchapterwillreviewvariousresearchedworksinimprovingnetworksecurityusingkeystroke
dynamics,theirfailures,flawsandspecificstrength.1.6MethodologyUnderstandingoftheproblemsof
thenetworkauthenticationattheAnglicanSeniorHighSchool,callsforthegatheringofinformation
throughobservationoftheexistingauthenticationsystem,interviewingoftheusersandtestingofthe
existingsystem,toexposethevariousauthenticationproblems.Sincethisisnotthefirsttimesucha
researchisgoingtobeconducted,anumberofresearchworksonkeystrokedynamicsshouldbe
reviewedtogetbetterideastosolvetheproblemathand.Thiswillleadtoanappropriatesoftware
developmentlifecycle,resultingintosuccessfulalgorithm.AfterthatVisualBasicwillbeusedtodevelopa
softwarecalledBioNetlogon.BioNetlogonsoftwarewillbeinstalledattheschoolafterasuccessfultesting.
1.7LimitationTheresearchislimitedtousingkeystrokedynamicsauthenticationsystemtosecurethe
localareanetworkatKumasiAnglicanSeniorHighSchool.CHAPTER2LITERATUREREVIEWAreview
of
2existingkeystrokedynamicsmethods,metrics,anddifferentapproachesare
giveninthischapter.Thischapteralsodiscussesaboutthevariousnetwork
securityissuesandchallengesfacedbykeystrokedynamics.
2.1BiometricMeasurementsTherearePhysicalandBehaviouralbiometricunderbiometric
measurements.
8PhysicalBiometricsdefinebiologicalaspectsofapersonthatdetermine
identity.Measurementdataisconsideredstaticwhichgeneratesanabsolute
match.(Partialmatchesaremostlyduetovariabilityinthecaptureprocess,
suchasplacingonlypartofafingeronafingerprintdevice.)Examplesof
physicalbiometricsare:DNA,Iris,Retina,Fingerprint,HandGeometryand
VeinStructure.BehaviouralBiometricsdefinecharacteristictraitsexhibitedbya
personthatcandetermineidentity.Measurementsareconsidereddynamic
whichresultsinaconfidencematch.Thequalityofthismeasurementvaries
bybehaviouralaswellasexternalfactorsofthesubjectbeingmeasured.
Examplesofbehaviouralbiometricsare:Handwriting,Voice,Speech,Language
Removal,Gait,GestureandTypingpatterns.KeystrokeDynamics,beinga
behaviouralmeasurement,isapatternexhibitedbyanindividualusinganinput
deviceinaconsistentmanner.Rawmeasurementsalreadyavailablebythe
standardkeyboardcanbemanipulatedtodetermineDwelltime(thetimeone
keepsakeypressed)andFlighttime(thetimeittakesapersontojumpfrom
onekeytoanother).Variationsofalgorithmsdifferentiatebetweenabsolute
versusrelativetiming.Thecaptureddataisanalysedtodetermineaggregate
factorssuchas:Cadence,Content,SpatialCorrections,andConsistency.This
isthenfedthrough11asignatureprocessingroutine,whichdeducesthe
primary(andsupplementary)patternsforlaterverification.
TherearemanychallengesfacingKeystrokedynamics.
18Onechallengeisthatthesamepersonstypingspeedcanvarygreatlyon
differentcomputers
ordifferenttimes,evenonthesamecomputer.Anotherishowtoensurethattherightpersonisstillthe
samepersonusingthesamesystemaftersometime.
18Theresalsotheissueofwhathappenswhenapersonbreaksahandor
finger.
Thegreaterchallengeishowtoauthenticateusersseekingaccesstoanetworkresources,ornetwork
node.
18Keystrokebiometricsisstilllesspopularthanotherformsofbiometric
authenticationbecausenotenoughpeoplearefamiliarwithityet.
18Likeotherbiometrics,keystrokedynamicsiscurrentlynotaperfectsolution,
https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 14/47
10/14/2016 TurnitinOriginalityReport
ascomparedtootherformsofuser/systemauthenticationsolution.Hencefurtherresearchand
improvementsarerequired.
18Mostsecurityexpertsagreethatusinglayeredtechniquesisthebest.
Keystrokedynamicscanbeonepartofasuiteofauthenticationmodes,
orasaddontooperatingsystemauthenticationmechanism.Thisresearchworkseekstostudy,analyse
andproposemethodtoimprovenetworksecurityusingkeystrokedynamics(Joyceetal,1990).2.2
ResearchFieldandSubjectofStudyThissectionbrieflyreviewsthechallengesfacingdevelopmentof
keystrokedynamicstechniquesasasubjectofstudyinthisresearch.Recognisingthefactthatresearch
inthisfieldhasnotbeenwidelyappraisedoverthelastdecade,thissectionbrieflyhighlightssomeofthe
issuesthatcontributetoitsunpopularity.
11Keystrokedynamicsismostlyapplicabletoverification,butalso
identificationispossible.Inverificationitisknownwhotheuserissupposed
tobeandthebiometricsystemshouldverifyiftheuseriswhoheclaimstobe.
Inidentification,thebiometricsystemshouldidentifytheuserwithoutany
additionalknowledge,12usingonlykeystrokedynamics.Mostapplicationsof
keystrokedynamicsareinfieldofverification.
9OneofthemostlikelypossibleusesforKeystrokeDynamicsinthebusiness
andinformationworldtodaywouldbeforuseridentificationpurposes.By
havingthespecificusercalibratedtotypingaspecificphraseorpassword,the
analyticalsoftwarewouldbeabletodecipherwhetherornottheuseristhe
allowedsourcebaseduponhesitationandrapidityofthestroke.Thussimply
typingthepasswordorpastingitwithintheappropriatefiledwouldnotwork
becausetheflighttimeanddwelltimeswouldnotmatch.Thiswouldeliminate
securitythreatstoaninformationsystemeveniftheactualtextorcharacter
combinationwasrevealedtoanoutsidesource.Additionally,thissoftware
couldbeusedtodistinguishonepersonfromanotherinsignalbased
communications,suchastypingortelegraphing,wheretheuserismanually
inputtingthesignalsaccordingtotheirownrhythmicpatterns.Althoughnot
abletoidentifynewusers,thesoftwarecancompareinputsignalsto
establishedtemplatesanddeterminewhetherornotthedesireduseristhe
onetransmittingthesignal.Keystroke
15recognition,however,isobviouslyamoresemiobtrusivebiometricthan
fingerprint.Itgivesthepossibilitytoidentifyhumanbeingsinfrontofa
computerwithoutanyrealdirectexplicitinteractionwiththecomputer.For
example,whileapersonistypingsomethingonthecomputer,thecomputer
willextractfeaturesandanalysethekeystrokeswheretheuserdoesntneedto
thinkoftheauthentication.Incaseofweakqualityfeatures,itwouldbemore
sufficienttohaveitas
secondsecurityauthentication(atapplicationlevel),whilstoperatingsystemloginprecedesasthefirst
securityauthenticationlayer.Thisisbecause
15keystrokerecognitionisstillunderresearchtobeastrongandrobust
biometric.However,untilnowthekeystrokerecognitioncanbeusedasan
additionalmethodforincreasingsecuritybyobtrusiveandperiodicre
verificationofapersonidentity
(Magnus,2009).2.2.1EaseofUseThe
9basisfortestingorobservingonespatternfortypingistherepetitionof
typingsothatdifferencescanbenotedandpatternsobservedbetweenwords.
Currentlymostsolutions,involvetemplate
https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 15/47
10/14/2016 TurnitinOriginalityReport
9consistingoftheusertypingaseriesofwordsoverseveralsessionstobreak
upthetime.Forcedtyping
duetorepetitivestraininjury,
9overlongperiodsoftimecaninducefatigue,stress,andotherfactors,such
assimpletypingmistakes,whichmayinhibitthetemplatesaccuracy.Once
properlycalibrated,thetemplateiseasilyabletodistinguishwhetherthe
acceptableuseristypingornotbycomparingtheflightanddwelltimesto
thosesetonthetemplate
Monroseetal,(1997).Itcanthereforebededucedthatthe
9failureofeaseinregardstousingkeystrokedynamicssystemiswhatinhibits
itsusesfromthepublicarena.Settingupaseriesofacceptedusersistime
consumingandbasedonthestudiesofoneparticularstudy,maybehardto
duplicatebythatuserthanbythatofanotheruser.Also,thefailureofthe
systemtoeasilyidentifynewacceptableuserwhileinplacelimitsitsuse.
Althoughdevelopmentsarebeingmadetopreparethesystemforsuch
intelligence,ithasnotyetbeenincorporated.
2.2
11.2FeaturesUsedwithKeystrokeDynamicsKeystrokedynamicsinclude
severaldifferentmeasurementswhichcanbedetectedwhentheuserpresses
keysinthekeyboard.Possiblemeasurementsinclude:Latencybetween
consecutivekeystrokes.Durationofthekeystroke,holdtime.Overalltyping
speed.Frequencyoferrors(howoftentheuserhastousebackspace).The
habitofusingadditionalkeysinthekeyboard,forexamplewritingnumbers
withthenumericalpad.Inwhatorderdoestheuserpresskeyswhenwriting
capitalletters,isshiftortheletterkeyreleasedfirst.Theforceusedwhen
hittingkeyswhiletyping(requiresaspecialkeyboard).Statisticscanbeeither
global,i.e.combinedforallkeys,ortheycanbegatheredforeverykeyor
keystrokeseparately.Systemsdonotnecessarilyemployallofthesefeatures.
Mostoftheapplicationsmeasureonlylatenciesbetweenconsecutive
keystrokesordurationsofkeystrokes.
17Therearecleardifferencesinlatenciesandtheirstandarddeviations.
Latenciesbetweenkeystrokeswhenwritingwordspassword,bythree
differentpersons.Thewordswerewrittenseveraltimes,
11Latenciesbetweenkeystrokesanddurationsofkeystrokesarepopular
measurementsbecausetheycanbeeasilymeasuredwithnormalPC
hardware.Bothkeypressandreleaseeventsgeneratehardwareinterrupts.
Gatheringkeystrokedynamicsdatahashoweverfewcomplications.Several
keyscanbepressedatthesametimetheuserpressesthenextkeybefore
releasingthepreviousone.Thisusuallyhappensquiteoftenwhentypingfaster.
Dependingonwhatismeasured,theremightevenbenegativetimebetween
releasingakeyandpressingthenextone.Italsoaddsslightlytocomplexityof
thekeystrokedynamicssystem,iftheintentionistoknowwhentheuser
pressesSHIFT,ALTandotherspecialkeys
(Obaidatetal,1997).2.2.3TypingSpeed
17Anotherchallengeisthatthereisaverywidevarietyoftypingskills,andthe
biometricsystemsshouldworkforallusers.Firstofall,thespeedoftyping
canbewildlydifferentbetweendifferentusers.Anexperiencedtouchtypist
https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 16/47
10/14/2016 TurnitinOriginalityReport
writeseasilyseveraltensoftimesfasterthanabeginnerusinghuntand
peckstylewithonefinger.Alsothepredictabilityofafastwriterismuch
greaterthereisnoneedtostopandthinkwheresomeletterislocatedonthe
keyboard.Thetypingcanalsobeaffectediftheuserisonalowerlevelof
alertness,forexamplesleepyorill.Userswilladditionallysometimeshave
accidentsandconsequentlywriteinanabnormalfashionforafewweekswhen
afingerisbandaged,ortypewithonehandwhenholdingacoffeecupinother
hand,andsoon.Changingkeyboardtoadifferentmodelorusingalaptop
computerinsteadofanormalPCcanalsoaffectkeystrokedynamics
tremendously.Allthesefactorshavetobetakenintoaccountwhendesigning
akeystrokedynamicssystem
(Monroseetal,1999).2.3Technologies
29Biometrictechnologiesaredefinedasautomatedmethodsofverifyingor
recognizingtheidentityofalivingpersonbasedonphysiologicalor
behaviouralcharacteristics
(Aniletal,2004).
2Biometricstechnologiesaregainingpopularity,duetothereasonsthatwhen
usedinconjunctionwithtraditionalmethodsofauthenticationtheyprovidean
extrahigherlevelofsecurity.Biometricsinvolvessomethingapersonisor
does.Thesetypesofcharacteristicscanbeapproximatelydividedinto
physiologicalandbehaviouraltypes
(OGorman,2003).
2Physiologicalcharacteristicsrefertowhatthepersonis,orinotherwords,
they
36measurephysicalparametersofacertainpartofthebody.Someexamples
areFingerprints,HandGeometry,VeinChecking,IrisScanning,RetinalScanning,
FacialRecognition,andFacialThermogram.Behaviouralcharacteristicsare
relatedtowhatapersondoes,orhowthepersonusesthebody.Voiceprint,
gaitrecognition,SignatureRecognition,MouseDynamicsandkeystroke
dynamics,aregoodexamplesofthisgroup.
2KeystrokedynamicsisconsideredasastrongbehavioralBiometricbased
Authenticationsystem
(Awadetal,2005).
2Itisaprocessofanalyzingthewayausertypesataterminalbymonitoring
thekeyboardinordertoidentifytheusersbasedonhabitualKeystroke
Dynamicspatterns.Moreover,unlikeotherbiometricsystems,whichmaybe
expensivetoimplement,keystrokedynamicsisalmostfreeastheonly
hardwarerequiredisthekeyboard.
2.4VerificationTechniques
21Keystrokeverificationtechniquescanbeclassifiedaseitherstaticor
dynamic(continuous)(Monroseetal,1999).Staticverificationapproach
analyseskeystrokeverificationcharacteristiconlyatspecifictimesproviding
additionalsecuritythanthetraditionalusername/password.
https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 17/47
10/14/2016 TurnitinOriginalityReport
21Staticapproachesprovidemorerobustuserverificationthansimple
passwordsbutthedetectionofauserchangeafterthelogonauthenticationis
impossible.Continuousverification,oncontrary,monitorstheuser'styping
behaviorthroughoutthecourseoftheinteraction.Inthecontinuousprocess,
theuserismonitoredonaregularbasisthroughoutthetimehe/sheistyping
onthekeyboard,allowingarealtimeanalysis(Monroseetal,1997).Thismeans
thatevenafterasuccessfullogin,thetypingpatternsofapersonare
constantlyanalyzedandwhentheydonotmatchtheusersprofile,accessto
thesystemisblocked.2.5
MethodsandMetrics
23Previousstudieshaveidentifiedaselectionofdataacquisitiontechniques
andtypingmetricsuponwhichkeystrokeanalysiscanbebased.Thefollowing
sectionsummarizesthebasicmethodsandmetricsthatcanbeused
(Shanmugapriyaetal,2009).2.5.1
2StaticatLoginStatickeystrokeanalysisauthenticatesatypingpatternbased
onaknownkeyword,phraseorsomeotherpredeterminedtext.Thetyping
patterncapturediscomparedagainstapreviouslyrecordedtypingpatterns
storedduringsystem
enrolment.2.5.2PeriodicandContinuousDynamics
2Dynamickeystrokeanalysisauthenticatesauseronthebasisoftheirtyping
duringaloggedsession.Thedata,whichiscapturedintheloggedsession,is
thencomparedtoanarchivedtypingpatterntodeterminethedeviations.Ina
periodicconfiguration,theauthenticationcanbeconstanteitheraspartofa
timedsupervision.Continuouskeystrokeanalysisextendsthedatacapturing
totheentiredurationoftheloggedsession.Thecontinuousnatureoftheuser
monitoringofferssignificantlymoredatauponwhichtheauthentication
judgmentisbased.Furthermore,animpostormaybedetectedearlierinthe
sessionthanunderaperiodicallymonitoredimplementation.2.5.3Keyword
andApplicationSpecificsKeywordspecifickeystrokeanalysisextendsthe
continuousorperiodicmonitoringtoconsiderthemetricsrelatedtospecific
keywords.Extramonitoringisdonetodetectpotentialmisuseofsensitive
commands.Staticanalysiscouldbeappliedtospecifickeywordstoobtaina
higherconfidencejudgment.Applicationspecifickeystrokeanalysisfurther
extendsthecontinuousorperiodicmonitoring.Itmaybepossibletodevelop
separatekeystrokepatternsfordifferentapplications.Inadditiontoarangeof
implementationscenarios,therearealsoavarietyofpossiblekeystroke
metrics.TheFollowingarethemetricswidelyusedbykeystrokedynamics.
