You are on page 1of 47

10/14/2016 TurnitinOriginalityReport

TurnitinOriginalityReport

IMPROVINGNETWORKSECURITY SimilaritybySource
USINGKEYSTROKEDYNAMICSby SimilarityIndex
InternetSources: 43%
MichaelBoakye
58%
Publications: 25%
StudentPapers: 37%
FromThesis(MIT)

Processedon14Oct201613:17GMT
ID:720756931
WordCount:21269
sources:

9%match(studentpapersfrom06Oct2004)
1
SubmittedtoGIACon2004106

8%match(Internetfrom05Jul2012)
2
http://arxiv.org/ftp/arxiv/papers/0910/0910.0817.pdf

5%match(publications)
3
SalimaDouhou."Thereliabilityofuserauthenticationthroughkeystrokedynamics",Statistica
Neerlandica,11/2009

3%match(Internetfrom13Jun2015)
4
http://europepmc.org/articles/PMC3835878

3%match(Internetfrom09Apr2010)
5
http://www.cs.columbia.edu/~hgs/teaching/security/hw/keystroke.pdf

2%match(Internetfrom17May2014)
6
http://www.docstoc.com/docs/13025918/InternationalJournalofComputerScienceand
InformationSecurityPDFPDF

2%match(publications)
7
FrancescoBergadano."Userauthenticationthroughkeystrokedynamics",ACMTransactions
onInformationandSystemSecurity,11/1/2002

2%match(Internetfrom29Dec2010)
8
http://www.checco.com/about/john.checco/publications/2003_Keystroke_Biometrics_Intro.pdf

2%match(Internetfrom18May2015)
9
http://misbiometrics.wikidot.com/keystroke

2%match(Internetfrom27May2008)
10
http://sparrow.ece.cmu.edu/~adrian/projects/keystroke/mid.pdf

1%match(Internetfrom15Sep2008)
11
http://www.it.lut.fi/kurssit/0304/010970000/seminars/Ilonen.pdf

1%match(Internetfrom28Mar2003)
12
http://paris.cs.berkeley.edu/~perrig/projects/keystroke/node4.html

1%match(Internetfrom11Aug2016)
13
https://msdn.microsoft.com/enus/library/cc875826.aspx

1%match()
14
http://avirubin.com/fgcs.pdf

1%match(Internetfrom04Jan2015)
15
http://biometrics.derawi.com/?page_id=14

1%match(Internetfrom19Jul2007)
16

http://infosecurityproductsguide.com/technology/BioPassword_Authentication_Solutions_Whitepaper.pdf

1%match(Internetfrom28Oct2014)
17
http://www.infosecwriters.com/text_resources/pdf/Biometrics_MKamal.pdf

1%match(Internetfrom09May2016)
18
http://www.secureidnews.com/newsitem/keystrokedynamicssecurecomputeraccess/

https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 1/47
10/14/2016 TurnitinOriginalityReport

1%match(Internetfrom09Mar2016)
19
http://www.computereconomics.com/article.cfm?id=1181

1%match(Internetfrom02Dec2011)
20
http://paper.ijcsns.org/07_book/201110/20111029.pdf

1%match(studentpapersfrom31Jan2016)
21
SubmittedtoTylerJuniorCollegeon20160131

1%match(Internetfrom03Apr2014)
22
http://brage.bibsys.no/xmlui/bitstream/handle/11250/143781/Barghouthi,H..pdf?sequence=1

1%match(Internetfrom10Jun2010)
23
http://pi1.informatik.unimannheim.de/filepool/theses/diplomarbeit2006elftmann.pdf

<1%match(Internetfrom13Apr2009)
24
http://answers.yahoo.com/question/index?qid=20080316004824AAPVQp9

<1%match(Internetfrom15Apr2016)
25
http://ijseas.com/volume2/v2i1/ijseas20160125.pdf

<1%match(Internetfrom28Mar2003)
26
http://paris.cs.berkeley.edu/~perrig/projects/keystroke/node5.html

<1%match(studentpapersfrom15Aug2016)
27
SubmittedtoKwameNkrumahUniversityofScienceandTechnologyon20160815

<1%match(Internetfrom10Apr2009)
28
http://www.iu.hio.no/nik07/bidrag/Andersen.pdf

<1%match(Internetfrom21Sep2014)
29
http://ijarcce.com/upload/2013/may/30Manpreet%20kaur
SECURITY%20SYSTEM%20BASED%20ON%20USER.pdf

<1%match(Internetfrom05Jul2014)
30
http://tech.speedway.k12.in.us/Mavis%20Beacon/mavis16_userguide.pdf

<1%match(Internetfrom28Mar2003)
31
http://paris.cs.berkeley.edu/~perrig/projects/keystroke/node1.html

<1%match(Internetfrom22Apr2016)
32
http://searchsecurity.techtarget.com/answer/Whataretheprosandconsofusing
keystrokedynamicbasedauthenticationsystems

<1%match(Internetfrom24May2009)
33
http://www.bostonkrownrecords.com/systemanalysisanddesign/

<1%match(Internetfrom25Aug2015)
34
http://www.cccblog.org/2012/03/20/updatebypassingthepassword/

<1%match(studentpapersfrom14Jun2016)
35
SubmittedtoKwameNkrumahUniversityofScienceandTechnologyon20160614

<1%match(publications)
36
Kumar,G.Vinoth,K.Prasanth,S.GovinthRaj,andS.Sarathi."Fingerprintbased
authenticationsystemwithkeystrokedynamicsforrealisticuser",SecondInternational
ConferenceonCurrentTrendsInEngineeringandTechnologyICCTET2014,2014.

<1%match(studentpapersfrom15May2013)
37
SubmittedtoUniversityofCentralLancashireon20130515

<1%match(Internetfrom21Aug2008)
38

http://dmlab.snu.ac.kr/ResearchPapers/%5BChoS_HanC_HanD_KimH%5D(2000)Web_based_Keystroke_Dynamics_Identify_Verification_using_

<1%match(publications)
39

https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 2/47
10/14/2016 TurnitinOriginalityReport
M.Sun."Afastmemorylessintervalbasedalgorithmforglobaloptimization",Journalof
GlobalOptimization,09/19/2009

<1%match(Internetfrom23Jan2013)
40
http://www.articlecape.com/73219/371/TWELVEESSENTIALSTEPSFORSOFTWARE
TESTINGLIFECYCLE.html

<1%match(Internetfrom22Sep2010)
41
http://answers.yahoo.com/question/index?qid=20080228033707AAEZkKx

<1%match(Internetfrom19Apr2010)
42
http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci1318629,00.html

<1%match(studentpapersfrom10Feb2016)
43
SubmittedtoOctoberUniversityforModernSciencesandArts(MSA)on20160210

<1%match(studentpapersfrom19Feb2010)
44
SubmittedtoIntercomProgramming&ManufacturingCompanyLimited(IPMC)on2010
0219

<1%match(Internetfrom18Apr2011)
45
http://statmath.wu.ac.at/courses/dataanalysis/itdtHTML/node58.html

<1%match(Internetfrom11Aug2009)
46
http://lennon.csufresno.edu/~sugarrash/comm165.ppt

<1%match(Internetfrom23Jul2014)
47
http://www.google.com/patents/US7620819

<1%match(Internetfrom04Apr2012)
48
http://iiteeeestudents.wordpress.com/2011/08/28/advantagesanddisadvantagesofvisual
basic/

<1%match(Internetfrom07Apr2016)
49
http://www.ijarcsse.com/docs/papers/Volume_6/3_March2016/V6I30151.pdf

<1%match(studentpapersfrom25May2012)
50
SubmittedtoUniversityofSunderlandon20120525

<1%match(publications)
51
VenkateswaranShanmugapriya."KeystrokeDynamicsAuthenticationUsingNeuralNetwork
Approaches",CommunicationsinComputerandInformationScience,2010

<1%match(publications)
52
AbdulmotalebSaddik."UsingHapticInterfacesforUserVerificationinVirtualEnvironments",
2006IEEESymposiumonVirtualEnvironmentsHumanComputerInterfacesand
MeasurementSystems,07/2006

<1%match(Internetfrom09Mar2012)
53
http://www.slideshare.net/sachin.mk/softwaretestingtechniques10128036

<1%match(publications)
54
Highlander,Tyler,DaleBassett,andDerekBoone."Utilizationofkeyboarddynamicsfor
uniqueidentificationofhumanusers",NAECON2014IEEENationalAerospaceand
ElectronicsConference,2014.