2.5.4DigraphandTrigraphLatenciesDigraphlatencyisthemetricthatismost
commonlyusedandtypicallymeasuresthedelaybetweenthekeyupandthe
subsequentkeydownevents,whichareproducedduringnormaltyping(e.g.
pressingletterTH).Trigraphlatencyextendsthedigraphlatencymetricto
considerthe
25timingforthreesuccessivekeystrokes(e.g.pressingletterTHE).Keyword
latencyKeywordlatenciesconsidertheoveralllatencyforacompleteword
ormayconsidertheuniquecombinationsofdigraphtrigraphsinaword
specificcontext.2.6PerformanceMeasuresPerformanceofKeystroke
analysisistypicallymeasuredintermsofvariouserrorrates,namelyFalse
AcceptRate(FAR)andFalseRejectRate(FRR).FARistheprobabilityofan
impostorposingasavaliduserbeingabletosuccessfullygainaccesstoa
securedsystem
https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 18/47
10/14/2016 TurnitinOriginalityReport
accordingtoGuvenetal,(2003).
6Instatistics,thisisreferredtoasaTypeIIerror.FRRmeasuresthepercentage
ofvaliduserswhoareKeystrokeDynamicsbasedAuthenticationrejectedas
impostors.Instatistics,thisisalsoreferredtoasaTypeIerror.Botherror
ratesshouldideallybe0%.Fromasecuritypointofview,typeIIerrorsshould
beminimizedthatisnochanceforanunauthorizedusertologin.However,
typeIerrorsshouldalsobeinfrequentbecausevalidusersgetannoyedifthe
systemrejectsthemincorrectly.Oneofthemostcommonmeasuresof
biometricsystemsistherateatwhichbothacceptandrejecterrorsareequal.
ThisisknownastheEqualErrorRate(EER),ortheCrossOverErrorRate
(CER).Thevalueindicatesthattheproportionoffalseacceptancesisequalto
theproportionoffalserejections.Thelowertheequalerrorratevalue,the
highertheaccuracyofthebiometricsystems.2.7KeystrokeAnalysis
ApproachesAnumberofstudies
2havebeenperformedintheareaofkeystrokeanalysissinceitsconception.
Therearetwomainkeystrokeanalysisapproachesforthepurposesofidentity
verification.TheyarestatisticaltechniquesandNeuralnetworks
techniquesSomecombinethe
two
2approaches.Thebasicideaofthestatisticalapproachistocomparea
referencesetoftypingcharacteristicsofacertainuserwithatestsetoftyping
characteristicsofthesameuseroratestsetofahacker.Thedistancebetween
thesetwosets(referenceandtest)shouldbebelowacertainthresholdorelse
theuserisrecognizedasahacker.NeuralNetworksprocessfirstbuildsa
predictionmodelfromhistoricaldata,thenusesthismodeltopredictthe
outcomeofanewtrial(ortoclassifyanewobservation).Althoughthestudies
tendtovaryinapproachfromwhatkeystrokeinformationtheyutilisetothe
patternclassificationtechniquestheyemploy,allhaveattemptedtosolvethe
problemofprovidingarobustandinexpensiveauthenticationmechanism.
Table1givesasummaryofmaintheresearchapproachesperformed.Table.1:
ApproachesinKeystrokeAnalysisStudyClassificationTechniqueUsersFAR
(%)FRR(%)Joyceetal,1990StaticStatistical330.2516.36Leggettetal,1991
DynamicStatistical3612.811.1Brownetal,1993StaticNeuralNetwork250
12.0Obaidat
etal,1993
43StaticNeuralNetwork2489Napieretal,1995DynamicStatistical243.8
(Combined)Sadoun
etal,1997
43StaticStatisticalNeuralNetwork150.71.900Monroseetal,1999Static
Statistical637.9(Combined)Choetal,2000StaticNeuralNetwork2101
Furnell
etal,2000
2StaticNeuralNetwork149.930Bergadanoetal,2002StaticStatistical154
0.014Guvenetal,2003StaticStatistical12110.7Sogukpinaretal,2004Static
Statistical00.660Dowlandetal,2004DynamicNeuralNetwork354.90Cho
etal2004
https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 19/47
10/14/2016 TurnitinOriginalityReport
2StaticNeuralNetwork2103.69Gunettietal,2005StaticNeuralNetwork205
0.0055Clarkeetal,2007StaticNeuralNetwork325(EqualErrorRate)Cho
etal,2007
2StaticNeuralNetwork210.43(AverageIntegratedErrors)Pinetal2008Static
Statistical506.36(EqualErrorRate)Withtheexceptionof
Pinetal(2008)mostofthecurrentresearchersprefertheuseofneuralnetworktechnique.Majorityofthe
goodresultsof
78FalseAcceptRate(FAR)andFalseRejectRate(FRR),arefromtheneural
networktechnique.Intermsofclassificationalmostallthegoodresultscamefromstaticevenfromthe
beginningoftheresearchintokeystrokedynamics2.8
2SecurityofKeystrokeDynamicsLittleresearchhasbeenconductedto
analysekeystrokedynamicsconcerningsecurity.Theapplicationofkeystroke
dynamicstocomputeraccesssecurityisrelativelynewandnotwidelyusedin
practice.Reportsonrealcasesofbreakingkeystrokedynamicsauthentication
systemdonotexist.Keystrokedynamicsschemesareanalysedregarding
traditionalattacktechniquesinthefollowingsection.Thetraditionalattacks
canbeclassifiedas:ShoulderSurfingRecordingUsersInformationSocial
andEngineeringGuessingBruteForceDictionaryAttack2.8.1Shoulder
SurfingAsimplewaytoobtainauserspasswordistowatchhimduring
authentication.
WiththecomingintotheexistenceofCCTVinstallationsinthesecuritysensitiveestablishments,an
intrudernowdonotneedtobecloseroratthesameofficetobeabletowatchsomeonewhenheorshe
istypingapassword.CCTVinstallationsdorecord,thereforeanintrudercancopyandplaybackthevideo
recordingfromtheCCTVinstallation.Thisiscalled
64shouldersurfing.Ifkeystrokedynamicsareusedintheverificationor
identificationmode,shouldersurfingwillnotbea
2threatfortheauthenticationsystem.Passwordisnotusedinthe
identificationcaseandthereforethepasswordcannotbestolen.Onlythe
keystrokepatternisimportantanddecisive.Incaseofverification,anattacker
maybeabletoobtainthepasswordbyshouldersurfing.However,keystroke
dynamicsforverificationisatwofactorauthenticationmechanism.The
keystrokepatternstillhastomatchwiththestoredprofile.
2.8.2RecordingUsersInformation
2Spywareissoftwarethatrecordsinformationaboutusers,usuallywithout
theirknowledge.Spywareisprobablythebestandeasiestwaytocrack
keystrokedynamicbasedauthenticationsystems.Ifauserunintentionally
installsaTrojanwhichrecordsalloftheuserstyping,keystrokelatenciesand
keystrokedurations,anattackercanusethisinformationtoreproducethe
userskeystrokepattern.Aprogramcouldsimulatetheuserstypingandget
accesstothesystemfromthekeystrokepattern.Muchmoreresearchinthe
areaisexpected.2.8.3SocialEngineeringSocialengineeringisthepracticeof
obtainingconfidentialinformationbypsychologicalmanipulationoflegitimate
users.AsocialengineerwillcommonlyusethetelephoneorInternettotrick
peopleintorevealingsensitiveinformationorgettingthemtodosomething
thatareagainsttypicalpolicies.Usingthismethod,socialengineersexploit
thenaturaltendencyofapersontotrusthisorherword,ratherthanexploiting
computersecurityholes.Phishingissocialengineeringviaemailorother
https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 20/47
10/14/2016 TurnitinOriginalityReport
electronicmeans.Onfirstsight,socialengineeringisnotpossiblewith
keystrokedynamics.Intheidentificationcasethereisnopasswordthatcanbe
givenaway,notevenonpurpose.Askingforthepasswordonthephoneand
pretendingtobetheauthorizeduser,isnotfeasible.Nevertheless,phishing,
socialengineeringviaInternet,maybeawayoftrickingausertogiveawayhis
keystrokepattern.Theattackermightportraitasatrustworthyperson,asking
theusertologontoaprimedwebsite.Whentheuserlogontothewebsite,the
attackermightrecordsthekeystrokerhythmoftheusers.However,the
successratewouldprobablybeverylow.Theusermusttypehisusername
andpasswordseveraltimesinordertohaveameaningfulkeystrokepattern.
2.8.4GuessingandBruteForcePeopleusecommonwordsfortheirpasswords.
Thewayoftypingofadifferentusercanhardlybesimulated.Therearejust
toomanyvarietiesofwaysoftypingonthekeyboard.Guessingoftyping
rhymesisimpossibleinkeystrokedynamics.Inabruteforce
2attack,anintrudertriesallpossiblecombinationsofcharacterstocrackinga
password.Themorecomplexapasswordis,themoresecureitisagainst
bruteforceattacks.Themaindefenseagainstbruteforcesearchistohavea
sufficientlylargepasswordspace.Thepasswordspaceofkeystrokedynamic
authenticationschemesisquitelarge.Itisnearlyimpossibletocarryouta
bruteforceattackagainstkeystrokedynamics.Theattackprogramsneedto
automaticallygeneratekeystrokepatternsandimitatehumaninput.If
keystrokedynamicsareusedinatwofactorauthenticationmechanism,thatis
passwordandkeystroke,itisalmostimpossibletooverpowerthesecurity
system.2.8.5DictionaryAttackAdictionaryattackisatechniquefordefeating
authenticationmechanismbytryingtodetermineitspassphrasebysearching
alargenumberofpossibilities.Incontrasttoabruteforceattack,whereall
possibilitiesaresearchedthroughexhaustively,adictionaryattackonlytries
possibilitiesthataremostlikelytosucceed,typicallyderivedfromalistof
wordsinadictionary.As
fordictionaryattacks,itisimpracticalandbarelyimpossibleto
6carryoutdictionaryattacksagainstkeystrokedynamicauthentication
mechanisms(Benny,2007).Itispossibletouseadictionaryattackwhich
consistsofgeneralkeystrokepatterns,butanautomateddictionaryattackwill
bemorecomplexthanatextbaseddictionaryattack.Againtheattack
programsneedtoautomaticallygeneratekeystrokepatternsandimitate
humaninput.Overallkeystrokedynamicsarelessvulnerabletobruteforce
anddictionaryattacksthantextbasedpasswords.
2.9FalseAlarmandanImposterPassRate
1ReportingofresearchintoKeystrokeDynamicsbeganintheearly1980swith
theoftencitedpioneeringpaperbyGainesetal
(1980),
1fromtheRANDCorporation.Theymeasuredtheeffectivenessoftheir
KeystrokeDynamicssystembytwoparameters(stillinusetoday).FAR,therate
thatakeyboardrhythmisfalselyidentifiedasbelongingtoanimposter,and
IPR,theratethatanimposterskeyboardrhythmisincorrectlyidentifiedas
belongingtoalegitimateuser(Bergadanoetal,2002).Theidealsituationisfor
boththeseparameterstobeasclosetozeroaspossibleusuallyitismore
acceptabletohaveahigherFARthanIPRifasecureenvironmentisthegoal.
InGainesetal,(1980)experiments,sevensecretarieswereaskedtoretypethe
samethreeparagraphsattwodifferenttimesoverfourmonthsandkeystroke
timingswerecompared.TheirresultsshowedaFARof4%ofanIPRof0%.
https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 21/47
10/14/2016 TurnitinOriginalityReport
Whiletheyprovedtheconceptofuseridentificationbykeyboardtimingsas
viable,itisdifficulttoevaluatetheeffectivenessoftheirmethodsduetothe
limitedscaleoftheirexperiments.Joyceetal,(1990)describetheiridentity
Verifierwhichisbasedonkeystroketimings.Intheirexperiments,thirtythree
userseachprovidedareferencesignaturebytypingintheirloginname,
password,firstnameandlastnameeighttimes.Theuserthentriedtologinto
theiraccountfivetimesandthedatacollected.Sixoftheusersactedas
impostersandtriedtologintotheremaining27accounts.Theyachieveda
FARof16.7%and
1IPRof0.25%.ThehighFARof16.7%isequaltoarejectionof1in6login
attemptsrequiringanotherattempt.Joyce
etal,(1990)noted
1thattheFARcouldbereducedifahigherIPRwasconsideredacceptable.
TheyalsonotethatsignificantreductionsinFARcanbeachievedwithonly
slightincreasesinIPRifthresholdsaremanipulatedincertainways.
Interestinglythesamplesfortheirexperimentsweretakenusingthesame
computersystemandthereforethesamekeyboard.Joyceetal,(1990)
recommendthatfurtherresearchisdonetoseetheeffectofothersystemson
theirresultsparticularlyseeingthattheabilitytorecordaccuratetimingsis
anessentialpartoftheiralgorithmandthismaynotbeavailableina
distributedoronlineenvironment.
Cho
1etal,(2000)reportaFARof1%whichiswithinthespecificationfor
acceptancebyuserssuggestedby
1Robinsonetal,(1998).Howevertheyrejectedtheresultsfromsome
inexperiencedtypistswhichtheyclaimimprovestheFARresultsoftheir
experiments.Theyrecommendthatfurtherinvestigationonroleoftyping
experienceisconducted.Yuetal,(2004)reflectonthiswork
andidentified
1twosignificantproblems:1.Trainingtimewasexcessive.2.Thedataset
requiredwastoolarge.Theyproposedasolutionthataddressesthese
problemswhilestillretainingsimilarFARandIPRresults.
2.10KeystrokeandDurationsLatenciesDurationisthelengthoftimekeysarepressed.Whileslatencyis
thetimebetweensuccessivekeystrokes.Monroseetal,(1997)acknowledgedtheworkofJoyceetal,
(1990)andextended
1theirresearchworkby:Examiningtheuseofkeystrokedurations
inadditiontokeystrokelatencies.
1Exploringthelongtermmeasurementofkeystrokedynamicsoverweeks
Measurementofkeystrokedynamicsusingtheusersowncomputer.Their
resultsshowedthatallthreeaspectscouldbeachievedwithinaworkable
framework.Particularinterestistheirfoundationworkonthedesignofa
dynamicauthenticationsystem(Leggett
etal,
https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 22/47
10/14/2016 TurnitinOriginalityReport
11991)thatauthenticatesauserovertimeusingtheunstructuredtexttypedby
auserintheirnormalworkpractices.Obaidatetal(1997)reportontheirwork
usingkeystrokedurations,latenciesandneuralnetstodetermineausers
identitybasedsolelyontheiruserID.TheyclaimverylowFalseAlarmand
ImposterPassrates
madethemobserved
1thatthekeystrokedurations(holdtimes)aremoresignificantthanthe
keystrokelatencies(timebetweenkeypresses).Significantly,theyhave
achievedgoodrecognitionusingveryshortstrings(10characters).Whatis
notclearfromtheirpaperisamountoftrainingrequiredbeforetheirsystem
willbeabletoperformtheverificationrecognitionthattheyclaimed.
Additionallyitisofconcernthatboththeimpostersandownerstyping
patternswereusedforlearningwhichisnotapplicabletomostnetwork
situations.Robinsonetal(1998)alsoconductedastudyonverificationof
userID,withreferencetoObaidatetal(1997),heachievedaFARof10%and
1IPRof9%.Theyusedbothkeystrokedurationsandlatenciesandthemean
userIDlengthwas6.4characters.Thoughimpressive,theycautionedthataFAR
oflessthan1%isrequiredbeforethistypeofsecuritymeasurecouldbe
considerednoninvasive.Bergadanoetal,(2002)reportedontheirkeystroke
analysistechnique,whichtakesintoaccountproblemsassociatedwith
variabilityoftypingandtypingerrors,andproducesaFARof4%and
1IPRoflessthan0.01%.Thiswasachievedbyusingthesamesamplingtextof
683charactersperuser(entered5times),allowingtypingerrors,andina
simulatedonlineenvironment.Interestingly,onceagain,thesampleswereall
collectedinthesameroomonthesamecomputerandthereforethesame
keyboard.Theauthorsstatedthattheywerenotsureoftheeffectofvariability
onkeyboardtypeandcondition,andthismaybeaweaknessintheirmethod.
ThereseemstobesubstantialevidencethatKeystrokeDynamicsasamethodof
authenticationisproventobeviable.Ongoingresearchisclearlyneededto
reducebothFARandIPRtolevelsthatbecometransparenttotheuser.2.
11LatencyPatternsResearcherswhoanalysed
10keystrokelatencypatternstoidentifythepersontypingonthekeyboard
werePerrigetal,(1997).Unlikepreviousworks
10whichfocusedontakingonereferencesampleanddoinguser
authenticationbasedononereference.
Perrigetal,(1997)used
10continuouslysampleuserinputandusedthecumulativedatafor
identificationoftherightuser.Theyalsodidnotspecifytheidealnumberoftimes.
10Inmanysituations,ausermayleavehiscomputerwithoutloggingoutor
lockingthecomputer.Thisgivesanintruderachancetousetheconsoleand
theuserslogontobreakintothesystems.
Intheirprojectreporttheywereableto
https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 23/47
10/14/2016 TurnitinOriginalityReport
31presentatooltoprovidecontinuousauthenticationoftheuserby
continuouslymonitoringtheuserstypingpattern.Assoonasadifferent
typingpatternisdetected,thecomputerlocksupandthesuspectedintruderis
askedtotypeinapassword.Thistechniquecanbeusefulinmanysettings,for
instance,notebooks.Itcanalsobeusedasanadditionalbiometric
authenticationmethodinahighsecurity
institution.Theirapproachwas
10tovalidateuseridentityatalltimesbycontinuouslymonitoringkeystrokes.
Eachkeystrokeiscapturedthrough
10Xwindowsserverandprocessedeithertotrainthemodelortocomputea
probabilitythatthecurrentuseristhesameastheuseronwhomthemodel
wastrained.Thesystemisusingthekeystrokedelaystosetupastructure
similartoaMarkovchainwhichmodelsthemeansandvarianceofthedelay
betweentwokeystrokes.Thesystemtakesallthecombinationsoftwo
subsequentkeysandstoresthedata.Toidentifyauser,
thesystemchecks
10whichusersmodelmaximizesthelikelihoodoftherecentkeypresses.2.12
LatencyObservation
Perrigetal,(1997)definelatencyobservationasthemonitoringof
12allthekeyeventsthatusertypes.Intheirapproach,typingonekeytriggersa
pairofkeyevents:pressandrelease,whichtheycallakeystroke.Theyhadthe
latencybetweenpressingandreleasingakeyforeachkeythatistyped,which
iscalledPRlatency.Foreachtwocontinuouskeystyped,theyhadthelatency
betweenthereleaseeventofthefirstkeyandthepresseventofthesecond
key,whichiscalledRPlatency.PRlatencyisalwayspositive,becauseakey
canonlybereleasedafteritspressed.RPlatencycanbenegative,because
thesecondkeycanbepressedbeforethefirstkeyisreleased.
Theirapproach,
12PRlatenciesandRPlatenciesaregroupedrespectivelyinthreedifferent
ways:bigram,trigramandwordgram.AKeyeventisabigramevent,atrigram
eventorawordgramevent.Bigramgroupedeverytwocontinuouskeystrokes
intoonebigrameventandindexitbythetwokeys.Trigramgroupedevery
threecontinuouskeystrokesintoonetrigrameventandindexitbythethree
keys.Wordgramgroupeverycontinuoussetofkeystrokesthatonlycontains
letters,theCapsLockkeyandtheShiftkeyintoonewordgrameventandindex
itbythekeys.TheCardinalityofakeyeventisthenumberofkeysintheevent.
Abigrameventhasacardinalityoftwo.Atrigrameventhasacardinalityof
three.Awordgrameventhasacardinalityofthelengthoftheword.The
Bigrammodelcontainsallthebigrameventsdata.ATrigrammodelcontains
allthetrigrameventsdata.AWordgrammodelcontainsallthewordgram
eventsdata.Theycallthedatasetofeachindexinthethreemodelstheindex
set.TheCardinalityofanindexsetisthecardinalityoftheindexoftheindex
set.IntheStatisticsModel
26foreachuser,theybuildupthreemodels:bigrammodel,trigrammodeland
wordgrammodel.Inthetrainingphase,theyinsertedthedataintothethree
modelsastheydescribedabove.Thentheycomputedthemeanandthe
standarddeviationofeachindexsetofthethreemodels.Intheprediction
https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 24/47
10/14/2016 TurnitinOriginalityReport
phase,theyusedthekeystrokesgathered,fromtheXserverastheinputtothe
threemodelsandcomputedtheprediction.IntheIndexsetprediction,they
assumedanindexsethasavectorofmeanandavectorofstandarddeviation.
Theyweremonitoringthe
10keystrokesoftheuserscontinuously,foreachnewkeyeventandcomputing
theindexsetpredictionsaccordingtothekeyeventonthegivenmodel.Then
theycomputedthecurrentpredictionsofwhetherthekeystrokesaretypedfrom
theuserofthemodelbasedontheweightedaverage.The
weightedaveragedemandsthattheuserskeystrokepatternremainsrelativelyconstant.Butinreal
situationitisvirtuallynotpossibletomaintainconstantkeystrokepatterns.SystemArchitectPerrigetal
(1997),used
10aprogramcalledxlisten(writteninC)grabskeystrokesfromtheXserver
andforeachkeypressedorreleasedoutputsalineofdatadescribingthe
event,includingwhichkeywaspressedorreleasedandthelatencyin
millisecondssincethelastevent.Theserawdataarepassedbytheshelltothe
mainprogram(writteninJava)whichhasthreedistinctinputmodulesto
processthethreeinputeventtypes:bigrams,trigrams,andwordgrams.Each
keystrokecanbeprocessedsimultaneouslybythesemodulesandtheresults
combinedorcompared.Thethreeinputmoduleshaveacommonoutput
formatwhichissenttothestatisticsmodule.Thestatisticsmodulehastwo
modes:trainandpredict.Intrainingmode,itincorporateseachneweventinto
itsmodel.
Thesestepsmakethesystemuserunfriendly,whichisneededinthesuccessfulimplementationofthe
system.2.13TypingErrorThe
7distancebetweentwosamplesiscomputedonthebasisoftherelative
positionsofthetrigraphsthesamplesaremadeof.Therelativepositionofa
trigraphinasampledependsonthedurationofthattrigraph.Asa
consequence,whencomparingtwosamples,theymustcontainthesame
trigraphs.However,thisdoesnotmeanthatthetwosamplesmustbe
producedbytypingexactlythesametext.Simply,beforethesamplesare
comparedtocomputetheirdistance,theyarefilteredinordertokeeponlythe
sharedtrigraphs,ofcourse,thelargerthenumberofcommontrigraphs,the
moremeaningfulthevalueoftheirdistance.Ifthesametextisusedforallthe
typingsamples,theonlytrigraphsnotsharedbytwosamplesarethosedueto
typingerrors.Suchtrigraphsarefilteredawaybeforecomparingthetwo
samples.Ifthenumberoftrigraphskeptinthetwosamplesislargeenough,
thecomputationcanstilltakeplace.Intheseexperiments,eachuserwas
alwaysleftfreetomaketypingerrorsandtodecidewhethertocorrectthemor
not.Also,theuserwasfreetostoptypingashe/sheliked(torereadwhatwas
writtenuptothatpoint,tocorrectsomething,orjusttotakeabreak)
(Bergadanoetal,2002).
7Nosamplewasthrownawaybecauseoftypingerrorsinit.Ofcourse,this
hadconsequencesonthenumberoftrigraphsactuallyinvolvedinthe
comparisonoftwosamples,thoughthetextusedintheexperimentsismade
ofabout350differenttrigraphs,thenumberoftrigraphssharedbytwo
sampleswas272ontheaverage.Inthewholesetofsamplesusedinthese
experiments,thereisvirtuallynoonepairofsamplescontainingthesameset
oftrigraphs.Itmustbenotedthatmostoftheexperimentsfoundinthe
literaturerejectedanysamplecontainingtypingerrors(Blehaetal,1990,
Brownetal,1993andObaidat
etal,1997).Accordingto,Leggettetal
https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 25/47
10/14/2016 TurnitinOriginalityReport
7,(1988),samplesarekepteveniftheycontaintypingerrors,whileno
informationisavailablefortheexperimentdescribed.
2.14ClassificationsofUsersWhen
7givenasetofusersandasetoftypingsamplesofthesametextfromthose
users.Givenanewsamplefromoneoftheusers,
Bergadanoetal(2002)andClaudia(2005)didstudiesontheClassificationofusers.Theywantedto
7determinewhotypedit.Ontheaverage,theyexpectedthedistancebetween
twosamplesofthesameusertobesmallerthanthedistancebetweentwo
differentuserssamples.
Oltsik(2006)saidthatthe
16advantagesofKeystrokeDynamicsinauthenticationsoftwaredeliversa
solutionthatisfast,accurate,scalabletomillionsofusers,requiresnochange
inuserbehaviourandisimmediatelydeployableacrosstheorganizationand
theInternetwithouttheneedforexpensivetokens,cardsorotherspecialized
hardware.
2.15TypingTaskSomeresearchersworkonlogintypeauthenticationwhileothersworkoninsession
authentication.Amongresearchonlogintypeauthentication,wheresubjectstypethesamesequence
repeatedly,thesequencerangesfroma7characterpasswordtoa50charactersentence(Choetal,
2000).Amongresearchoninsessionauthentication,wheresubjectstypelongspansoftext,some
researchershavesubjectstranscribetext(e.g,apassagefromanovel),whileothersmonitorkeystrokes
duringsubjectsdaytodayactivities(Bergadanoetal,2002).Becauseresearchhasfoundsomedigraphs
tobebetterthanothersforaccuratekeystrokedynamics(Janakiraman,2007),thesystemknowsthatthe
errorratesdependonthetypingtask.Perhapsthesedifferenttypingtasksexplainwhydifferent
researchersgetdifferenterrorrates.2.16ReliabilityofUserAuthenticationKeystrokedynamicismost
appropriatewayofchecking
3ReliabilityofuserAuthentication.Thefactisthatpeoplecanbeidentified
throughtheirtypingbehaviour,alreadyknownintheearlydaysofthetelegraph
3becameimportantduringtheSecondWorldWar.Morsecodeismadeupof
dotsanddashes,eachofwhichhasitsdescribedlength.Butnoonereplicates
thoseprescribedlengthsperfectly(Magnus,2009).Thevariationofspacing,
stretchingoutofthe
3dotsanddashes,definesarhythmspecifictotheoperator.Thisrhythmis
calledtheoperatorsfirst.The
3basicideaofthestatisticalapproachistocompareareferencesetoftyping
characteristicsofacertainuserwithatestsetoftypingcharacteristicsofthe
sameuseroratestsetofahacker.Thedistancebetweenthesetwosets
(referenceandtest)shouldbebelowacertainthresholdorelsetheuseris
recognizedasahacker.Dataminingisacollectionoftechniquesfromthefield
ofArtificialIntelligenceandMachineLearning,andincludesalsoneural
networks.Adataminingprocesstypicallyfirstbuildsapredictionmodelfrom
historicaldata,andthenusesthismodeltopredicttheoutcomeofanewtrial
(ortoclassifyanewobservation).Incontrasttostatistics,dataminingmakes
noassumptionaboutthedata.Thekeydifferencebetweenthestatisticaland
dataminingmethodsisthereforetheinformationthatisused.Forexample,ina
dataminingapproach,notonlythesimilaritiesbetweenthepatternsofthe
sameuserareconsidered,butalsothedifferencesofthispatternwithallthe
otherpatternsobservedinbuildingofthemodel.
https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 26/47
10/14/2016 TurnitinOriginalityReport
Thisis
3wherethesystemcontinuouslymonitorsauserstypingpattern.Ifthe
patterndoesnotmatchtheprofileoftheloggedonuserthecomputershuts
downoraskstheuserorhackertotypeapassword.Withthismethodone
continuouslyupdatesandmonitorsaloggedonusersprofile.
Magnusin1999goesontosaythat
3distinguishingbetweenrealusersandhackerscanalsobeviewedasaone
classclassificationproblemwhereonetriestodistinguishoneclassofobjects
(realusers)fromallotherpossibleobjects(hackers)bylearningfroma
trainingsetcontainingonlytheobjectsofthatclass.
3Oneproblemwiththeempiricalapplicationsisthelackofdata
andthestudyingshiftkeypatterns.His
3datasetconsistsof1254participantswhotypedthesameusernameand
password,20timeseach.Ofcourse,mistakesweremadeandnotall
participantscompletedthefullsessionof20logins.Nevertheless,thedataset
islargeenoughtobeinformative.Thefactthateachparticipanthasthesame
usernameandpasswordisimportant,becausethisallowsthemtoconsider
eachasapossiblehackertotheother.