<1%match(studentpapersfrom28Jun2016)
55
SubmittedtoSaintPaulUniversityon20160628

<1%match(Internetfrom04Feb2009)
56
http://www.thegiftsuite.com/teachestyping.html

<1%match(studentpapersfrom16Dec2010)
57
SubmittedtoUniversityofGreenwichon20101216

<1%match(studentpapersfrom26May2015)
58
SubmittedtoKwameNkrumahUniversityofScienceandTechnologyon20150526

<1%match(Internetfrom18Apr2013)

https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 3/47
10/14/2016 TurnitinOriginalityReport

59 http://www.ijest.info/docs/IJEST110310177.pdf

<1%match(studentpapersfrom24May2013)
60
SubmittedtoUniversityofBedfordshireon20130524

<1%match(publications)
61
KhalidSaeed."AKeystrokeDynamicsBasedSystemforUserIdentification",20087th
ComputerInformationSystemsandIndustrialManagementApplications,06/2008

<1%match(studentpapersfrom03Nov2015)
62
SubmittedtoUniversityofDuhokon20151103

<1%match(studentpapersfrom06Apr2010)
63
SubmittedtoINTIUniversityCollegeon20100406

<1%match(studentpapersfrom27May2009)
64
SubmittedtoUniversityofGreenwichon20090527

<1%match(studentpapersfrom15Dec2009)
65
SubmittedtoUniversityofGreenwichon20091215

<1%match(studentpapersfrom28May2010)
66
SubmittedtoUniversityofAbertayDundeeon20100528

<1%match(publications)
67
ZheJin."Typingdynamicsbiometricauthenticationthroughfuzzylogic",2008International
SymposiumonInformationTechnology,08/2008

<1%match(publications)
68
Fernuik,Neal,andMoirHaug."EvaluationofInSituPermeabilityTestingMethods",Journal
ofGeotechnicalEngineering,1990.

<1%match(Internetfrom30Apr2016)
69
http://uir.unisa.ac.za/bitstream/handle/10500/14658/dissertation_nkomo_g.pdf?sequence

<1%match(Internetfrom27Jun2010)
70
http://www3.uji.es/~badia/pubs/carnahan99.pdf

<1%match(Internetfrom25Jul2013)
71
http://tobbynews.com/simplephploginscript.html

<1%match(studentpapersfrom23Oct2015)
72
Class:MIT
Assignment:
PaperID:589193085

<1%match(studentpapersfrom06May2010)
73
SubmittedtoUniversityofWarwickon20100506

<1%match(Internetfrom23Nov2009)
74
http://www.docjax.com/search/index.shtml?q=activity%20based%20cost

<1%match(Internetfrom13Oct2010)
75
http://uni.mcurry.co.uk/FYP/Final%20Year%20Project%20%20Dissertation%20(Report).doc

<1%match(studentpapersfrom12Nov2006)
76
SubmittedtoUniversityofWollongongon20061112

<1%match(studentpapersfrom03Jun2014)
77
SubmittedtoUniversityofGreenwichon20140603

<1%match(Internetfrom29Sep2010)
78
http://dmlab.snu.ac.kr/ResearchPapers/E.YuIEA2003.pdf

<1%match(Internetfrom01Jun2010)
79

http://wiki.answers.com/Q/Q3_What_is_systems_analysis_and_systems_design_Discuss_in_detail

https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 4/47
10/14/2016 TurnitinOriginalityReport

<1%match(studentpapersfrom04Nov2012)
80
SubmittedtoUniversityofEastLondonon20121104

<1%match(studentpapersfrom13Nov2009)
81
SubmittedtoSheffieldHallamUniversityon20091113

<1%match(Internetfrom18Nov2015)
82
http://ir.knust.edu.gh/bitstream/123456789/4475/1/Adams%20Abudu%20thesis.pdf

<1%match(publications)
83
JHCPretorius."AFrameworkforIncreasingProjectMaturityandCapabilityinSouthern
Africa",PICMET072007PortlandInternationalConferenceonManagementof
Engineering&Technology,08/2007

<1%match(Internetfrom10Apr2011)
84
http://cs.unc.edu/~fabian/papers/acm.ccs6.pdf

<1%match(Internetfrom22Apr2016)
85
http://ir.knust.edu.gh/bitstream/123456789/4835/1/Mark%20A.%20Dwamena.pdf

<1%match(Internetfrom27Feb2016)
86
http://divaportal.org/smash/get/diva2:829396/FULLTEXT01.pdf

<1%match(Internetfrom13Feb2016)
87
http://aisel.aisnet.org/cgi/viewcontent.cgi?article=1077&context=ecis2001

<1%match(Internetfrom10Jun2016)
88
http://casmodeling.springeropen.com/articles/10.1186/s4029401400059

<1%match(publications)
89
Akila,M.,andS.S.Kumar."Improvingfeatureextractioninkeystrokedynamicsusing
optimizationtechniquesandneuralnetwork",InternationalConferenceonSustainable
EnergyandIntelligentSystems(SEISCON2011),2011.

<1%match(publications)
90
EncyclopediaofBiometrics,2015.

<1%match(publications)
91
Talukder,."SecurityinSoftwareSystems",ArchitectingSecureSoftwareSystems,2008.

<1%match(publications)
92
K.M.S.Soyjaudah."EnhancingperformanceofBayesclassifierforthehardenedpassword
mechanism",AFRICON2007,09/2007

<1%match(studentpapersfrom11Nov2011)
93
SubmittedtoCityofBathCollege,Avonon20111111

<1%match(publications)
94
Chandrasekar,V.,andS.SureshKumar."Adexterousfeatureselectionartificialimmune
systemalgorithmforkeystrokedynamics",StochasticAnalysisandApplications,2016.

<1%match(publications)
95
FabianMonrose."Passwordhardeningbasedonkeystrokedynamics",InternationalJournal
ofInformationSecurity,02/01/2002

papertext:

82KWAMENKRUMAHUNIVERSITYOFSCIENCEANDTECHNOLOGY,
KUMASI,GHANA

IMPROVINGNETWORKSECURITYUSINGKEYSTROKEDYNAMICSACASESTUDYATANGLICAN
SENIORHIGHSCHOOLBYBoakyeObengMichael

72(B.EdInformationTechnology)AThesisSubmittedtotheDepartmentof
ComputerScience,Collegeof

https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 5/47
10/14/2016 TurnitinOriginalityReport
Sciences

27InpartialfulfillmentoftherequirementforthedegreeofMPHILINFORMATION
TECHNOLOGYNovember,2016iIherebydeclarethatthissubmissionismy
ownworktowardstheMPHILandthat,tothebestofmyknowledge,it
containsnomaterialpreviouslypublishedbyanotherperson,normaterial
whichhasbeenacceptedfortheawardofanyotherdegreeoftheUniversity,
exceptdueacknowledgmenthasbeenmadeinthetext.
..StudentName&ID
..Signature
..DateCertifiedby:
..Supervisor(s)Name
Signature
DateCertifiedby
.HeadofDepartmentName
Signature
..Dateii

ABSTRACTNetworkadministratorsand

16securityprofessionalsknowthatrelyingononlyuserIDanduser
Passwordtoauthenticateusersissimplynotpracticallyeffective,

especiallywherenetworksecurityisatstake.

19Atechniqueknownaskeystrokedynamics(or,typingdynamics)is
emergingasaneffectivewaytostrengthenuserauthentication.Keystroke
dynamicsisadetaileddescriptionofthetimingofkeydownandkeyupevents
whenusersenterusernames,passwords,oranyotherstringofcharacters.
Becauseauser'skeystroketimingsareaspersonalashandwritingora
signature,keystrokedynamicscanbeusedaspartofaschemetoverifya
user'sidentity.Thatis

the

18ideabehindkeystrokedynamics.Someresearchersanddevelopershavebuilt
manytechniquesaroundusingthiskeystrokedynamicsbiometricasaformof
authentication

18toWebbasedapplications,emailandnetworks.

Thisresearchprojectseekstoprovideimprovedtechniqueovertheworksoftheseresearchersand
developers,providingsecondlayerofsecuritytousersidentityauthenticationandverificationprocess,
usingkeystrokedynamicsontheuserscomputerratherthaninculcatinginnetworkserverauthentication
process.AresultantsoftwareapplicationfromthisresearchprojectisnamedBioNetLogondevelopedin
VB.Netenvironment.Itcomeswithinterfacesthatauthenticateusers(againstdatabaseofuserskeystroke
patterns)afterwindowslogonstage,whilstcontrollingtheuserscomputernetworkservicestoensurethat
onlysuccessfulauthenticatedusergetsaccesstotheWindowsdesktopaswellasnetworkresourcesof
his/hercomputer.Otherwise,theuserisblockedfromgettingaccesstothenetworkenvironmentwiththe
networkservicesdisabled.

55iiiTABLEOFCONTENTS
ABSTRACT...................................................................................................................................
iiiCHAPTER1
...................................................................................................................................1
INTRODUCTION
..........................................................................................................................11.1
Objectives
.................................................................................................................................4
1.2ProblemStatement

https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 6/47
10/14/2016 TurnitinOriginalityReport

....................................................................................................................41.3
Research
Questions...................................................................................................................5
1.4Background
...............................................................................................................................61.5

Justification...............................................................................................................................81.7
Limitation................................................................................................................................

6910CHAPTER2
.................................................................................................................................11
LITERATUREREVIEW
.............................................................................................................112.1Biometric
Measurements........................................................................................................11
2.2ResearchFieldandSubjectofStudy
......................................................................................122.

2.1EaseofUse..........................................................................................................................142.2.2
FeaturesUsedwithKeystrokeDynamics............................................................................142.2.3Typing
Speed.......................................................................................................................162.3Technologies
...........................................................................................................................162.4Verification
Techniques..........................................................................................................172.5Methodsand
Metrics...............................................................................................................182.5.1StaticatLogin
......................................................................................................................182.5.2Periodicand
ContinuousDynamics.....................................................................................182.5.3Keywordand
ApplicationSpecifics....................................................................................182.5.4DigraphandTrigraph
Latencies..........................................................................................192.6Performance
Measures............................................................................................................192.7KeystrokeAnalysis
Approaches.............................................................................................202.8SecurityofKeystroke
Dynamics............................................................................................222.8.1ShoulderSurfing
..................................................................................................................232.8.2RecordingUsers
Information...............................................................................................232.8.3SocialEngineering
...............................................................................................................242.8.4GuessingandBrute
Force....................................................................................................24iv2.8.5Dictionary
Attack.................................................................................................................252.9FalseAlarmandan
ImposterPassRate..................................................................................252.10KeystrokeandDurations
Latencies......................................................................................272.11Latency
Patterns....................................................................................................................292.12Latency
Observation.............................................................................................................302.13Typing
Error..........................................................................................................................322.14Classifications
ofUsers.........................................................................................................332.15TypingTask
..........................................................................................................................332.16ReliabilityofUser
Authentication........................................................................................342.16.1DwellandFlightTime
Calculations..................................................................................372.17PasswordHardening
.............................................................................................................382.18CommercialImplementation
ofKeystrokeDynamics.........................................................402.19ApplicationsUnderKeystroke
Dynamics............................................................................422.20Lessonsand
Conclusion........................................................................................................44CHAPTER3
.................................................................................................................................46METHODOLOGY
ANDDESIGN..............................................................................................463.1Review
....................................................................................................................................463.2System
Analysis......................................................................................................................473.3Requirements
Gathering.........................................................................................................483.3.1Samplingof
ExistingDocumentsandEvents......................................................................483.3.2Interviewwiththe
StaffoftheSchool.................................................................................483.3.3Observationofthe
WorkingEnvironment...........................................................................493.3.4Testingoftheoldsystem
.....................................................................................................493.3.4.2BruteForce
Attack............................................................................................................513.3.4.3SocialEngineering
Attack................................................................................................523.3.4.4Recordinguserinformation
Attack...................................................................................543.4DescriptionofthenewSystem
...............................................................................................553.5TheSoftwareDevelopmentLifecycle
(SDLC)......................................................................563.6.1TheWaterfallModel
Diagram.............................................................................................573.6.2ProjectVersionofthe
WaterfallModel...............................................................................583.7ExplanationofModifiedWaterfall
Model.............................................................................593.8NonFunctionalRequirementsofthe
System.........................................................................59v3.8.1BusinessRules
.....................................................................................................................603.9Functional
Requirements........................................................................................................603.10TheUseCase
Models...........................................................................................................603.10.1UseCaseSurvey
................................................................................................................613.10.2UseCasesDescription

https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 7/47
10/14/2016 TurnitinOriginalityReport
.......................................................................................................613.10.3UseCase
Diagram..............................................................................................................623.11ContextDiagram,
DataFlowDiagramsandEntityRelationalDiagrams............................633.12DataFlow
Diagram...............................................................................................................643.13MainArchitecture
Design.....................................................................................................653.14ProcessAnalysis
...................................................................................................................663.16.1Context
Diagram................................................................................................................663.15The
Algorithm.......................................................................................................................673.15.1The
SystemAlgorithm.......................................................................................................673.15.2SystemFlow
Chart.............................................................................................................683.16TheLogon
Process................................................................................................................693.17BackEndDesign
..................................................................................................................693.18FrontEnd
Design..................................................................................................................703.29Technical/
HardwareRequirements.....................................................................................703.20Hardware
Equipment............................................................................................................713.21
Testing...................................................................................................................................713.21.1
StaticandDynamicTesting...............................................................................................723.22
Implementation.....................................................................................................................733.22.1
ShoulderSurfing................................................................................................................733.22.2
RecordingUserInformation..............................................................................................753.22.3Social
Engineering.............................................................................................................773.22.4Guessingand
BruteForce..................................................................................................793.22.5Dictionary
Attack...............................................................................................................81CHAPTER4
.................................................................................................................................82
Analysis.........................................................................................................................................824.3.1
Uniqueness...........................................................................................................................854.3.2
TransparencyandNoninvasiveness....................................................................................854.3.3
IncreasePasswordStrengthandLifespan............................................................................85vi4.3.4
ReplicationPreventionandAdditionalSecurity..................................................................864.3.6
Disadvantages......................................................................................................................864.3.7
SystemEvaluationCriteria..................................................................................................874.3.8
Effectiveness........................................................................................................................874.3.9
Efficiency.............................................................................................................................884.3.10
AdaptabilityandRobustness..............................................................................................88CHAPTER5
.................................................................................................................................89Conclusion
....................................................................................................................................895.1Summaryof
theResearch.......................................................................................................905.1.1
Findings................................................................................................................................905.1.2
Recommendations................................................................................................................915.2Areaof
application..................................................................................................................925.3Further
work............................................................................................................................92REFERENCES
.............................................................................................................................93
Appendix.......................................................................................................................................99viiLIST
OFTABLESTable.1:ApproachestoKeystrokeAnalysis...19

39Table.2:Summaryoftestresultsfor

shouldersurfingattackexperiment....................................47

68Table.3:Summaryoftestresultsforguessingand

bruteforceattackexperiment........................48

39Table.4:Summaryoftestresultsfor

socialengineeringattackexperiment.................................50

39Table.5:Summaryoftestresultsfor

recordinguserinformationattackexperiment...................59Table.6:UseCase
survey..............................................................................................................58Table.7:UseCase
Description......................................................................................................58Table.8:Hardware
requirements...................................................................................................68

39Table.9:Summaryoftestresultsfor

shouldersurfingattackexperiment....................................71

https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 8/47
10/14/2016 TurnitinOriginalityReport

39Table.10:Summaryoftestresultsfor

recordinguserinformationattackexperiment.................73

39Table.11:Summaryoftestresultsfor

socialengineeringattackexperiment...............................75

39Table.12:Summaryoftestresultsfor

guessingandbruteforceattackexperiment......................77viiiLISTOFFIGURESFigure.1:Dwelland
FlightTimeCalculation....34Figure.2:TheWaterfallModel
Diagram......................................................................................54Figure.3:ProjectVersionofthe
WaterfallModel........................................................................55