Magnus(1999)said
3whenapotentialparticipanthitsthewebsite,asessionisstarted.Intotal,
3476sessionswerestartedinthisway.Thefirststepfortheparticipantisto
clicktherelevantlinkanddownloadaflashapplet
3tohis/herowncomputer.Thepurposeoftheflashappletistorecordthe
necessarytimingsduringthesession,basedontheclockoftheparticipants
computer.Themainactivitythustakesplaceontheparticipantscomputerand
notonthewebsitesserver,thereforetechnicalproblemssuchasnetwork
latencyoroverloadingoftheserverareavoided.Understandably,many
potentialparticipantsdidnotdownloadtheflashappletorloggedoff
immediatelyafterwards,withoutrecordinganytimings.Thishappenedin64%
ofthesessions.Thisleavesuswith1254sessionswheretimingshavebeen
recorded.Theparticipantsweregivenausername(35atrick)andapassword
(water83),thesameforallparticipants.Theywerethenaskedtotypetheir
usernameandpassword20times.Foreachofthe20loginattempts,fromthe
figure1below,theypressed(P)andreleasesI
3clocktimesofeachofthe14characterswererecorded.Thisgives(Pi,Ri)
fori=1,...,14.Fromthesedata,
hewasableto
3calculatedwelltimes(D)andflighttimes(F)as= = 1.
Hence,thedwelltimerecordsthetimethateachkeyisheldpressed,andthe
flighttimerecordsthetimebetweentwoconsecutivepresstimes.Clearly,F1
hasnomeaning,
becausehe
https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 27/47
10/14/2016 TurnitinOriginalityReport
3attachnosignificancetothetimeelapsedbetweenthelastletterofthe
usernameandthefirstletterofthepassword.Thisgiveshim14dwelltimes
and12flighttimesperloginattempt.Itmightseemmorenaturaltodefine
flighttimeas=1sothatthelogindurationisbrokenupin
independentnonoverlappingpieces.Thisisnot,however,agoodidea,
becauseFcanbe(andoftenis)negative.Althoughtheflashappletrecords
bothpressandreleasetimes,charactersregisteredbythecomputerare
controlledonlybythemomentthekeyispressed,notbythemomentthekey
isreleased,andonemay(andoftenwill)pressthenextkeywhentheprevious
keyisnotyetreleased.
2.16.1DwellandFlightTimeCalculations
94Figure.1:DwellandFlightTime
Calculation(Source:
49InternationalJournalofAdvancedResearchinComputerand
CommunicationEngineeringVol.3,Issue10,October2014)
3Ifallparticipantswouldcompletetheirsession(20logins)andmakeno
typingerrors,
whenhehad2620
31254=652,080datapoints.Someparticipantsquittedvoluntarily(theyclosed
theirbrowser)orinvoluntarily(theircomputercrashed),sothattheydidnot
completeall20logins.Inaddition,participantsmadetypingerrors.Ifatyping
errorismadeinausername(orpassword),thenalldwellandflighttimesfor
thatattemptedusername(password)aredeleted.Errorscannotbecorrected.
Usingbackspace
3usesonlytwofingerswillhavealargerflighttimeonaveragethanaperson
whousestenfingers.Finally,hecommentedbrieflyonthewithinperson
variance.
Hecomparedparticipants
3fromthegroupwherethefirstloginisdeletedandexactly15oftheremaining
19loginsarecorrect,
3withthegroupofallparticipantswhohaveatleast6errorfreeattempts.He
thencalculateforeachofthe96participantsandforeachcharactertheSDof
thedwelltimesandcomparedthiswiththeaverageover1000randomdrawsof
15attemptsonthesamecharacterfromtheentirepopulation.Thewithin
personSDisabout47%fortheusernameand44%forthepasswordcompared
withtheSDinthewholepopulation.Herepeatedtheexperimentforasecond
groupwherethefirstfiveloginsaredeletedandall15remainingloginsare
correct,
3thenthewithinpersonSDdropstoabout42%fortheusernameand38%for
thepasswordcomparedwiththeSDinthewholepopulation.Thepercentages
inthesecondexperimentarelowerbecausetheseparticipantsmakefewer
errorsandarethereforelikelytobemoreconsistenttypists.AdropinSDof
5060%maynotseemmuchtodevelopapowerfultest.
https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 28/47
10/14/2016 TurnitinOriginalityReport
Magnus(1999)waysoftestingReliabilityofuserAuthenticationisnotaccuratebecauseerrorscannotbe
correctedbytherightuser.Alltheseruleshavemadekeystrokedynamicsunpopularintheuser
authentications.2.17PasswordHardening
42PasswordHardeningisanyoneofthevarietyofmeasurestakentomakeit
moredifficultforanintrudertocircumventtheauthenticationprocess.
PasswordHardeningmaytaketheformofmultifactorauthenticationby
addingsomecomponentstotheusername/passwordcombinationormaybe
policybased
(Margaretetal,2007).(Choetal,2000)
1Researchorientedtowardsimprovingthesecurityofpasswordsispresented
inthissection.Thesesystemsintegrateandaugmentthesecurityprovidedby
conventionalusername/passwordsystems.
Heproposed
1awebbasedjavaappletsystemforverifyingauthenticityofpasswordsusing
keystrokedynamicsandneuralnetsforanalysis.Thesystemisdescribedas
follows:Whenaclienttriestoaccessahomepage,forexample,sayaschools
onlineshop,locatedinaserver,theusertypesthealreadyregistereduserID.
ThentheserversendstheclientaJavaappletcodethatcanmeasurethe
userspasswordkeystroketimingvector.OncetheJavaappletisrunningon
theclientsystem,itgatherstheuserskeystroketimingvector,itsendsitback
totheserver.Thentheautoassociativeneuralnetworklocatedintheservercan
verifywhethertheuseristhepersonhe/sheclaimstobe.Becausethecodeis
programmedinJava,anyclientsystemthathasaJavabrowsercanbe
connectedtotheserver.Monroseetal(2002)presenteda
1systemwhereauserskeystrokelatenciesanddurationsarecombinedwith
theuserspasswordtoformahardenedpasswordthatismoresecurethana
conventionalpassword.Theirschemeautomaticallyadaptstogradual
changesinauserstypingpatternswhilestillmaintainingthesamehardened
passwordacrossmultiplelogins.Initiallythepasswordisassecureasa
conventionalpasswordandisgraduallyhardenedasbiometricinformation
becomesavailable.Theyidentifythemainlimitationoftheirsystemthatisthe
situationwhereauser,whostypingpatternschangesubstantiallybetween
successivelogins,possiblyduetoanunfamiliarkeyboardfailstogeneratethe
correcthardenedpasswordandislockedoutofthesystem.
1Monroseetal(2002)alsoclaimthattheirsystemimprovesonotherexisting
passwordhardeningsystems,inparticularthecommercialBIOPASSWORD
system,bygeneratingarepeatablekeyfromthebiometriccomponentofthe
hardenedpasswordthatisstrongerthanthepassworditself.Othersystems,
theyargue,areabletobecompromisedifthehardenedpasswordiscaptured
andattackedalthoughonewouldexpectthistotakesignificantlylongerthan
withaconventionalpassword.Whiletheirresultsareveryencouragingthey
provideacautionarynotethatthetrialwaslimitedto20usersand1password
theystronglyrecommendthatfurtherresearchisconductedinthisarea.
Whiletheresearchonpasswordhardeningusingkeystrokedynamicsis
limited,itisclearthatasameansofimprovingthesecurityof
username/passwordauthenticationwhilestillworkingwithinexisting
frameworks,themethodisviableinanetworkedenvironment.
2.18CommercialImplementationofKeystrokeDynamicsFewsoftwarehousesmadeanattempttocome
outwithproductsonkeystrokedynamics.Themostpopularoneisthe
https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 29/47
10/14/2016 TurnitinOriginalityReport
1BIOPASSWORD(www.biopassword.com).Itisacommercialimplementation
ofKeystrokeDynamicsforsecuringnetworks,andstandalonePCsusinga
standardusername/passwordlogon.Itismiddlewarethatreplacesthenormal
logonscreenofaPC.ItissoldbyBioNetSystemswhorecentlypurchasedthe
rightsandtechnologyfromNetNannyInc.BIOPASSWORDisaderivativeof
thepioneeringworkconductedbytheRANDCorporation
andisprotectedbyanumberofpatents(Gainesetal,1980
1).Inthenetworkversionofthesoftware,specialserversoftwareisinstalled
onawindowsNT/2000/2003domaincontroller,whichthencontrolsthelogon
ofdomainmembercomputers.Newusersarerequiredtoentertheirusername
andpassword15times(defaultvalue)toenablekeystrokedynamicstobe
recordedthisiscalledthetrainingcycle.Asecuritylevelcanbesetforeach
userthisappearstobeathresholdforbalancingFARandIPR.(Patricketal,
2004).BIOPASSWORDhasreceivedanumberoffavourablereviewsfromthe
ITpress.
1Itwouldseemthatreviewersonthewholefoundthesecurityofferedbythe
systemtobereliableandeffectivewithnoneofthereviewersabletogenerate
ImposterPasserrors.Reviewersalsofoundthelearningphasetobe
acceptable.Therewasmixedopinionontheeaseofinstallationwithone
reviewerlamentingonthehighknowledgeofWindowsDomainstructures
required.Becauseofthemiddlewarenatureofthesoftware,onereviewerwas
abletobypasssecuritybyusingrunasprivilegeshoweveritwas
suggestedthatwouldbefixedinalaterversionofthesoftware.Particular
interestisthetimingofthereviewarticleswhichalloccurredaroundthe
launchofthesoftwarein2001/2002.Therewerealsoanumberof
announcementtypearticleswrittenaroundthistimealso.Sincethistimethe
BIOPASSWORDsoftwareseemstohavebeenlargelyforgottenbytheITand
popularpress.Thiscouldbeinterpretedtomeanthatithasnotyetmadethe
marketpenetrationthatwasheraldedinitsinitialrelease,howeveritcould
alsoindicatethatthemediahassimplyturneditsattentiontomore
newsworthyitemstimeofcoursewilltell.(
Altman,2002andBragg,2002).
1BIOPASSWORDcomesinaSoftwareDevelopmentKit(SDK)versionand
twocommercialproductsclaimtoincorporateitintotheirproducts
(WWW.DistanceEducator.com,
2001).BIOPASSWORDhas
1enteredintoalicensingagreementwithNetNannyInc(thethenownersof
BIOPASSWORD)toincorporateBIOPASSWORDtechnologyintotheironline
verificationsystem.Whetherthisactuallyoccurred(andisstillinuse)cannot
bedeterminedfromavailableonlineinformation.SymmetricSciences,developed
(2002),issoftwarethatmanagesclinicaltrialdata.Ithasincorporated
biometricuserauthenticationfeaturesdevelopedusingtheBIOPASSWORD
SDKsince2001.Accordingtotheirwebsite,(www.symetric.ca,2001)thelatest
versionofthesoftwarestillhasthisfeature.TheCreditUnionTimesGentile
(2004)reportedthat,SanAntonioCityEmployeesCreditUnionhasrecently
introducedBIOPASSWORDsecurityintotheirlaptops.BioNetSystems
themselvesclaimontheirwebsite,(www.biopassword.com,2006)tobein
partnershipwithlargecorporationssuchasNovell,Citrixandareactively
developingproductsincorporatingtheirBIOPASSWORDtechnology.
2.19ApplicationsUnderKeystrokeDynamics
https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 30/47
10/14/2016 TurnitinOriginalityReport
14Keystrokedynamicshasmanyapplicationsinthecomputersecurityarena.
Oneareawheretheuseofastaticapproachtokeystrokedynamicsmaybe
particularlyappealingisinrestrictingrootlevelaccesstothemasterserver
hosting.
5Anyuseraccessingthenetworkispromptedtotypeafewwordsofapass
phraseinconjunctionwithhis/herusernameandpassword.Accessisgranted
ifhis/hertypingpatternmatcheswithinareasonablethresholdoftheclaimed
identity.Thissafeguardiseffectiveasthereisusuallynoremoteaccess
allowedtothenetwork,andtheonlyentrypointisviaconsolelogin.
Alternatively,dynamicorcontinuousmonitoringoftheinteractionofusers
whileaccessinghighlyrestricteddocumentsorexecutingtasksin
environmentswheretheusermustbealertatalltimes(forexampleair
trafficcontrol),isanidealscenariofortheapplicationofakeystroke
authenticationsystem.Keystrokedynamicsmaybeusedtodetect
uncharacteristictypingrhythm(broughtonbydrowsiness,fatigueetc.)inthe
userandnotifythirdparties.
Magnus(1999)concludedbyaddressingthe
5practicalimportanceofusingkeystrokedynamics,asabiometricfor
authenticatingaccesstoworkstations.Keystrokedynamicsistheprocessof
analyzingthewayuserstypebymonitoringkeyboardinputsand
authenticatingthembasedonhabitualpatternsintheirtypingrhythm.He
reviewsthecurrentstateofkeystrokedynamicsandpresentclassification
techniquesbasedontemplatematchingandBayesianlikelihoodmodels.He
arguethatalthoughtheuseofabehaviouraltrait(ratherthanaphysiological
characteristic)asasignofidentityhasinherentlimitations,whenimplemented
inconjunctionwithtraditionalschemes,keystrokedynamicsallowsforthe
designofmorerobustauthenticationsystemsthantraditionalpasswordbased
alternativesalone.Theinherentlimitationsthatarisewiththeuseofkeystroke
dynamicsasanauthenticationmechanismareattributedtothenatureofthe
referencesignatureanditsrelationshiptotheuserrecognizingusersbased
onhabitualrhythmintheirtypingpatternusesdynamicperformancefeatures
thatdependuponanacttherhythmisafunctionoftheuserandthe
environment.Theproblemwithkeystrokerecognitionisthatunlikenonstatic
biometrics(suchasvoice)therearenoknownfeaturesorfeature
transformationswhicharededicatedsolelytocarryingdiscriminating
information.Fortunately,inthepastfewyearsresearchershavepresented
empiricalfindingsthatshowthatdifferentindividualsexhibitcharacteristicsin
theirtypicalrhythmthatarestrikingindividualisticandthatthese
characteristicscanbesuccessfullyexploitedandusedforidentification
purposes.Theperformanceofhisclassifiersonadatasetof63usersranges
from83.22%to92.14%accuracydependingontheapproachbeingused
5inthatthereissignificantvariabilitywithwhichtypistsproducesdigraphs.
Hence,Hesuggeststheuseofdigraphspecificmeasuresofvariabilityinstead
ofsinglelowpassfilters.Additionally,Hearguesinfavouroftheuseof
structuredtextinsteadofallowinguserstotypearbitrarytext(i.e.,freetext)
duringtheidentificationprocess.Whilerecognitionbasedonfreetextmaybe
moredesirable,freetextrecognitionwasobservedtovarygreatlyunder
operationalconditionsthefactthattheinputisunconstrained,thattheuser
maybeuncooperative,andthatenvironmentalparametersthatare
uncontrolledimposelimitationsonwhatcanbeachievedwithfreetext
recognition.