77Figure.4:UseCaseDiagram
.........................................................................................................59Figure.5:Data
FlowDiagram.......................................................................................................61
Figure.6:

MainArchitectureDesign.............................................................................................62Figure.7:Process
Analysis............................................................................................................63ixABBREVIATIONSALT
AlternativeATMAutomatedTellerMachineCCTVClosedcircuitTelevisionCERCrossOverRate

62DNADeoxyribonucleicacidEEREqualErrorRateEREntityRelationFAR
FallsAcceptanceRate

62FNMRFalseNonMatchRateFRRFallsRejectionRate

IDIdentityIDEInteractive

75DevelopmentEnvironmentIEEEInstituteofElectricalandElectronics
EngineersIPInternetProtocol

IPRImpostorPassRatePINPersonnelIdentificationNumberRADRapidApplicationDevelopment
SDKSoftwareDevelopmentKitSDLCSoftwareDevelopmentLifecyclesTCPTransmissionControl
ProtocolxCHAPTER1INTRODUCTION

16Organizationsarechallengeddailytokeepapplicationsandnetworks
securedwhilemaintainingabalancebetweenusability,securityandcost.
Informationmustbeaccessibleatalltimesthroughdiversecomputingand
networkingarchitecturesforaneverchangingpopulationofstudents,teachers
andnonteachingstaff.Withthesechallengescomesubstantialsecurity
requirementsforverifyingidentities,protectingdata,ensuringprivacy,proving
compliance,andshieldingtheschoolfromgrowinginternalandexternalfraud.

13Theprimarytaskofanattackerwhohasinfiltratedanetworkistoinitiate
escalationofprivilegesthatishowanattackerattemptstogainmoreaccess
fromtheestablishedfootholdthattheyhavecreated.Afteranescalationof
privilegeshasoccurred,thereislittlelefttostopanintruderfromwhatever
intentthatattackerhas.Attackerscanusemanydifferentmechanismsto
achieveanescalationofprivileges,butprimarilytheyinvolvecompromising
existingaccounts,especiallythosewithadministratorequivalentprivileges.

Mostbusinessesorcorporate

13networksoftenemploysomemeasureofsecuritycontrolsoverstandarduser
accounts,butoftendonotexertmanycontrolsoverserviceaccounts,thereby

https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 9/47
10/14/2016 TurnitinOriginalityReport

makingsuchaccountsvulnerableandpopulartargetsforattackers.Afteran
attackerhascompromisedanetworktothepointwhereacriticalaccountwith
highprivilegesiscompromised,theentirenetworkcanneverbeconsideredas
completelytrustworthyagainunlessitisflattenedandcompletelyrecreated.
Thereforethelevelofsecurityforallmannerofaccountsisaveryimportant
aspectofanynetworksecurityinitiative.Asidefromtherisksthatexternal
threatsposetoabusinessnetwork,internalthreatsalsohavethepotentialto
causeagreatdealofharm.Internalthreatsembodynotonlymalicioususers
butalsothosewhomightcauseunintentionalharm.Theseeminglyinnocuous
attemptstocircumventsecuritymeasuresbyusersthatseekaccessto
resourcesarebutoneexample.Alltoooften,usersandservicesaregranted
accesstogreaterprivilegesthannecessaryforreasonsofconvenience.
Althoughthisapproachguaranteeusershaveaccesstotheresourcesthey
needtodotheirjobs,italsoincreasestheriskofasuccessfulattackuponthe
network.

Networkadministratorsand

16securityprofessionalsknowthatrelyingononlyuserIDandpasswordto
authenticateusersissimplynotpracticallyeffective.Thesuccessofcostlyand
highlyvisibleattacks(includingphishing,keystrokelogging,spyware,and
simplebruteforcepasswordcracks)onbothprivateand

publicnetworks,

16withsensitiveandvaluableinformationcontinuestogainmomentumand
garnerglobalattention.Responsiblecorporatemanagementandgovernment
legislationarenowmandatingsecuritystrategiesincorporatingmultifactor
authenticationcombiningsomethingyouknow(apasswordorpassphrase)
withsomethingyouare(abiometric)orsomethingyouhave(eg.asmartcard).

19Atechniqueknownaskeystrokedynamics(or,typingdynamics)is
emergingasaneffectivewaytostrengtheninguserauthentication.Keystroke
dynamicsisadetaileddescriptionofthetimingofkeydownandkeyupevents
whenusersenterusernames,passwords,oranyotherstringofcharacters.
Becauseauser'skeystroketimingsareaspersonalashandwritingora
signature,keystrokedynamicscanbeusedaspartofaschemetoverifya
user'sidentity.

The

37ideabehindKeystrokeDynamicshasbeenaroundsinceWorldWarII.Itwas
welldocumentedduringthewarthattelegraphoperatorsonmanyU.S.ships
couldrecognizethesendingoperator.KnownastheFistoftheSender,the
uniquenessinthekeyingrhythm,coulddistinguishoneoperatorfromanother.

15Everyhumanbeingwhousesthecomputeralsousesakeyboard.The
keyboardisplacedseparatelyinfrontofthemonitor,attachedinsidethe
laptoporeveninthesmartphones.Somepeoplewriteslowly,othersfast.The
typingrhythmmightchangeovertime,dependingonthemoodandtimeofthe
day.Biometrickeystrokerecognitionisthetechnologyofrecognizingpeople
fromthewaytheytype.Byusingdifferentdataanalysistechniques,itmightbe
thateveryhumanbeinghasauniquewayoftyping.

15Researchingatdifferentmethodologiestoanalysethefeaturesofkeystroke
isincreasing

https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 10/47
10/14/2016 TurnitinOriginalityReport
sincetheWorldWarIIandbecoming

15popularareaofresearchinkeystrokebiometrics.Featureextractionfrom
typingiscrucialfortheefficientkeystrokerecognition.Throughouthistory,
manydifferentfeatureswereusedsuchaslatency,duration,pressure,etc.

Astudyofvariousresearchworksdepictsthat

22therearetwotypesofkeystrokedynamics.Thefirstoneisstatickeystroke
dynamicsinwhichthekeystrokesareanalysedonlyatspecifictimese.g.
duringlogin.Thesecondoneiscontinuouskeystrokedynamicsinwhichthe
typingcharacteristicsareanalysedduringacompletesession.Static
approachesprovidemorerobustuserverificationthansimplepasswords.
Howeverstaticmethodsdonotprovidecontinuoussecurity,specificallythey
cannotdetectsubstitutionoftheuseraftertheinitialverification.Continuous
verificationmonitorstheuserstypingbehaviourthroughoutthesession.
Thereforeitcanbeusedtodetectuncharacteristictypingrhythmcausedby
saydrowsiness.Alotofreportscanbefoundonkeystrokedynamicsdealing
withastaticauthentication.LesscanbefoundonKeystrokedynamicsbased
oncontinuousauthentication.

1.1Objectives

18Apersonstypingpatternscanbeasuniqueasafingerprintorsignature.
Thatstheideabehindkeystrokedynamics.Someresearchersanddevelopers
havebuiltmanytechniquesaroundusingthiskeystrokedynamicbiometricasa
formofauthentication

18toWebbasedapplications,emailandnetworks.

Thisresearchprojectseekstoprovideanimproved

89techniquetouseridentityauthenticationusingkeystrokedynamics

thatwillcheck

88toensurethatonlyauthenticatedusershaveaccesstothenetworkand

withoutwastingnetworkbandwidthbyprocessingallthekeystrokedynamicsissuesontheworkstationor
localmachine.Onfailuretoconfirmauthentication,theauthenticationsystemorapplicationwillblockthe
workstationmachinedesktop,therebypreventingtheintruderfromloggingontothesystem.1.2Problem
StatementAccesstoATMisusuallycontrolledbypasswordsorPINs.AftertheuserentershisusersID
(hiscard)inanATMmachine,theuserwillbeaskedtoenterhisPINorpassword.Themainproblem
appearswhenauserloseshiscardandthecardfallsinthewronghands,theguessingofPINor
passwordcanbepossibleaftermanytries.Sogettingholdofacard(withoutknowingthepassword)does
notnecessarilyallowaccesstothecardowneraccount.However,currentlyifanimpostergetsboththe
cardandpasswordofanaccountowner,thereisnowaytostoptheimposterfromusingthecardand
cashingmoneyfromtheaccount.TheuserID(card)andPIN(password)areavailabletothelegitimate
userandtotheimposter,howtostoptheimposterandtoallowthelegitimateusertoaccessthesystem.
Inthesamemanner,ifahackersucceedsinhavingaccesstoanetworkedcomputernothingcanstop
himfrompretendingtobeanauthorizeduseronthatcomputer,andinheritalltheprivilegesoftheuser
whoseaccounthehashijacked.Thisscenariocanaffordthecrackersomerightstolaunchmalicious
attackonthenetworkresources.Exceptsomehowalluseractivities(onthecomputer)arestopped,or
deactivatedpendingcurrentusersverificationandauthorization.