ThebelieveisthatMagnus(1990)pointofviewofusingfreetesttolearnisthebestbecausesome
charactermaynotbecommonlyusedortypedbysomegroupofpeople.FortheexampleanAkanstribe
https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 31/47
10/14/2016 TurnitinOriginalityReport
inGhanadonotcommonlyuseortypeletterslikeq,c,z,x,j.SoitisbettertoallowforFreeText.2.20
LessonsandConclusion
1DespitethegreatpromiseofbiometrictechniquesusingKeystrokeDynamics
asameansofimprovingauthentication,thereseemstohavebeena
disproportionatelylowpenetrationofthemethodintomainstream
authentication
ofuserofcomputer.
1Nearlyallthedocumentsreviewedinthisresearchwork,complainonthis
situation.Anumberofplausiblereasonscanbeofferedthatcenteredaroundthe
theme,whichonceaKeystrokeDynamicssystemofauthenticationisdeployed,
lifeismademoredifficultforeveryoneinvolvedincludingusers,
administrators,andsupportstaff.Forexample:Thetechnologyusually
requirestheinstallationofmiddlewarewhichisanadditionalexpenseand
additionaldrainonITadministrativeandsupportresources.Middleware
introducesmorecomplexityintothelogonprocedureandcreatesagreater
opportunityforfailureandattackvectors(Bragg,2002).Withthe
systemtobedeveloped,therewillbenomiddleware.The
1technologymakesthelogonproceduremoredifficultforusers,particularly
whenFARarehigh.ThiswillimpactonHelpDesks,alreadyreceivinghalftheir
workloadaspasswordrelatedissues.Patrick,(2002)whocouldriskhaving
evenmorepasswordrelatedsupportcalls.Theuseofsuchbiometric
techniquesneedstobecoordinatedacrossausergroupandthisrequires
setupandmaintenanceresources.Theuseofsuchtechniques,withitsgreater
relianceonacceptablepasswordconstructionmayexposeexisting
weaknessesinIT(InformationTechnology)policyandimplementationina
workplace.Thetechnologyisnewandtheremaybearesistanceandlackof
trusttowardssuchaninnovation.Conservativeorganizationsmaybewaiting
untilotherorganizationsadoptsuchprocedures.Thereisprobablyalackof
government/legislativerequirements/incentivestoimproveauthenticationto
thelevelaffordedby
BiometricKeystrokeDynamicsCHAPTER3METHODOLOGYANDDESIGN3.1ReviewThe
95motivationforusingkeystrokefeaturesto
strengthenpasswordbasedauthenticationcomesfromnumerousresearcheffortsthatvalidatethe
84hypothesis,thatcertainkeystrokefeaturesarehighlyrepeatableand
thatsignificantvariationexistbetweenusers(Gainesetal,1980).Whileresearchesonnetworksecurity
authentication
1usingkeystrokedynamicsarelimited,itisclearthatasameansofimproving
networksecurityauthenticationwhilestillworkingwithinexistingframeworks.
Themethodsareviableinanetworkedenvironment.
Thesystemwill:GenerateIDandkeystrokepatternDesignanefficientwayofsavingandretrieving
passwordCodedatabaseinbinaryformattoavoidpasswordhackingHelpuserstolearnpassword
patternProvideefficientandsecurewayofaccessingthenetworkProvidinglocalauthenticationThe
systemwillbeanalysed,designed,developedtestedandimplementedattheAnglicanSeniorHighSchool
tohandleactivitiesatthefollowingdepartments:AdministrationAcademicDomestic3.2System
AnalysisInordertocomeupwithanymeaningfulsolutiontotheproblembeingfacedbytheSchool,there
isa
https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 32/47
10/14/2016 TurnitinOriginalityReport
24needtoseeallsidesoftheproblemtocomeoutwithanacceptablesolution.
Analysisinvolvesstudyingthesystemandseeinghowtheyinteractwiththe
entitiesoutsideaswellasinsidethesystem.
24Detailedspecificationsofwhatthesystemwillaccomplishbasedonthe
userrequirements
wereanalysed(Theuserrequirementsinthiscasewereproposed,sincethisisastudentsprojectwork).
33InSystemAnalysismoreemphasisisgiventounderstandingthedetailsof
anexistingsystemoraproposedoneandthendecideswhethertheproposed
systemisdesirableornotandwhethertheexistingsystemneeds
improvements.Thus,systemanalysisistheprocessofinvestigatingasystem,
identifyingproblems,andusingtheinformationtorecommendimprovements
totheexistingsystem.Systemsdesignwilltakethe
24requirementsandanalysisintoconsiderationandcomeoutwithhighand
lowleveldesignsthatwillformtheblueprinttotheactualsolutiontothe
problemathand.Inthisdynamicworld,analysisanddesignhavetolookinto
makingsystemsthatareflexibleenoughtoaccommodatechanges,astheyare
inevitableinanysystems.System
79developmentcangenerallybethoughtofhavingtwomajorcomponents:
Followingthestepsbelow,
46itbecomesveryeasytodrawtheexactboundaryofthenewsystemunder
consideration:Keepinginviewtheproblemsandnewrequirements
WorkouttheprosandconsincludingnewareasofthesystemSystem
Analysis
and
58designalsoincludesubdivisionofcomplexprocessesinvolvingtheentire
system,identificationofdatastoresandmanualprocesses.Allprocedures
andrequirements
will
65beanalysedanddocumentedintheformofdetaileddataflowdiagrams
(DFDs),EntityRelationalDiagrams,andLogicaldatastructures.
3.3RequirementsGatheringIntheefforttoreallyunderstandthecurrentsystembeingoperatedatthe
School,AnexistingproblemwereknownbygoingtotheschooltofindouttheproblemstheSchoolwas
facing,tocomeoutwithalternativesolutionsandfinallychoosethebestsolutionfortheSchool,Various
techniqueswereadoptedinachievingthemainaimofsystem.Theunderlistedtechniqueswereadopted:
3.3.1SamplingofExistingDocumentsandEventsVarioussamplesofdocumentsandeventsthatoccurat
theSchoolconcerningtheschoolnetworksecuritysystemwerecollectedincludedthefollowing
IntrusiontoadministrationrecordsAlterationofstudentsmarksIndepthanalysisofthesedocuments
hadbeenconductedwhichformsthebasisofthegenerationoftheentityrelationaldiagram.3.3.2
InterviewwiththeStaffoftheSchoolTheheadmasterwasthemainsourceofinformationinregardsto
knowingabouttheproblemdomain.Thecontextdiagramaspartofthisdocumentwasgeneratedduring
theinterviewwiththeSchoolHeadmaster.HeactuallymadeusunderstandthattheSchoolhavenothad
anymeaningfulsecuritypolicyorsystemstomanagetheirSchoolnetwork.Inhisview,beingableto
outlinesomeoftherequirementsoftheproposedsystemwasabitofaproblemastheusershavebeen
sousedtotheoldwaysofworking.Therewerestaffswithoutcomputeraccessduetothefearthatthey
mayinterferewiththeexistingsystem.Staffswithaccess,haveunlimitedaccesswhichisalsodangerous
intermsofsecurity.Studentrecordsmanipulationintheaccountsofficewassomeofthecitedissues.
3.3.3ObservationoftheWorkingEnvironmentSeveralvisitshavebeenconductedattheSchool,
https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 33/47
10/14/2016 TurnitinOriginalityReport
especiallytheaccounts,administrationdepartmentandtheComputerlaboratories.Beingatthe
administrationwasimportantforustounderstandhowthenonteachingstaffsperformtheiradministrative
proceduresonthenetwork.Variousscenariosonnetworklogonandlogoutwerecaptured,whichwill
formthebasisofcapturingofauthenticationhistoryintothesystem.3.3.4TestingoftheoldsystemAfter
theobservationsandinterviews,therewastheneedtopracticallytestfortheabilityofthesystemto
securethenetwork.Thetestwasdonetocomparewiththenewsystemtodoabetteranalysisofboth
systems,whichwillresultindrawingabetterconclusionastothedirectiontheschoolmusttake.Five
workingdayswereused.3.3.4.1ShoulderSurfingAttackShouldersurfingisanattackingtechnique
wherebyanintrudersecretlywatchausertypeshis/herpasswordwiththeintensionofusingitlater.This
attackusuallyoccurinanopenofficewheretypingofpasswordisexposedtosurroundingonlookers.
Thiswashowtheshouldersurfingtestwasconducted.Thetestwasconductedcontinuouslyforfive
workingdays.Tenintruderswhereaskedtowatchusersastheytypetheirpasswords.?Userswerenot
awarethattheywerebeingwatched.?Afterfivedaystheintrudersweremadetotrytoenterwhatthey
wereabletocapturebywatchingtheuserstypetheirusernameandpassword.?Thetable2explainsthe
result(whatoccurredontheconcurrentdayswiththesamepreamble).Table.2:Summaryoftestresults
forshouldersurfingattackexperimentDaysNumberofIntrudersSuccessFailureRemarksDay120119
FairauthenticationDay220182PoorauthenticationDay3201010FairauthenticationDay420515
GoodauthenticationDay520137WeakauthenticationTotal1005743FairauthenticationThiswashow
theexperimentwasconductedOnthefirstday,twentyuserswerewatchedastheytypedtheiruser
namesandpasswords.Elevenintruderswereabletoproducethosetheywatched,thususernamesand
passwords.Thereforetheywereabletoentertheirvictimscomputer.Preamblecontinuousuptothefifth
dayasindicatedinthetableabove.ObservationsOutof100experienceperformedwithshouldersurfing
attackontheoldsystem57oftheintrudersweresuccessful,whichmeansthatmorethan50%ofthe
intruderswheresuccessful.3.3.4.2
2BruteForceAttackInabruteforceattack,anintrudertriesallpossible
combinationofcharacterstocrackingapassword.Themorecomplexa
passwordis,themoresecureitisagainstthebruteforceattack.Themain
defenseagainstbruteforcesearchistohaveasufficientlylargepassword
space.
68Table.3:Summaryoftestresultsforguessingand
bruteforceattackexperimentDaysNumberofIntrudesSuccessFailureRemarksDay120173Poor
authenticationDay220911FairauthenticationDay3201010FairauthenticationDay420317Good
authenticationDay520020GoodauthenticationTotal1002961GoodauthenticationThiswashowthe
experimentwasconducted?Twentyintrudersweremadetoguessthepasswordofusersintheschool,
usingwordandphraseliketheirname,telephonenumbers,namesoftheirspousesandsamplenumbers
like0to9.?BruteforceAttackprograms(likeJohntherapper)wereusetoautomaticallysearchforuser
nameandpasswordsFromthetableabove,onthefirstday,twentyintruderswereallowedtouse
guessingandattackprogramstogainaccesstotheusersmachine.Theresultwasthatseventeenofthe
intrudersweresuccessfulandthreeoftheintrudersfailed.Thepreamblecontinuousuptothefifthdayas
indicatedthetableabove.ObservationsOutofhundredexperimentperformontheoldsystemtwentynine
intruderweresuccessfulwhichaccountfor29%ofsuccess.Butinnetworksecuritytermsitisbadrate,it
shouldbe0%successrate.3.3.4
23.3SocialEngineeringAttackSocialengineeringisthepracticeofobtaining
confidentialinformationbymanipulatingoflegitimateusers
Thisishowtheexperimentwasconducted.Twentyoftheintrudersweremadetocalltheusersandjust
askthemoftheirpasswordTheintrudersalsosendformthroughemailtouserstofillandintheform,they
weresupposedtoentertheirusernameandpasswordontheirmachineandsomeofthemdid.The
passwordwasassumetohelptheintrudertoinstallprogramslikegames,antivirusandmanyattractive
programsforfreefortheusers,andsomeofthemweretrickedinthatprocesstogiveouttheiruser
namesandpasswordsTable.4:SummaryoftestresultsforsocialengineeringattackexperimentDays
NumberofIntrudersSuccessFailureRemarksDay120128FairauthenticationDay220119Fair
authenticationDay320155WeakauthenticationDay4201010FairauthenticationDay520812Fair
authenticationTotal1005644FairauthenticationThetable4:explaintheexperimentOnthefirstday
twentyoftheintrudersusedbothtelephonecallandemailtrickstoobtainusernameandpasswordtwelve
oftheintrudersweresuccessfulandeightofthefailed.Thepreamblecontinueuptofifthday,asshowin
thetableabove.ObservationsOutofhundredexperimentsperformedforsocialengineeringattacks
(impersonation)fiftysixoftheintrudersweresuccessful,thataccountformorethan50%intrudersuccess
ratewhichisbad.3.3.4.4RecordinguserinformationAttackRecordinguserinformationistheuseof
spywaresoftwareinrecording
2informationaboutusers,usuallywithouttheirknowledge.Howthe
https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 34/47
10/14/2016 TurnitinOriginalityReport
experimentwasconductedSpywareapplicationorexecutablefileswereinstalledonusersmachines.A
spywarecalledmediacces.exewasinstalledontwentyoftheirmachineswiththeintenttocopythe
informationlikeusernameandpasswords.Table.5:Summaryoftestresultsforrecordinguser
informationattackexperimentDaysInstalledspywareoncomputersSuccessFailureRemarksDay12018
2PoorauthenticationDay220164PoorauthenticationDay320182PoorauthenticationDay420173
PoorauthenticationDay520173PoorauthenticationTotal1008614PoorauthenticationTable.5:
explaintheexperimentOnthefirstdaytwentyofthemachineonwhichthespywarewareinstalledwere
checked,nineteenofthemachinedatawassuccessfulrecorded,onecouldntrecordtheinformation.The
preamblecontinuesuptofifthday,asshowonthetableabove.ObservationsOutofthehundred
experimentsconductedforrecordinguserinformation84ofthespywarewasabletocopytheuser
informationleavingonly14.Thereforeitmeansthattherewasalmost90%successfulrateintheattack.
Alltheresultsoftheexperimentsperformedabovealreadygoestoprovethattheoldsystemhavealotof
defectswhichneedtobesolved.3.4DescriptionofthenewSystemTheKeystrokeDynamics
authenticationSystemisdesignedtopreventusersattheSchoolfromgainingaccesstonetworkwithout
authorization.Inaddition,thesystemisexpectedtorequireuserstolearnkeystrokedynamicstocreatea
keystrokepatternwhichshouldbeuniquetoanyuserinadditiontotheirpassword.Thesystemshouldbe
designedsuchthattheadministratorlogonfirstandpersonallycreatesanaccountforusers.Afterwhich
usersarerequiredtolearnthekeystrokedynamicswiththesystem.Afterasuccessfullearningofthekey
strokepattern,theuserisallowedtologon.Meanwhileatanypointintimethecomputerscreenis
covereduntilasuccessfullogon.3.5TheSoftwareDevelopmentLifecycle(SDLC)Thesoftware
83developmentlifecycle(SDLC)coversthewholelifeofthe
softwareproject.Thatisfrom
57feasibilitystudy,analysis,specification,design,developmentandeventhe
aspectswhichtakeplaceafterthesystemhasbeenacceptedbytheenduser
thatisoperation,maintenanceandenhancement.Forthepurposeofthisproject,thewaterfall
developmentmodelwasusedasaguidetodeveloptheKeystrokeDynamicsauthenticationSystem,since
thisisasmallscaleproject.TheWaterfallmodelisoneofthemostcommonsoftwaredevelopment
lifecyclemodelsavailable.