34Continuousmonitoringofausersbehaviourisanessentialelementof

useridentityauthenticationusingkeystrokedynamicsinnetworksecurity.

34Becauseoftheconventionalpasswordbasedsystemsusedtoday,thereis
practicallynowaytoverifythattheuseroriginallyauthenticatedistheuserstill

https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 11/47
10/14/2016 TurnitinOriginalityReport

incontrolofthekeyboard.

Networksecurityisusuallyfocusedonessentialnetworkresourcessuchasservers,networked
computers,datastoragedevices,inputandoutputdevices.Userauthenticationpartofthenetwork
securityusuallyoccursatloginstage.Continuousauthenticationispracticallyoutofthewayinaserver
clientmodel.Thereisnowaythenetworkgateway(orservers)orfirewallmayperiodicallyrequestforany
formofuserauthenticationinothertoascertain

34thattheuseroriginallyauthenticatedisthesameuserstillincontrolofthe
keyboard.

Implementationofthismayincreasenetworklatencies,accesstoserverornetworkresourcesmaybe
interruptedunexpectedly,andsometimescausepacketretransmission,creatingheavytrafficintheentire
network.Therefore,theoreticallyitwillbeexpedienttoresttheauthenticationtechniqueontheworkstation
ratherthanonanetworkserverorterminal.Currently,thekeystrokedynamicstechniquesormethodsin
themarketwerenotdevelopedwithcontinuousnetworkbasedremoteauthenticationinmind.Itisupon
thisproblemthatthisresearchprojectturnstoprovideanimprovedsolutionforsteadiernetworksecurity.
1.3ResearchQuestionsCananentirenetworklogicalconnectionbecomeslessbusy,withloadof
keystrokedynamicsauthenticationtraffic,tryingtoauthenticateeveryoneonthenetwork?Theuseof
behavioural

23traitratherthanphysiologicalcharacteristicsasasignofidentityhas
limitations,

cankeystrokedynamicssolvethisproblem?.Cankeystrokedynamicsimplementationmadecheaper
since

92theonlyhardwarerequiredisakeyboard,which

makesitalmostfree?1.4BackgroundSecuring

20sensitivedataandcomputersystemsbyallowingeaseofaccessto
authenticatedusersandwithstandingtheattacksofimpostersisoneofthe
majorchallengesinthefieldofcomputersecurity.IDandpasswordarethe
mostwidelyusedmethodforauthenticatingthecomputersystems.Butthese
methodshavemanyloopholessuchaspasswordsharing,shouldersurfing,
bruteforceattack,dictionaryattack,guessing,phishingandmanymore.
KeystrokeDynamicsisoneofthefamousandinexpensivebehavioural
biometrictechnologies,whichidentifiestheauthenticityofauserwhenthe
userisworkingviaakeyboard

andnotapreytomalicioushackingorcrackingfeast.

20UserAuthenticationpreventsunauthorizedaccessofinformationwhen
providinginformationsecurity.Thisisdoneforthepurposeofperforming
trustedcommunicationsbetweenparties

(Joyceetal,1990).

20Userauthenticationisbasedonthreecategories:Knowledgebased
ObjectorTokenbasedBiometricbased

8Biometricsisthestatisticalanalysisofbiologicalobservationsand
phenomena.Biometricmeasurementscanbeclassifiedasphysicaland

behavioural.

8KeystrokeDynamics,beingabehaviouralmeasurement,isapatternexhibited
byanindividualusinganinputdeviceinaconsistentmanner.Raw
measurementsalreadyavailablebythestandardkeyboardcanbemanipulated

https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 12/47
10/14/2016 TurnitinOriginalityReport

todetermine:Dwelltime(thetimeonekeepsakeypressed)andFlighttime
(thetimeittakesapersontojumpfromonekeytoanother).Variationsof
algorithmsdifferentiatebetweenabsoluteversusrelativetiming.Thecaptured
dataisthenanalysedtodetermineaggregatefactorssuchas:Rhythm,Content,
SpatialCorrections,andConsistency.Thisisthenfedthroughasignature
processingroutine,whichdeducestheprimary(andsupplementary)patterns
forlaterverification.Userauthenticationisonewayto

achievethis.The

38biometricbasedapproachesarefreefromloss,theftormemoryproblems.
Buttheyarenotperfect,andinvolvetwotypesoferrors.Falseacceptrate
(FAR)denotestheratethatanimposterisallowedaccess.Falserejectrate
(FRR)denotestheratethatthelegitimateuserisdeniedaccess.

8KeystrokeDynamicshasalreadyfounditswayintomanyareasinthepast
fewyears.Forcorporations,thistechnologyhasfoundusesinNetwork
Security(singlesignon,multipasswordmanagement,RADIUS,application
accessanddocumentcontrolmanagement)aswellasAssetIdentification
(onlinetraining,documentsigning,softwarelicensing).Oneofthe

manywaystoimprovenetworksecurityistocontrolnetworkaccessonnetworkclients,bycontrolling
networkservicesandprotocolsrunningontheclient.Clientservermodelsusuallyinvolvetheclient
initiatingconnectiontotheserverthroughspecialauthenticationtoken.Onmeetingspecificconditions,the
clientnodeiseither

90grantedorrefusedaccesstothenetwork(orthe

server)resources.However,anetworknodewhichisphysicallyconnectedtoanetwork,canbe
configuredwiththenetworkIP/TCPcredentials(incaseofstaticIPconfiguration)inothertohaveaccess
tothenetwork.Gettingaccesstoresourcesavailableontheothernetworknodes(includingtheserver)
dependsonconditionsavailableonthatnetworknode.Throughmanyavailablehackingandcracking
techniques,unauthorizednetworknodebeingintroducedtoanetworkinthismannermaybefreeto
launchmaliciousattackonthenetworkitself(oronspecifictargets)therebycompromisingthenetwork
security.Keystrokedynamicsauthenticationcanbeappliedtoimprovenetworksecuritybycontrollinguser
accessonnetworknodethroughauthenticationandverificationmechanism.1.5Justification

28Authenticationandverificationofusersincomputersecurityareareas
whichgainsalotofattention.Areasonforthisisthehighnumberofinside
attacks,wherealreadyauthenticateduseraccountsareusedtogainaccessto
prohibitedinformationorprivileges.Sessionhijacking,password
stealing/guessingorperimeterpossessionareexamplesofareaswhere
ordinaryauthenticationhasbeenknowntofail.Asecretpasswordandpublic
usernameisthemostwidespreadauthenticationandverificationscheme
used.

32Biometricsareconsideredoneofthetoughestauthenticationsystemsto
break,becausetheyarethehardesttospooforduplicate,unlikeuserIDsand
passwords,whichcanbeeasilystolenandused.

32Combiningtwoauthenticationfactorstogethercreatesanadditionallayerof
defenseforasystem.Ifattackersbreakthroughonefactor,theystillhavethe
secondonetocrackbeforegainingmaliciousaccess.