44Itisverysimpletounderstandanduse.Eachnextphaseinthismodelmust
beginonlyafterthepreviousphaseiscompleted.Waterfallsoftware
developmentmodelmaybeapplicabletoprojectswhere:Software
requirementsareclearlydefinedandknown
asinthecaseofthisproject
93Softwaredevelopmenttechnologiesandtoolsarewellknown
3.6.1TheWaterfallModelDiagram
60FeasibilityStudyRequirementDefinitionHighleveldesignDetaileddesign
CodeandUnittestingIntegrationandtestingOperationsMaintenanceFigure.2:
TheWaterfallModel
Diagram3.6.2ProjectVersionoftheWaterfallModelFeasibilityStudyRequirementAnalysisProduct
DesignDevelopmentandTestingInstallationandBetatestingDocumentationFigure.2:ProjectVersionof
theWaterfallModelForthepurposeofthisproject,thewaterfallmodelhasbeenmodifiedtosuitthe
natureofwhatthissystemwantstoachievewithintheprojectconstraints.3.7ExplanationofModified
WaterfallModelThisprojectisforacademicpurposes,hencerequiresthatthesoftwaretobeproducedat
theendofitallwillbeanalyzed,designedandimplemented.Lookingatthetimeconstraints,thebelieveis
that,thesystemwillnothavetheluxurytoseetheprojectthroughitsentirelifecycle,henceamodified
versionofthedevelopmentmodel.3.8
80NonFunctionalRequirementsoftheSystemInorderfortheprojectto
succeed,thesystemisexpectedto
beeasytousebyusersattheSchool.The
74Softwareshallprovideaneasytousegraphicaluserinterfacethatis
intuitive
https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 35/47
10/14/2016 TurnitinOriginalityReport
andshallgiveagraphicalrepresentationoftheactionthatuserperform.TheKeystrokeDynamics
authenticationSystemwouldbeadaptableenoughtoallowforfuturechangesshouldthebusiness
processesoftheSchoolchange.
35Thissystemshouldbeabletoexpandtomeetfuturebusinessneeds.This
shouldincludeincreasingthenumberofcomputersthatcanconnecttouse
theapplication.The
systemshouldincludetechnicalsupportandprovideupgradeswheneverpossible.TheKeystroke
DynamicsauthenticationSystemwill
35becapableofintegratingwithanyothersystem
thattheSchoolmaywishtointroducelater.Thesystemshallprovidesecureprotectiontonetwork.The
systemisexpectedtoperformverywellandenabletheappropriateuserstoLogontothesystem,
35withausernameandpassword.Administratorsshallbegivenfullrightsto
viewthesystem,addanddelete
usersinthesystem.Usersarealsorequiredtolearnkeystrokedynamicsinordertohaveaccesstothe
system.3.8.1BusinessRulesThefollowingbusinessrulesshallbefollowedandimplementedinthe
system.SystemsOwnerandAdministratorsshouldhaveextraprivileges.OnlyInformationneededbya
particularstaffshallbemadeavailabletothem.Usersshallhavethreeattemptstoenterusernamesand
passwords,afterwhichthesystemslogonscreenshallbeclosed.3.9FunctionalRequirementsTheactual
functionalitiesofthesystemtobedevelopedareoutlinedusingtheUnifiedModelingLanguage(UML)
Usecasemodelsasdetailedbelowinausecasesurvey:3.10TheUseCaseModelsThesystemwilluse
UMLUseCasemodelingtechniquetoidentifyalltherelevantactorsandtheparticulartypeoffunctions
thatthesystemcanoffereachactor.Ingeneral,theusecasemodelsshallhelptoidentifythescopeand
functionalityoftheKeystrokeDynamicsauthenticationSystem.3.10.1UseCaseSurveyTable.6:Use
CaseSurveyNAMEOFACTORDESCRIPTIONAdministratorTheonlypersonresponsibleforcreating
useraccountsNonteachingstaffThisactorlearnskeyboarddynamicsandlogonTeachersThisactor
learnskeyboarddynamicsandlogonStudentsThisactorlearnskeyboarddynamicsandlogon3.10.2Use
CasesDescriptionTable7:UseCasesDescription
81USECASEDESCRIPTIONCreateaccountThisusecasedescribeshowthe
administratorcreatesaccountsforusersLearnDynamicsThisusecasedescribeshowuserslearntheir
keystrokedynamics.LogonThisusecasedescribeshowtheuserlogonintothesystem.3.10.3UseCase
DiagramCRATEACCOUNTAdministrator<<extend>><<extend>>LEARNDYNAMICSLOGINUser
TeacherNonTeachingStaffStudentFigure.3:UseCaseDiagramoftheKeystrokeDynamics
AuthenticationSystem3.11ContextDiagram,DataFlowDiagramsandEntityRelationalDiagramsAllthe
relevantdocumentsthatareinuseattheSchoolwillbegathered,whichwillformthebasisoftheentity
relational(ER)diagramsanddataflowdiagram.Followedbytheinitialcontextdiagramforthesystemto
bedevelopedfortheSchool.Thecontextdiagramshallbeusedtodepictthesystemanditsexternal
entities.Dataflowdiagramswillbeusedtodepicttheprocessesinvolvedindeliveringlogonauthentication
system.Itwillincludethefollowing:CreatingpasswordLearningpasswordpatternandAuthenticating
usersThepurposeoftherequirementsanalysisprocessistoproducerequirementsspecifications
document,Figure.4:DataFlowDiagramInformationInformationRegistrationRegistrationInformation
RegistrationRegistrationAccountInformationRnegistration64StudentNonTeacherTeacher
InformationRegistrationLogonInformationRegistrationAdministratorRegistrationInformation
RegistrationInformationAccountCreateInformationRegistration3.12DataFlowDiagram3.13Main
ArchitectureDesignCreateAccountLoginMainformUserlearnAdministratorSetupUserFigure.5:Main
ArchitectureDesign3.14ProcessAnalysis3.16.1ContextDiagramCreateRequestofloginaccount
accountInformationofuserRegisterCreateaccountforusers.uusseerrssInformationofaccountuserID
userIDUserpasswordUserlearningdynamicBioNetLogPAToInENTSHEALTHCAREDELIVERY
SYSTEMInformationofaccountsUserIDAdminPasswordAdministratorFigure.6:ProcessAnalysis66
3.15TheAlgorithmThealgorithmoftheexistingsystemintheclientsorganizationshouldbeknown.To
buildanalgorithm,thesystemanalystneedtoobtainadetailedunderstandingofeachprocessand
analyseditingreaterdetailsThisprojectworkconsiderstheuseofdataflowdiagramstomodelthe
algorithmfortheschoolnewsystem.3.15.1TheSystemAlgorithm
76Duetotheimplementationoftheproposedsystem,fewchangeswilloccur
in
theexistingalgorithm.Step1.StartStep2.WhilenetworkIsAvailablegoto3else15Step3.DisableDesktop
andWindowsaccessStep4.GetadminkeyvaluefromregistryStep5.IfAdminKeyValueisnothinggoto
9else6Step6.EnterAdminUsernameandPasswordStep7.ConfirmPasswordStep8.CreateAdminKey
https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 36/47
10/14/2016 TurnitinOriginalityReport
Valueinregistrygoto10Step9.DisplayNoAdministratorFoundErrorMessagegoto6Step10.Enter
UsernameandPasswordStep11.IfuserisAdmingoto12else14Step12.DisplayCreateNewUser
FormStep13.CreateNewuserStep14.AllowWindowsAccessStep15.MinimizetoTaskbarStep16.Stop
673.15.2SystemFlowChartStartIsNoAvailableNetwork?MinimizetotrayiconYesNoisAdminKey
Detected?BlockWindowsAccessYesEnterUsernameandPasswordUsernameandPasswordCorrect?
NoFailed3xThresholdYesNoIsUserAdmin?AllowwindowaccessYesAddNewUserYesStop
Figure.7:SystemFlowChart3.16TheLogonProcessThescopeofthesystemtobedevelopedincludes
acceptinguserpasswordandlogoninkeystrokedynamics.Theadministratorcreatesaccountsforusers
withthenewsystemandhelpthemtogothroughthekeystrokedynamicslearningprocesses,toobtaina
wellpracticedpasswordrhythmwiththenewsystem.Thesystempreventstheuserfromhavingaccessto
theschoolnetworkuntilacorrectusernameandpasswordistypedinaparticularpatternwhichis
recognisedbythesystem.Ateacherwillhaveanewpasswordandusernametogetherwithhiskeystroke
dynamicpattern,whichwillhelphimauthenticatewiththenewsystem.Thenewsystemwillpreventother
teacherswhodonthavepermissiontousethenetworktoenterit.Itwillalsohelpinreducingnetwork
trafficwhichisaseriousproblemfornetworks.Thenonteachingstaffsaregoingtobeassuredofthe
factthatintrudersarenotgoingtointerferewiththeirdataduetothenewauthenticationsystem.Student
areonlyallowedtothesystemwhentheyareauthenticated,thisreducesthenetworktrafficdrastically
andimprovessystemefficiency.3.17BackEndDesignThesystemwillusebinaryfileasthebackend,
thatisafilewhosecontentmustbeinterpretedbyaprogramorahardwareprocessorthatunderstandsit.
BinaryfileformathastheadvantagesThefileissmallerduetotheformat.
45Binaryformatsalsoofferadvantagesintermsofspeedofaccess
Binaryfiles
45aremoreefficient,intermsofmemorystoringvaluesusingnumeric
formats,suchasIEEE754,ratherthanastextcharacters,whichtendstouse
morememory.Codedatabaseinbinary
formattoavoidpasswordhacking.3.18FrontEndDesignMicrosoftVisualBasic.Net2008IDEwillbe
usedforthefrontenddesign,thereasonsbeingthat:The
63structureoftheVisualBasic.Netprogramminglanguageisverysimple,
particularlyastothereadabilityoftheexecutablecodes.VB.Netprovides
theDotNetframeworkthat
41isnotonlyalanguagebutprimarilyanintegrated,interactivedevelopment
environment("IDE").TheVBIDEhasbeenhighlyoptimizedtosupportrapid
applicationdevelopment("RAD").Itisparticularlyeasytodevelopgraphical
userinterfacesandtoconnectthemtohandlefunctionsprovidedbythe
application.Sincethechoiceof
usersaremainlyaveragecomputerliterates,theflexiblevisualinterfacewillallowtodevelopprototypes
asquicklyaspossible,tohelpsolicitusersviewinmodifyingthemodulesasandwhentheyare
developed.
48ThegraphicaluserinterfaceoftheVBIDEprovidesintuitivelyappealing
viewsforthemanagementoftheprogramstructureinthelargeandthe
varioustypesofentities(classes,modules,procedures,forms).
3.29Technical/HardwareRequirementsThefrontendapplicationsoftware(whichwouldbedeveloped
usingVisualBasic.Net2008version)shallbeinstalledonallclientcomputersattheSchool
(administration,andacademicdepartments).Backenddatabasewillbewrittentobinaryfile.Inorderfor
theinstallationoftheapplicationtobesuccessful,thesystemshallrequirethefollowinghardware
equipmenttobeinstalledattheSchool:3.20HardwareEquipmentTable.8:HardwareRequirementsItem
NameMinimumSpecificationsHPProLiantG5ServerM3603.6GHzSpeed,2GBMemory4x146HDD,
RackMountable,SupportsRaid5Windows2008ServeroperatingsystemClientworkstationIntel1.8GHz
speed,WindowsXPoperatingsystem1GBMemory,80HDDLocalAreaNetwork(LAN)Networkspeedof
about100/1000MbpsSwitchSupportsupto100/1000MbpsPowerfulNetworkPrinterTobeplacedatthe
administrationtoprintstudentsreports3.21
50TestingThegeneralaimoftestingistoaffirmthequalityofsoftware
systemsbysystematicallyexaminingthesoftwareincarefullycontrolled
circumstances.Testingshouldhavethemajorintentoffindingerrors.
https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 37/47
10/14/2016 TurnitinOriginalityReport
Thesystemusedbothunitandintegratedtesting.Eachmoduleoftheapplicationdevelopedhasbeen
testedthoroughlytoensurethatitsuitsthedesignspecification.Thetestedmoduleshavebeenintegrated
usingtestdatatoensurethatthemodulescanoperatetogetherwithoutanyproblems.Oneofthetests
thatwasveryimportanttotheschoolwassystemtest.Hardwareandsoftwaretestingwareconductedto
ascertainhowtheBionetlogonwillfunctiononwindowsoperatingsystemandtheminimumhardware
requirementthatwillbeneeded.ThefollowingStepswerefollowedfortesting.3.21.1StaticandDynamic
40TestingStatictestingincludesreviewofdocumentsrequiredforthe
softwaredevelopment.
40Allthedocumentsrelatedtocustomerrequirementsandbusinessrulesthat
arerequiredforsoftwaredesignanddevelopmentshouldbehandedoverto
theprojectworksupervisor.Thedocumentswerereviewed.The
40reviewingofdocumentsincludescomprehensiveandthoroughstudyofthe
documents.Discrepancyfound
inthemwerenotedandfigureoutwhysuchdiscrepancies,sothatitwillnotoccuragain.Dynamictesting
53dealswithspecificmethodsforascertainingandorapproximatingsoftware
qualitythroughactualexecutions,i.e.withrealdataandunderreal(or
simulated)circumstances.
AftertheseTestcasesandtestscenariosareprepared.AReportofbugswasprepared,whichhelpedin
thefurtherdebuggingofthecodes.ThesystemshallfirstbeimplementedontheAnglicanSeniorHigh
Schoolnetworkaftertesting.Believeisthatmoreinstitutionswillexpressinterestinthesystemifitableto
serveitspurpose.3.22ImplementationAftersuccessfultestingofthenewauthenticationsystem,
NetBiologonsoftwarewasimplementedtotestagainstthetraditionalattacksdiscoveredattheschool,
thusAnglicansecondaryschool,whichincluded:shouldersurfingRecordinguserinformationSocial
engineeringGuessingandBruteforce3.22.1
2ShoulderSurfingSimplewaytoobtainauserpasswordistowatchhim
duringauthentication.
Itwasobservedthatuserpasswordswerebeingspyonbyothers,becauseofthefactthattheiroffices
wereanopenone,whichreducesconfidentialitytopasswords.TherewereCCTVcamerasattheirstore
rooms,whichfacilitatedshouldersurfing.When
2keystrokedynamicswasusedinverificationoridentificationmode,Shoulder
surfingnolongerbecameathreatfortheauthentication.Sincepasswordalone
isnotusedintheidentificationcaseandthereforethepasswordcannotbe
stolen.