Inthisresearchwork,keystrokedynamicsapplication(inMicrosoftWindows.Netplatform)isdeveloped
asanadditionalsecuritylayerforuserssystemandthenetworkinwhichtheusersPCistobeconnected
to.Thus,itformssecondsecuritylayer,afterwindowsusuallogonauthenticationprocess.Thistechnique
isnecessary,becauseitensuresthat:Propersecurityauthenticationandauthorizationisensuredatthe
userleveloneachPCinanetwork.Unauthorizedpersonsarenotallowedintothenetwork(orthe
serverresources)throughlegitimatecomputersinthenetwork.Duringauthentication,networkservices

https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 13/47
10/14/2016 TurnitinOriginalityReport
aretotallydisabled(ontheuserscomputer)untiltheprocessissuccessful.Intheeventofan
unsuccessfulauthenticationorverification,theuserscomputerwillstillremainconnectionless.The
followingchapterwillreviewvariousresearchedworksinimprovingnetworksecurityusingkeystroke
dynamics,theirfailures,flawsandspecificstrength.1.6MethodologyUnderstandingoftheproblemsof
thenetworkauthenticationattheAnglicanSeniorHighSchool,callsforthegatheringofinformation
throughobservationoftheexistingauthenticationsystem,interviewingoftheusersandtestingofthe
existingsystem,toexposethevariousauthenticationproblems.Sincethisisnotthefirsttimesucha
researchisgoingtobeconducted,anumberofresearchworksonkeystrokedynamicsshouldbe
reviewedtogetbetterideastosolvetheproblemathand.Thiswillleadtoanappropriatesoftware
developmentlifecycle,resultingintosuccessfulalgorithm.AfterthatVisualBasicwillbeusedtodevelopa
softwarecalledBioNetlogon.BioNetlogonsoftwarewillbeinstalledattheschoolafterasuccessfultesting.
1.7LimitationTheresearchislimitedtousingkeystrokedynamicsauthenticationsystemtosecurethe
localareanetworkatKumasiAnglicanSeniorHighSchool.CHAPTER2LITERATUREREVIEWAreview
of

2existingkeystrokedynamicsmethods,metrics,anddifferentapproachesare
giveninthischapter.Thischapteralsodiscussesaboutthevariousnetwork
securityissuesandchallengesfacedbykeystrokedynamics.

2.1BiometricMeasurementsTherearePhysicalandBehaviouralbiometricunderbiometric
measurements.

8PhysicalBiometricsdefinebiologicalaspectsofapersonthatdetermine
identity.Measurementdataisconsideredstaticwhichgeneratesanabsolute
match.(Partialmatchesaremostlyduetovariabilityinthecaptureprocess,
suchasplacingonlypartofafingeronafingerprintdevice.)Examplesof
physicalbiometricsare:DNA,Iris,Retina,Fingerprint,HandGeometryand
VeinStructure.BehaviouralBiometricsdefinecharacteristictraitsexhibitedbya
personthatcandetermineidentity.Measurementsareconsidereddynamic
whichresultsinaconfidencematch.Thequalityofthismeasurementvaries
bybehaviouralaswellasexternalfactorsofthesubjectbeingmeasured.
Examplesofbehaviouralbiometricsare:Handwriting,Voice,Speech,Language
Removal,Gait,GestureandTypingpatterns.KeystrokeDynamics,beinga
behaviouralmeasurement,isapatternexhibitedbyanindividualusinganinput
deviceinaconsistentmanner.Rawmeasurementsalreadyavailablebythe
standardkeyboardcanbemanipulatedtodetermineDwelltime(thetimeone
keepsakeypressed)andFlighttime(thetimeittakesapersontojumpfrom
onekeytoanother).Variationsofalgorithmsdifferentiatebetweenabsolute
versusrelativetiming.Thecaptureddataisanalysedtodetermineaggregate
factorssuchas:Cadence,Content,SpatialCorrections,andConsistency.This
isthenfedthrough11asignatureprocessingroutine,whichdeducesthe
primary(andsupplementary)patternsforlaterverification.

TherearemanychallengesfacingKeystrokedynamics.

18Onechallengeisthatthesamepersonstypingspeedcanvarygreatlyon
differentcomputers

ordifferenttimes,evenonthesamecomputer.Anotherishowtoensurethattherightpersonisstillthe
samepersonusingthesamesystemaftersometime.

18Theresalsotheissueofwhathappenswhenapersonbreaksahandor
finger.

Thegreaterchallengeishowtoauthenticateusersseekingaccesstoanetworkresources,ornetwork
node.

18Keystrokebiometricsisstilllesspopularthanotherformsofbiometric
authenticationbecausenotenoughpeoplearefamiliarwithityet.

18Likeotherbiometrics,keystrokedynamicsiscurrentlynotaperfectsolution,

https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 14/47
10/14/2016 TurnitinOriginalityReport
ascomparedtootherformsofuser/systemauthenticationsolution.Hencefurtherresearchand
improvementsarerequired.

18Mostsecurityexpertsagreethatusinglayeredtechniquesisthebest.
Keystrokedynamicscanbeonepartofasuiteofauthenticationmodes,

orasaddontooperatingsystemauthenticationmechanism.Thisresearchworkseekstostudy,analyse
andproposemethodtoimprovenetworksecurityusingkeystrokedynamics(Joyceetal,1990).2.2
ResearchFieldandSubjectofStudyThissectionbrieflyreviewsthechallengesfacingdevelopmentof
keystrokedynamicstechniquesasasubjectofstudyinthisresearch.Recognisingthefactthatresearch
inthisfieldhasnotbeenwidelyappraisedoverthelastdecade,thissectionbrieflyhighlightssomeofthe
issuesthatcontributetoitsunpopularity.

11Keystrokedynamicsismostlyapplicabletoverification,butalso
identificationispossible.Inverificationitisknownwhotheuserissupposed
tobeandthebiometricsystemshouldverifyiftheuseriswhoheclaimstobe.
Inidentification,thebiometricsystemshouldidentifytheuserwithoutany
additionalknowledge,12usingonlykeystrokedynamics.Mostapplicationsof
keystrokedynamicsareinfieldofverification.

9OneofthemostlikelypossibleusesforKeystrokeDynamicsinthebusiness
andinformationworldtodaywouldbeforuseridentificationpurposes.By
havingthespecificusercalibratedtotypingaspecificphraseorpassword,the
analyticalsoftwarewouldbeabletodecipherwhetherornottheuseristhe
allowedsourcebaseduponhesitationandrapidityofthestroke.Thussimply
typingthepasswordorpastingitwithintheappropriatefiledwouldnotwork
becausetheflighttimeanddwelltimeswouldnotmatch.Thiswouldeliminate
securitythreatstoaninformationsystemeveniftheactualtextorcharacter
combinationwasrevealedtoanoutsidesource.Additionally,thissoftware
couldbeusedtodistinguishonepersonfromanotherinsignalbased
communications,suchastypingortelegraphing,wheretheuserismanually
inputtingthesignalsaccordingtotheirownrhythmicpatterns.Althoughnot
abletoidentifynewusers,thesoftwarecancompareinputsignalsto
establishedtemplatesanddeterminewhetherornotthedesireduseristhe
onetransmittingthesignal.Keystroke

15recognition,however,isobviouslyamoresemiobtrusivebiometricthan
fingerprint.Itgivesthepossibilitytoidentifyhumanbeingsinfrontofa
computerwithoutanyrealdirectexplicitinteractionwiththecomputer.For
example,whileapersonistypingsomethingonthecomputer,thecomputer
willextractfeaturesandanalysethekeystrokeswheretheuserdoesntneedto
thinkoftheauthentication.Incaseofweakqualityfeatures,itwouldbemore
sufficienttohaveitas

secondsecurityauthentication(atapplicationlevel),whilstoperatingsystemloginprecedesasthefirst
securityauthenticationlayer.Thisisbecause

15keystrokerecognitionisstillunderresearchtobeastrongandrobust
biometric.However,untilnowthekeystrokerecognitioncanbeusedasan
additionalmethodforincreasingsecuritybyobtrusiveandperiodicre
verificationofapersonidentity

(Magnus,2009).2.2.1EaseofUseThe

9basisfortestingorobservingonespatternfortypingistherepetitionof
typingsothatdifferencescanbenotedandpatternsobservedbetweenwords.

Currentlymostsolutions,involvetemplate

https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 15/47
10/14/2016 TurnitinOriginalityReport

9consistingoftheusertypingaseriesofwordsoverseveralsessionstobreak
upthetime.Forcedtyping

duetorepetitivestraininjury,

9overlongperiodsoftimecaninducefatigue,stress,andotherfactors,such
assimpletypingmistakes,whichmayinhibitthetemplatesaccuracy.Once
properlycalibrated,thetemplateiseasilyabletodistinguishwhetherthe
acceptableuseristypingornotbycomparingtheflightanddwelltimesto
thosesetonthetemplate

Monroseetal,(1997).Itcanthereforebededucedthatthe

9failureofeaseinregardstousingkeystrokedynamicssystemiswhatinhibits
itsusesfromthepublicarena.Settingupaseriesofacceptedusersistime
consumingandbasedonthestudiesofoneparticularstudy,maybehardto
duplicatebythatuserthanbythatofanotheruser.Also,thefailureofthe
systemtoeasilyidentifynewacceptableuserwhileinplacelimitsitsuse.
Althoughdevelopmentsarebeingmadetopreparethesystemforsuch
intelligence,ithasnotyetbeenincorporated.

2.2

11.2FeaturesUsedwithKeystrokeDynamicsKeystrokedynamicsinclude
severaldifferentmeasurementswhichcanbedetectedwhentheuserpresses
keysinthekeyboard.Possiblemeasurementsinclude:Latencybetween
consecutivekeystrokes.Durationofthekeystroke,holdtime.Overalltyping
speed.Frequencyoferrors(howoftentheuserhastousebackspace).The
habitofusingadditionalkeysinthekeyboard,forexamplewritingnumbers
withthenumericalpad.Inwhatorderdoestheuserpresskeyswhenwriting
capitalletters,isshiftortheletterkeyreleasedfirst.Theforceusedwhen
hittingkeyswhiletyping(requiresaspecialkeyboard).Statisticscanbeeither
global,i.e.combinedforallkeys,ortheycanbegatheredforeverykeyor
keystrokeseparately.Systemsdonotnecessarilyemployallofthesefeatures.
Mostoftheapplicationsmeasureonlylatenciesbetweenconsecutive
keystrokesordurationsofkeystrokes.

17Therearecleardifferencesinlatenciesandtheirstandarddeviations.
Latenciesbetweenkeystrokeswhenwritingwordspassword,bythree
differentpersons.Thewordswerewrittenseveraltimes,

11Latenciesbetweenkeystrokesanddurationsofkeystrokesarepopular
measurementsbecausetheycanbeeasilymeasuredwithnormalPC
hardware.Bothkeypressandreleaseeventsgeneratehardwareinterrupts.
Gatheringkeystrokedynamicsdatahashoweverfewcomplications.Several
keyscanbepressedatthesametimetheuserpressesthenextkeybefore
releasingthepreviousone.Thisusuallyhappensquiteoftenwhentypingfaster.
Dependingonwhatismeasured,theremightevenbenegativetimebetween
releasingakeyandpressingthenextone.Italsoaddsslightlytocomplexityof
thekeystrokedynamicssystem,iftheintentionistoknowwhentheuser
pressesSHIFT,ALTandotherspecialkeys

(Obaidatetal,1997).2.2.3TypingSpeed

17Anotherchallengeisthatthereisaverywidevarietyoftypingskills,andthe
biometricsystemsshouldworkforallusers.Firstofall,thespeedoftyping
canbewildlydifferentbetweendifferentusers.Anexperiencedtouchtypist

https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 16/47
10/14/2016 TurnitinOriginalityReport

writeseasilyseveraltensoftimesfasterthanabeginnerusinghuntand
peckstylewithonefinger.Alsothepredictabilityofafastwriterismuch
greaterthereisnoneedtostopandthinkwheresomeletterislocatedonthe
keyboard.Thetypingcanalsobeaffectediftheuserisonalowerlevelof
alertness,forexamplesleepyorill.Userswilladditionallysometimeshave
accidentsandconsequentlywriteinanabnormalfashionforafewweekswhen
afingerisbandaged,ortypewithonehandwhenholdingacoffeecupinother
hand,andsoon.Changingkeyboardtoadifferentmodelorusingalaptop
computerinsteadofanormalPCcanalsoaffectkeystrokedynamics
tremendously.Allthesefactorshavetobetakenintoaccountwhendesigning
akeystrokedynamicssystem

(Monroseetal,1999).2.3Technologies

29Biometrictechnologiesaredefinedasautomatedmethodsofverifyingor
recognizingtheidentityofalivingpersonbasedonphysiologicalor
behaviouralcharacteristics

(Aniletal,2004).

2Biometricstechnologiesaregainingpopularity,duetothereasonsthatwhen
usedinconjunctionwithtraditionalmethodsofauthenticationtheyprovidean
extrahigherlevelofsecurity.Biometricsinvolvessomethingapersonisor
does.Thesetypesofcharacteristicscanbeapproximatelydividedinto
physiologicalandbehaviouraltypes

(OGorman,2003).

2Physiologicalcharacteristicsrefertowhatthepersonis,orinotherwords,
they

36measurephysicalparametersofacertainpartofthebody.Someexamples
areFingerprints,HandGeometry,VeinChecking,IrisScanning,RetinalScanning,
FacialRecognition,andFacialThermogram.Behaviouralcharacteristicsare
relatedtowhatapersondoes,orhowthepersonusesthebody.Voiceprint,
gaitrecognition,SignatureRecognition,MouseDynamicsandkeystroke
dynamics,aregoodexamplesofthisgroup.

2KeystrokedynamicsisconsideredasastrongbehavioralBiometricbased
Authenticationsystem

(Awadetal,2005).

2Itisaprocessofanalyzingthewayausertypesataterminalbymonitoring
thekeyboardinordertoidentifytheusersbasedonhabitualKeystroke
Dynamicspatterns.Moreover,unlikeotherbiometricsystems,whichmaybe
expensivetoimplement,keystrokedynamicsisalmostfreeastheonly
hardwarerequiredisthekeyboard.

2.4VerificationTechniques

21Keystrokeverificationtechniquescanbeclassifiedaseitherstaticor
dynamic(continuous)(Monroseetal,1999).Staticverificationapproach
analyseskeystrokeverificationcharacteristiconlyatspecifictimesproviding
additionalsecuritythanthetraditionalusername/password.

https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 17/47
10/14/2016 TurnitinOriginalityReport

21Staticapproachesprovidemorerobustuserverificationthansimple
passwordsbutthedetectionofauserchangeafterthelogonauthenticationis
impossible.Continuousverification,oncontrary,monitorstheuser'styping
behaviorthroughoutthecourseoftheinteraction.Inthecontinuousprocess,
theuserismonitoredonaregularbasisthroughoutthetimehe/sheistyping
onthekeyboard,allowingarealtimeanalysis(Monroseetal,1997).Thismeans
thatevenafterasuccessfullogin,thetypingpatternsofapersonare
constantlyanalyzedandwhentheydonotmatchtheusersprofile,accessto
thesystemisblocked.2.5

MethodsandMetrics

23Previousstudieshaveidentifiedaselectionofdataacquisitiontechniques
andtypingmetricsuponwhichkeystrokeanalysiscanbebased.Thefollowing
sectionsummarizesthebasicmethodsandmetricsthatcanbeused

(Shanmugapriyaetal,2009).2.5.1

2StaticatLoginStatickeystrokeanalysisauthenticatesatypingpatternbased
onaknownkeyword,phraseorsomeotherpredeterminedtext.Thetyping
patterncapturediscomparedagainstapreviouslyrecordedtypingpatterns
storedduringsystem

enrolment.2.5.2PeriodicandContinuousDynamics

2Dynamickeystrokeanalysisauthenticatesauseronthebasisoftheirtyping
duringaloggedsession.Thedata,whichiscapturedintheloggedsession,is
thencomparedtoanarchivedtypingpatterntodeterminethedeviations.Ina
periodicconfiguration,theauthenticationcanbeconstanteitheraspartofa
timedsupervision.Continuouskeystrokeanalysisextendsthedatacapturing
totheentiredurationoftheloggedsession.Thecontinuousnatureoftheuser
monitoringofferssignificantlymoredatauponwhichtheauthentication
judgmentisbased.Furthermore,animpostormaybedetectedearlierinthe
sessionthanunderaperiodicallymonitoredimplementation.2.5.3Keyword
andApplicationSpecificsKeywordspecifickeystrokeanalysisextendsthe
continuousorperiodicmonitoringtoconsiderthemetricsrelatedtospecific
keywords.Extramonitoringisdonetodetectpotentialmisuseofsensitive
commands.Staticanalysiscouldbeappliedtospecifickeywordstoobtaina
higherconfidencejudgment.Applicationspecifickeystrokeanalysisfurther
extendsthecontinuousorperiodicmonitoring.Itmaybepossibletodevelop
separatekeystrokepatternsfordifferentapplications.Inadditiontoarangeof
implementationscenarios,therearealsoavarietyofpossiblekeystroke
metrics.TheFollowingarethemetricswidelyusedbykeystrokedynamics.
2.5.4DigraphandTrigraphLatenciesDigraphlatencyisthemetricthatismost
commonlyusedandtypicallymeasuresthedelaybetweenthekeyupandthe
subsequentkeydownevents,whichareproducedduringnormaltyping(e.g.
pressingletterTH).Trigraphlatencyextendsthedigraphlatencymetricto
considerthe