Table.9:SummaryoftheResultsofTestedAttackforShoulderSurfingExperimentDaysNumberofusers
watchedSuccessFailureRemarksDay120020ExcellentAuthenticationDay220020Excellent
AuthenticationDay320020ExcellentAuthenticationDay420020ExcellentAuthenticationDay520020
ExcellentAuthenticationTotal1000100ExcellentAuthenticationThiswashowtheexperimentwas
conductedOnthefirstdaytwentyuserswerewatchedandnoneoftheintruderswereabletoproduce
keystrokedynamicspatternpasswordofuserstheywatched.Thereforetheywereabletoentertheir
victimscomputer.PreamblecontinuoustothefifthdayasindicatedinthetableaboveObservation
Shouldersurfingattackwastestedwiththenewsystem,thusthekeystrokedynamicsauthentication
systemandtheresultwasremarkable.0%oftheattackersweresuccessful,whichmeans100%failure.
Theattackerswereabletocapturethepasswordbutwerenotsuccessful74becausekeystrokedynamics
arenotjustaboutpassword,italsorequirespatternsandsequences.Theyfailedbecausetheycouldnot
getthepatternandthesequences.3.22.2RecordingUserInformationSpywaresaresoftwarethatcan
recordinformationaboutusersduringauthentication.Theuseofinternetattheschoolincreasesthe
chanceofspywaresattacks,whichrecordsuserstyping.Keystrokedynamicsisnotjustaboutusername
andpasswordalone,italsoaboutsequencesandpatternswhichmakesitdifficultforthesespywares
softwaretorecord.Table.10:SummaryoftheResultsofTestedAttackforRecordingUserInformation
ExperimentDaysInstalledofspywareoncomputersSuccessFailureRemarksDay120218Excellent
AuthenticationDay220020ExcellentAuthenticationDay320020ExcellentAuthenticationDay420020
https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 38/47
10/14/2016 TurnitinOriginalityReport
ExcellentAuthenticationDay520020ExcellentAuthenticationTotal100098ExcellentAuthentication
ThisishowtheexperimentwasconductedSpywareapplicationsuchasTrojanviruswasinstalledonthe
twentyusercomputers,withtheaimofrecordingtheirauthenticationinformation.Onthefirstdayonlytwo
oftheuserrecordswereabletocapturebythespywarevirus.Preamblecontinuoustothefifthdayas
indicatedinthetableabove.ObservationTestingtherecordingofuserinformationattacktechnique
againstkeystrokedynamicsauthenticationsystemwasabout98%failure.
2Spywareisprobablythebestandeasiestwaytocrackkeystrokedynamics
authenticationsystem,if
theintruderintentionallyinstallaTrojanviruswhichrecordsallinformationtoreproducetheusers
keystrokepattern.3.22
23.3SocialEngineeringSocialengineeringisthepracticeofobtaining
confidentialinformationbythemanipulationoflegitimateusers.Becauseof
social
bondingattheschool,peopleentrusttheirpasswordtofriends.Othersareabletotrickpeopletogiven
theirpasswordthroughtelephonecallandotherformsofconversations.Onthe
2firstsight,socialengineeringisnotpossiblewithkeystrokedynamics.Inthe
identification
stagepasswordpatternsthatcould
2begivenaway,notevenonpurpose.Askingforpasswordonthephoneand
pretendingtobetheauthorizeduserwasnot
possible.Table.11:SummaryoftheResultsofTestedAttackforSocialEngineeringExperimentDays
NumberofuserswatchedSuccessFailureRemarksDay120020ExcellentAuthenticationDay220020
ExcellentAuthenticationDay320020ExcellentAuthenticationDay420020ExcellentAuthentication
Day520020ExcellentAuthenticationTotal1000100ExcellentAuthenticationTable.11:explainthe
experimentOnthefirstdaytwentyoftheintrudersusedimpersonationtypeofsocialengineeringattack
onusers,bycallingandsendingthemEmailstotrickthemtogivetheirkeystrokedynamicsauthentication
patternpasswordtotheintruders.Althoughtheintrudersweresuccessfulingettingthepasswordsfrom
theusers,theycouldnotbeabletotypeinthepatternknowntothenewsystem.Sothereforethe
intruderscouldnotlogontotheuserscomputers.Preamblecontinuoustothefifthdayasindicatedinthe
tableabove.ObservationTestingkeystrokedynamicsagainstsocialengineeringattack,thesuccessrate
was0%.
2However,thesuccessratewillprobablybeverylow.
2Intheidentificationcase,thereisnopasswordthatcanbegivenaway,not
evenonpurpose.
3.22.4Guessingand
2BruteForceInthebruteforceattack,anintrudertriesallpossible
combinationsofcharacterstocrackapassword.Themorecomplexapassword
is,themoresecureitisagainstbruteforce
attack.Itwasrealizedthatstudentattheschoolhavetriedandevenonsomeoccasionsbeenableto
breakintotheschoolmainserverbycontinuouslyguessingandusingcombinationofcharacters.The
2maindefenseagainstbruteforcesearchistohaveassufficientlylarge
passwordspace.Thepasswordspaceofkeystrokedynamicsauthentication
schemeisquitelarge.Itisnearlyimpossibletocarryoutabruteforceattack
againstkeystrokedynamics.Theattackerorprogramneedtoautomatically
generatekeystrokepatternsandimitatehumaninput.Whenkeystroke
dynamicsareusedintwofactorauthenticationmechanism,thatispassword
andkeystroke.Itwasalmostimpossibletooverpowerthesecuritysystem.
https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 39/47
10/14/2016 TurnitinOriginalityReport
Table.12:SummaryoftheResultsofTestedattackforGuessingandBruteForceExperimentDays
NumberofuserswatchedSuccessFailureRemarksDay120020ExcellentAuthenticationDay220020
ExcellentAuthenticationDay320020ExcellentAuthenticationDay420020ExcellentAuthentication
Day520020ExcellentAuthenticationTotal1000100ExcellentAuthenticationThiswashowthe
experimentwasconductedBruteforceAttackprogramswereinstalledontwentyusercomputersto
automaticallysearchforuserskeystrokedynamicspatternpasswords.Fromthetableabove,onthefirst
day,theresultswerethatnoneofthetwentyintruderprogramswereabletocapturethekeystroke
dynamicspatternpasswords.Thepreamblecontinuoustothefifthdayasindicatedthetableabove.
ObservationIntheguessingandbruteforceattachtechnique,0%wassuccessfulagainstthekeystroke
dynamicsauthenticationsystem.Theattackerorprogram
2needtoautomaticallygeneratekeystrokepatternandimitatehumaninput.If
keystrokedynamicsareusedinatwofactorauthenticationmechanismthatis
passwordandkeystrokedynamicspatterns,itisalmostimpossibleto
overpowerthesecondarysystem,
thuskeystrokedynamicspatterns.3.22.5
2DictionaryAttackAdictionaryattackisatechniquefordefeating
authenticationmechanismbytryingtodetermineitspassphrasebysearching
alargenumberofpossibilities.Incontrasttoabruteforceattack,whereall
possibilitiesaresearchedthroughexhaustively,adictionaryattackonlytries
possibilitiesthataremostlikelytosucceed,typicallyderivedfromalotof
wordsinadictionary.
Intheschoolcase,dictionaryattackshavealsobeennotedwherestudentsdownloadsoftwarefromthe
internettocarryouttheseattacks.Asfordictionaryattack,itwasimpracticalandbarelyimpossibleto
carryitoutagainstkeystrokedynamicsauthenticationmechanism.CHAPTER4AnalysisTheanalysiswill
comparetheresultsofboththeoldnewsystemsexperimentstoestablishthecleardifferencesbetween
thetwosystemswithrespecttosecurityofauthenticationattheschoolnetwork.4.1Thesystems
experimentresults.Theoldandnewsystemsweretesteduponbyattackmechanisms,thussocial
engineeringshouldersurfing,bruteforceandrecordinguserinformation.Resultsforshouldersurfing
techniqueattack.Fortheoldsystem,outofhundredintrudersusedintheexperiment,asalreadystatedin
theexperimentinchapterthree,fiftysevenoftheintrudersweresuccessfulwhilefortythreefailedinthe
attempttoauthenticate,usingtheusernameandpasswordobtainedfromtheshouldersurfingtechnique.
Sincehundreduserswereusedintheexperiment,itmeans57usersaccountfor57%,soinvariablymore
than50%succeededintheattack.Whereasthenewsystemalsoproducedthefollowingresultsfromthe
testconducted.Outofthehundredusers(intruders)usednoneofthemwereabletousetheshoulder
surfingtechniquetoattackthenewsystem.0%successfuland100%failure.Socialengineeringresults
Outofhundredusersusedfortheexperimentforthesocialengineeringattackontheoldsystem,56%of
theintrudersweresuccessful,while44%failedintheattempttoauthenticateusingthesocialengineering
techniques.Withtheuseof100users,56accountsfor56%success.Soinvariably,morethan50%
intrudersweresuccessfulintheattack.Butthetestonthenewsystemusingsocialengineeringattack
experimentsproducedthefollowingresults.Outofthehundreduserused,noneoftheintruderscould
succeedinbreakingintothenewsystem.Therefore100%failedand0%successful.Bruteforceattack
resultsInreferencetochapterthree,theoldsystemexperimentresultshowsthat29%intruderswere
successful,while61%ofthemfailedintheattempttoauthenticateusingbruteforceattack.Theteston
thenewsystemusingbruteforceandguessingattackexperimentbroughtaboutthefollowingresults.
Hundredintruderswereused,Nointruderwassuccessfulinbeatingthenewsystem,whichimplythat
100%failedand0%succeeded.RecordinguserinformationresultattackAsalreadystatedinthe
previewsexperiments,hundredusersagainwereputtotaskand86ofthesoftwaresonthemachines
weresuccessfuland14ofthemfailedinrecordingtheuserinformation.Using100machinesforthe
experimenttheresultgoestoprovethat86%ofthemachineswerevenerabletotheattackwhileonly14%
ofthemwereableresisttheattack.ThetestconductedonthenewsystemusingRecordinguser
informationtechniqueshowedthat,outofhundredusers(intruders)used,onlytwooftheinstalled
spywaresoftwareswereabletorecordkeystrokedynamicspatternsoftheusers.98%failedand2%were
successful.4.2ConclusionofAnalysisFromtheexperimentconductedforbotholdandnewsystem,the
oldsystemhadanaverageof40%failureoftheattackwhiles57%oftheattacksweresuccessful.57%of
successinattacktoasystemshowsveryhugerisktothesystemwhichwillrequireabettersystemtostop
thislargesecurityrisktotheschoolnetworkingsystem.Upontheinstallationofthenewsystemandtest
conducted,thesearetheresultsobtained.Anaverage99.5%oftheexperimentedattackersfailed,itwas
0.5%marginofrisk.ThisriskmarginswasfoundintheRecordinguserinformationattacktechnique.
2Spywareisprobablythebestandeasiestwaytocrackintokeystrokedynamics
authenticationsystem.Iftheuser
intentionallyinstallanattackingsoftwaresuchastrojanhorseviruswhichrecordsallinformation.4.3
ResultAfterImplementationofKeystrokeDynamicsAftertheimplementationofkeystrokedynamics
https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 40/47
10/14/2016 TurnitinOriginalityReport
followinggeneralobservationsweremade.4.3
4.1UniquenessKeystrokeeventcanbemeasureduptomillisecondsprecision
bysoftware.Thus,itisimpracticaltoreplicateoneskeystrokepatternatsuch
highresolutionwithoutenormousamountsofeffort.4.3.2Transparencyand
Noninvasiveness
4Oneofthesignificantedgekeystrokedynamicsbiometricshasoverother
optionsisthedegreeoftransparencyitprovides.Itrequiresnoneorminimal
alterationtouserbehavioursincethecaptureofkeystrokepatternisdone
throughbackendsoftwareimplementation.Inmostcases,usermightnotbe
evenawarethattheyareprotectedbyanextralayerofauthentication.This
simplicitynotonlyconsiderablyfavourssystemdesignerbutalsotothoseend
userwithlittleornotechnicalbackground.4.3.3IncreasePasswordStrength
andLifespanPasswordhasbeenthemostwidelydeployedidentity
authenticationmethods,despitethesystemsthatrelysolelyonsingle
credentialsetconstituteweaknessandvulnerability.Researchershave
identifiedkeystrokedynamicsbiometricsasaprobablesolutionthatisableto
atleastaddanextralayerofprotectionandincreasingthelifespanof
password.Keystrokedynamicsbiometricsprovidesthecapabilitytofusethe
simplicityofpasswordschemewithincreasedreliabilityassociatedwith
biometrics.Byusingkeystrokedynamicsbiometrics,usercanfocuson
creatingastrongpasswordwhilstavoidbeingoverwhelmbydifferentsetsof
password.4.3.4ReplicationPreventionandAdditionalSecurityKeystroke
patternsarehardertobereproducedthanwrittensignatures.Thisisbecause
mostsecuritysystemsonlyallowlimitednumberoferroneousinputattempts
beforelockingdowntheaccount.Additionally,integrationofkeystroke
dynamicsbiometricsleaverandompasswordguessingattackobsolete,and
stolencredentialsbecomeentirelyinsignificant,sincesuccessfulpossession
ofsecretkeyisonlyamereconditionoftheentireauthenticationchain.Evenif
itdoesgetcompromised,anewtypingbiometrictemplatecanberegenerated
easilybychoosinganewpassword.4.3.6
DisadvantagesLowerAccuracyThesystemwas
4inferiorintermsofauthenticationaccuracyduetothevariationsintyping
rhythmthatwascausedbyexternalfactorssuchasinjury,fatigue,or
distraction.Nevertheless,otherbiometricsystemsarenotsparedbysuch
factorseither.
4LowerPermanenceMostbehaviouralbiometricsgenerallyexperiencelower
permanencycomparedtophysiologicalbiometrics.Typingpatternofahuman
maygraduallychangefollowingthecustomizationtowardsapassword,
maturingtypingproficiency,adaptationtoinputdevices,andother
environmentalfactors.However,researchershaverecommendedmethodsto
constantlyupdatestoredkeystrokeprofilethatmayresolvethisissue.
4.3.7
4SystemEvaluationCriteriaTheeffectivenessofakeystrokedynamics
authenticationsystemisusuallygaugedbytherecognitionrateofthesystem.
However,inordertoputforwardthistechnologyintorealworldpractice,
equalweightsshouldbeputinconsiderationonseveralotheressentialcriteria
asshownbelow.4.3.8EffectivenessEffectivenessindicatestheabilityofa
methodtocorrectlydifferentiategenuineuserandimposter.Performance
indicatorsemployedbytheresearcharesummarizedasfollow.FalseRejection
Rate(FRR)referstothepercentageratiobetweenfalselydeniedgenuineusers
https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 41/47
10/14/2016 TurnitinOriginalityReport
againstthetotalnumberofgenuineusersaccessingthesystem,occasionally
knownasFalseNonmatchRate(FNMR)ortype1error.AlowerFRRimplies
lessrejectionandeasieraccessbygenuineuser.FARisdefinedasthe
percentageratiobetweenfalselyacceptedunauthorizedusersagainstthetotal
numberofimpostersaccessingthesystem.TermssuchasFalseMatchRate
(FMR)ortype2error,referstothesamemeaning.AsmallerFARindicates
lessimposteraccepted.EqualErrorRate(EER)isusedtodeterminethe
overallaccuracyaswellasacomparativemeasurementagainstothersystems.
ItmaybesometimesreferredtoasCrossoverErrorRate(CER).Result
comparisonportrayedinthenextsectionwillmainlybeexpresswithFAR,
FRR,andEER.4.3.9EfficiencyTheefficiencyreferstothecomplexityof
methodemployed,whichnormallyconsideredbetterifComplexityislower.A
computationallyexpensivemethoddoesnotonlyputmountedstrainto
hardwarebutalsofrustratesuserwithlongerwaitingtime.4.3.10Adaptability
andRobustnessAdaptabilityimpliestheabilityofasystemtoaccommodate
gradualtypingchangesofuseracrosstime.Robustnessindicatesthe
capabilitytoworkwellwithusersfromdiverseprofessionswithdissimilar
typingproficiencies.
CHAPTER5ConclusionThisprojectworkaddressesthe
5practicalimportanceofusingkeystrokedynamicsasabiometricfor
authenticatingaccesstoworkstationsofanetwork.Keystrokedynamicsisthe
processofanalysingthewayuserstypebymonitoringkeyboardinputsand
authenticatingthembasedonhabitualpatternsintheirtypingrhythm.The
currentstateofkeystrokedynamicsandpresentclassificationtechniques
basedontemplatematchingandBayesianlikelihood
modelwerereviewed.Theargumentwas
14that,althoughtheuseofabehaviouraltrait(ratherthanaphysiological
characteristic)asasignofidentityhasinherentlimitations,whenimplemented
inconjunctionwithtraditionalschemes.Keystrokedynamicsallowsforthe
designofmorerobustauthenticationsystemsthantraditionalpasswordbased
alternativesalone.TheinherentlimitationsthatarisewiththeuseofKeystroke
dynamics,asanauthenticationmechanismareattributedtothenatureofthe
referencesignature"anditsrelationshiptotheuserrecognizingusersbased
onhabitualrhythmintheirtypingpatternusesdynamicperformancefeatures,
thatdependuponanact(therhythmisafunctionoftheuserandthe
environment).Theproblemwithkeystrokerecognitionisthat,unlikeother
nonstaticbiometrics(suchasvoice)therearenoknownfeaturesorfeature
transformationswhicharededicatedsolelytocarryingdiscriminating
information.Fortunately,inthepastfewyearsresearchers
(Joyce
87etal,1990,Maharetal,1995,andMonroseetal,
1997)
5havepresentedempiricalfindingsthatshowthatdifferentindividualsexhibit
characteristicsintheirtypingrhythmthatarestrikinglyindividualisticandthat
thesecharacteristicscanbesuccessfullyexploitedandusedforidentification
purposes.
This
5researchsupportstheobservationof(Maharetal,1995)inthatthereis
significantvariabilitywithwhichtypistproducesdigraphs.Hence,theresearch
https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 42/47
10/14/2016 TurnitinOriginalityReport
suggeststheuseofdigraphspecificmeasuresofvariabilityinsteadofsingle
lowpassfilters.Additionally,theresearchargueinfavouroftheuseoffreetext
thusallowinguserstotypeanytextoftheirchoice(i.e.,freetext")duringthe
identificationlearningprocess.Whilerecognitionbasedonstructuredtextmay
bemoredesirable,structuredtextrecognitionwasobservedtovarygreatly
underoperationalconditions.
5.1SummaryoftheResearchThesummaryoftheresearchdrawnbasedonthefindingsand
recommendationsmadearediscussedbelowwarefocusedon
85objectivesoftheresearchstudy.5.1.1FindingsThe
argumentis
14thatalthoughtheuseofabehaviouraltrait(ratherthanaphysiological
characteristic)asasignofidentityhasinherentlimitations,whenimplemented
inconjunctionwithtraditionalschemes.Keystrokedynamicsallowedforthe
designofmorerobustauthenticationsystemsthantraditionalpasswordbased
alternativesalone.Oneofthe
23problemwithkeystrokerecognitionisthatunlikeothernonstaticbiometrics
(suchasvoice)therearenoknownfeaturesorfeaturetransformationswhich
arededicatedsolelytocarryingdiscriminatinginformation.
Belowareimportantfactorsthatare
4directlyrelatedtouseracceptabilitytothetechnology.Thetechnologyshould
offeruserasmuchcomfortableandtransparencyaspossiblebynot
overloadinguserwithlonginputs,memorizationofcomplexstrings,or
providehugeamountsofrepetitiveinput.
Otherthantheuserandimpostortypingstyle,noneoftheothertestedtraits(i.e.,age,gender,or
dominanthand)werefoundtohaveasignificanteffectontheexperiment.Theexperimentcontinuesto
havethelowestmissrates(i.e.,thechanceofsuccessfullyevadingdetection),acrossmostfeaturesets,
typingtasks,amountsoftraining,updatingstrategies,andimpostorfamiliaritylevels.Impostorswho
becomefamiliarwithatypingtaskoftensignificantlyincreasetheirmissrate.Employinganupdating
strategysignificantlyreducesmissratesacrosstheexperimentandtypingtasks.Ineachinvestigation,we
drewtheseconclusionsbyevaluatingexperimentsundersystematicallyvariedconditions.Wecompared
ourfindingstothoseofearlierworks,ineachinvestigation,bydrawinginferencesusingdifferent
experiments.wewereabletomakediscoveriesandunderstandphenomenainwaysthatwouldnothave
beenpossiblewithoutthiswork.5.1.2RecommendationsSystemadministratorsshouldbeencouragedto
usekeystrokedynamicsauthenticationsystemtosecuretheirnetworks.5.2AreaofapplicationThis
softwareisdesigntosecurenetworkfromunauthorizeduserinanetworkenvironment.Networkcomes
withalotofbenefitincludingsharingofresources,butwithinherentriskofhackingbyanintruder.
91Thishasledtothedevelopmentofthissoftware,
whichisintendedtopreventnetworkintruders.Aninstitutionthataredelicateandusesnetwork
infrastructureslikebanks,schools,militaryinstallationsandmanyotherscanusethissystemtoprevent
intrudersfromtheirnetwork.5.3FurtherworkDevelopersofkeystrokerelatedsystemsshouldcomeout
withtheversionsthatcanbeinstalledonnonMicrosoftOperatingSystemsoftwareprogrammes,suchas
LinuxDevelopersshouldbeabletocomeoutwithsystemthatcanperiodicallychecktoensure
10thatthecurrentuseristhesameuser
authenticatedearlier.REFERENCES
2Accesssecurity,Computers&Security,22,695706,2003.
Ahmedetal.AnomalyIntrusionDetectionbasedon
https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 43/47
10/14/2016 TurnitinOriginalityReport
2AnilK.Jain,ArunRossandSalilPrabhakar2,AnIntroductiontoBiometric
Recognition.
Benny
6,SecuringPasswordsAgainstDictionaryAttacks,CCS02,1822,November
2007.Bergandoetal,UserAuthenticationthroughkeystrokeDynamics,
ACMtransactiononInformationSystemSecurityVol.No.5,pg367397,Nov
2002.
Bragg,2002,DistanceEducator.com,2000.Biometrics,ProceedingsoftheIEEE,2005.
47BrownetalUserIdentificationviaKeystrokeCharacteristicsofTyped
NamesUsingNeuralNetworks
1993.Brown,
6UserIdentificationviaKeystrokeCharacteristicsofTypedNamesusing
NeuralNetworks.InternationalJournalofManMachineStudies,vol.39,pp.
9991014,1993.Choetal,Webbasedkeystrokedynamicsidentityverification
usingneuralnetwork,Journaloforganizationalcomputingandelectronic
commerce,Vol.10,No.4,295307,2000.
Downland,etal,
6Alongtermtrailofkeystrokeprofilingusingdigraph,trigraphandkeyword
latencies,inproceedingsofIFIP/SEC19thInternationalConferenceon
InformationSecurity,pages275289,2004.
Guven,etal,
54Understandinguserskeystrokepatternsforcomputer
49InternationalJournalofAdvancedResearchinComputerand
CommunicationEngineeringVol.3,Issue10,October2014
Janakiramanetal,2007.Karnan,etal,
20"PersonalAuthenticationBasedonKeystrokeDynamicsUsingSoft
ComputingTechniquesetal",SecondInternationalConferenceon
CommunicationSoftwareandNetworks,Pp.334338,2010.
Joyceetal.,
6IdentityAuthenticationBasedonKeystrokeLatencies,Communicationsof
theACM,vol.39pp168176,1990.Lawrenceetal,ComparingPasswords,
Tokens,andBiometricsforUserAuthentication,ProceedingsoftheIEEE,
Vol.91,No.12,Dec,pp.20192040,2003.Leggett,
70etal,DynamicIdentityVerificationviaKeystroke
Characteristics.InternationalJournalofManMachineStudies,
1991.Maxionetal,2010.Monrose,etal,
54KeystrokeDynamicsasaBiometricforAuthentication.FutureGeneration
ComputerSystems,16(4)pp351359,1999.Monrose,etal.,
https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 44/47
10/14/2016 TurnitinOriginalityReport
52AuthenticationviaKeystrokeDynamics,Proceedingsofthe4thACM
ConferenceonComputerandCommunicationsSecurity,p4856,April1997.
Obaidat,etal,Verificationofcomputerusersusingkeystrokedynamics,
IEEETransactionsonSystems,Man,andCybernetics,PartB
27(2):261269,April1997.Shanmugapriya,etal,
29ASurveyofBiometrickeystrokeDynamics:Approaches,Securityand
Challenges,(IJCSIS)InternationalJournalofComputerScienceand
InformationSecurity,ISSN19475500,Vol.5,No.1,2009.
Napieretal
6KeyboardUserVerification:TowardanAccurate,EfficientandEcological
ValidAlgorithm.InternationalJournalofHumanComputerStudies,vol.43,
pp213222,1995.
Furnell,etal,
51UserAuthenticationforKeypadBasedDevicesusingKeystroke
Analysis.MScThesis,UniversityofPlymouth,UK,2000.Obaidatetal
,Computeruserverificationusingtheperceptron,IEEETrans.onSystems,
Man,andCybernetics,
2vol.23,no.3,pp.900902,May1993.
Sogukpinar.etal
59(2004),Useridentificationatlogonviakeystrokedynamics,Journalof
ElectricalandElectronicsEngineering,Vol.4,No.1,9951005.
2VideoBasedBiometrics,Vol.14,No.1,January2004.
Choetal,
73Keystrokedynamicsidentityverificationanditsproblemsandpractical
solutions,Computers&Security,2004.Furnell,etal,
2AuthenticatingmobilephoneusersusingkeystrokeanalysisInternational
JournalofInformationSecurity,6(1):114,2007.
Dawnetal,1997.Difference
14inDigraphLatencyDistributions.Int.JournalofHumanComputerStudies,
43:579592,1995.
23DigraphLatencyBasedBiometricTypistVerificationSystems:Interand
IntraTypists
DistanceEducator.com,(August,2013).Dowland
86etal,2004.Wagneretal,2004Monroseetal.
https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 45/47
10/14/2016 TurnitinOriginalityReport
67AuthenticationViaKeystrokeDynamics.Francescoetal.FourthACM
ConferenceonComputerandCommunicationsSecurity,Pages4856,1997.
Gunettietal,
2Keystrokeanalysisoffreetext,ACMTransactionsonInformationand
SystemSecurity,volume8,pages312347,2005.
Choetal,
2Retrainingakeystrokedynamicsbasedauthenticatorwithimpostor
patterns,Computers&Security,26(4):300310,2007.
KevinCMUCS12100January2012.Pin
2etal,StatisticalFusionApproachonKeystrokeDynamics,Third
InternationalIEEEConferenceonSignalImageTechnologiesandInternet
BasedSystem,2007.
Joyceetal.
14IdentityAuthorizationBasedonKeystroke.2001Latencies.
CommunicationsoftheACM,33(2):168{176,February1990.}
47Gaines,etal.Authenticationbykeystroketiming:somepreliminaryresults.
RandreportR256NSF.RandCorporation,1980.
Obaidat,etal,
61B.:Verificationofcomputerusersusingkeystrokedynamics.IEEE
TransactionsonSystems,ManandCybernetics27(1997)Pages261269.
66UniversityofTorino(2002)TransactionsonInformationandSystem
Security,Vol.5,No.4,November2002,Pages367397.
Magnus,1990,2009Margaretwhatis.com(2007),(accessedNovember,2014).Sogukpinaretal
29Asurveyofbiometrickeystrokedynamics:Approaches,Securityand
Challenges(IJCSIS)InternationalJournalofComputerScienceand
InformationSecurity,Vol.5,No.1,2009.
WWW.Symetric.ca,(accessed2015June19).www.biopassword.com(accessed2014May).Appendix
UserManualWindowsSystemRequirementsMinimumrequirements:Intel1.8GHzspeed,WindowsXP
operatingsystem1GBMemory,80HDD
5616XCDROMDrive360MBFreeHardDiskspace*16bitcolourmonitor800x
600ResolutionsWindowscompatiblesoundcardWindowscompatible
mouse
Acolourprinterwith300dpiorbetterisrecommended.InstallingBionetlogonSystemAfterinstallingthe
programfromtheCD,BioNetLogontheSystem
30runsfromyourharddrive.Tocompletetheinstallation,360MBfreespaceis
requiredonyourharddrivetostoreprogramfiles.Closeallprogramsand
applicationsbeforeinstalling.
WhenusingBioNetLogonSystemunderatypicalinstallation,
https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 46/47
10/14/2016 TurnitinOriginalityReport
30theseinstructionsassumethattheAutoPlayfeatureisturnedon.Windows
Insertthe
BioNetLogonSystem
30CDintheCDROMdrive.Followtheonscreeninstructionstocompletethe
setupprocess.The
30setupprogramplacesBioNetLogonSystemfileiconsinthestartmenu.
99StepstoSetupsAdministratorEnteradministratordetailsintoformthususername,passwordand
confirmit.Clickokbottomtosave.RestartthesystemforBioNetLogonsoftwaretostartrunning.
EnterlogondetailsthusadministratorusernameandpasswordforauthenticationUsethelogonlearner
windowtolearnthekeystrokeDynamicspatternorrhythm.Savelearntkeystrokepattern.Addnew
usertothesystem.StepstoSetupUserEnteruserdetailsintoformthususername,passwordand
confirmit.Clickokbuttontosave.UsethelogonlearnerwindowtolearnthekeystrokeDynamics
patternorrhythm.Savelearntkeystrokepattern.Enterlogondetailsthus
71usernameandpasswordforauthentication.12345678910
131415161718192021222324252627282930313233343536373839404142434445
464748495051525354555657585960616263656869707172737576777879808182
83848586878889909192939495969798100101
https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 47/47