25timingforthreesuccessivekeystrokes(e.g.pressingletterTHE).Keyword
latencyKeywordlatenciesconsidertheoveralllatencyforacompleteword
ormayconsidertheuniquecombinationsofdigraphtrigraphsinaword
specificcontext.2.6PerformanceMeasuresPerformanceofKeystroke
analysisistypicallymeasuredintermsofvariouserrorrates,namelyFalse
AcceptRate(FAR)andFalseRejectRate(FRR).FARistheprobabilityofan
impostorposingasavaliduserbeingabletosuccessfullygainaccesstoa
securedsystem

https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 18/47
10/14/2016 TurnitinOriginalityReport
accordingtoGuvenetal,(2003).

6Instatistics,thisisreferredtoasaTypeIIerror.FRRmeasuresthepercentage
ofvaliduserswhoareKeystrokeDynamicsbasedAuthenticationrejectedas
impostors.Instatistics,thisisalsoreferredtoasaTypeIerror.Botherror
ratesshouldideallybe0%.Fromasecuritypointofview,typeIIerrorsshould
beminimizedthatisnochanceforanunauthorizedusertologin.However,
typeIerrorsshouldalsobeinfrequentbecausevalidusersgetannoyedifthe
systemrejectsthemincorrectly.Oneofthemostcommonmeasuresof
biometricsystemsistherateatwhichbothacceptandrejecterrorsareequal.
ThisisknownastheEqualErrorRate(EER),ortheCrossOverErrorRate
(CER).Thevalueindicatesthattheproportionoffalseacceptancesisequalto
theproportionoffalserejections.Thelowertheequalerrorratevalue,the
highertheaccuracyofthebiometricsystems.2.7KeystrokeAnalysis
ApproachesAnumberofstudies

2havebeenperformedintheareaofkeystrokeanalysissinceitsconception.
Therearetwomainkeystrokeanalysisapproachesforthepurposesofidentity
verification.TheyarestatisticaltechniquesandNeuralnetworks
techniquesSomecombinethe

two

2approaches.Thebasicideaofthestatisticalapproachistocomparea
referencesetoftypingcharacteristicsofacertainuserwithatestsetoftyping
characteristicsofthesameuseroratestsetofahacker.Thedistancebetween
thesetwosets(referenceandtest)shouldbebelowacertainthresholdorelse
theuserisrecognizedasahacker.NeuralNetworksprocessfirstbuildsa
predictionmodelfromhistoricaldata,thenusesthismodeltopredictthe
outcomeofanewtrial(ortoclassifyanewobservation).Althoughthestudies
tendtovaryinapproachfromwhatkeystrokeinformationtheyutilisetothe
patternclassificationtechniquestheyemploy,allhaveattemptedtosolvethe
problemofprovidingarobustandinexpensiveauthenticationmechanism.
Table1givesasummaryofmaintheresearchapproachesperformed.Table.1:
ApproachesinKeystrokeAnalysisStudyClassificationTechniqueUsersFAR
(%)FRR(%)Joyceetal,1990StaticStatistical330.2516.36Leggettetal,1991
DynamicStatistical3612.811.1Brownetal,1993StaticNeuralNetwork250
12.0Obaidat

etal,1993

43StaticNeuralNetwork2489Napieretal,1995DynamicStatistical243.8
(Combined)Sadoun

etal,1997

43StaticStatisticalNeuralNetwork150.71.900Monroseetal,1999Static
Statistical637.9(Combined)Choetal,2000StaticNeuralNetwork2101
Furnell

etal,2000

2StaticNeuralNetwork149.930Bergadanoetal,2002StaticStatistical154
0.014Guvenetal,2003StaticStatistical12110.7Sogukpinaretal,2004Static
Statistical00.660Dowlandetal,2004DynamicNeuralNetwork354.90Cho

etal2004

https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 19/47
10/14/2016 TurnitinOriginalityReport

2StaticNeuralNetwork2103.69Gunettietal,2005StaticNeuralNetwork205
0.0055Clarkeetal,2007StaticNeuralNetwork325(EqualErrorRate)Cho

etal,2007

2StaticNeuralNetwork210.43(AverageIntegratedErrors)Pinetal2008Static
Statistical506.36(EqualErrorRate)Withtheexceptionof

Pinetal(2008)mostofthecurrentresearchersprefertheuseofneuralnetworktechnique.Majorityofthe
goodresultsof

78FalseAcceptRate(FAR)andFalseRejectRate(FRR),arefromtheneural

networktechnique.Intermsofclassificationalmostallthegoodresultscamefromstaticevenfromthe
beginningoftheresearchintokeystrokedynamics2.8

2SecurityofKeystrokeDynamicsLittleresearchhasbeenconductedto
analysekeystrokedynamicsconcerningsecurity.Theapplicationofkeystroke
dynamicstocomputeraccesssecurityisrelativelynewandnotwidelyusedin
practice.Reportsonrealcasesofbreakingkeystrokedynamicsauthentication
systemdonotexist.Keystrokedynamicsschemesareanalysedregarding
traditionalattacktechniquesinthefollowingsection.Thetraditionalattacks
canbeclassifiedas:ShoulderSurfingRecordingUsersInformationSocial
andEngineeringGuessingBruteForceDictionaryAttack2.8.1Shoulder
SurfingAsimplewaytoobtainauserspasswordistowatchhimduring
authentication.

WiththecomingintotheexistenceofCCTVinstallationsinthesecuritysensitiveestablishments,an
intrudernowdonotneedtobecloseroratthesameofficetobeabletowatchsomeonewhenheorshe
istypingapassword.CCTVinstallationsdorecord,thereforeanintrudercancopyandplaybackthevideo
recordingfromtheCCTVinstallation.Thisiscalled

64shouldersurfing.Ifkeystrokedynamicsareusedintheverificationor
identificationmode,shouldersurfingwillnotbea

2threatfortheauthenticationsystem.Passwordisnotusedinthe
identificationcaseandthereforethepasswordcannotbestolen.Onlythe
keystrokepatternisimportantanddecisive.Incaseofverification,anattacker
maybeabletoobtainthepasswordbyshouldersurfing.However,keystroke
dynamicsforverificationisatwofactorauthenticationmechanism.The
keystrokepatternstillhastomatchwiththestoredprofile.

2.8.2RecordingUsersInformation

2Spywareissoftwarethatrecordsinformationaboutusers,usuallywithout
theirknowledge.Spywareisprobablythebestandeasiestwaytocrack
keystrokedynamicbasedauthenticationsystems.Ifauserunintentionally
installsaTrojanwhichrecordsalloftheuserstyping,keystrokelatenciesand
keystrokedurations,anattackercanusethisinformationtoreproducethe
userskeystrokepattern.Aprogramcouldsimulatetheuserstypingandget
accesstothesystemfromthekeystrokepattern.Muchmoreresearchinthe
areaisexpected.2.8.3SocialEngineeringSocialengineeringisthepracticeof
obtainingconfidentialinformationbypsychologicalmanipulationoflegitimate
users.AsocialengineerwillcommonlyusethetelephoneorInternettotrick
peopleintorevealingsensitiveinformationorgettingthemtodosomething
thatareagainsttypicalpolicies.Usingthismethod,socialengineersexploit
thenaturaltendencyofapersontotrusthisorherword,ratherthanexploiting
computersecurityholes.Phishingissocialengineeringviaemailorother

https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 20/47
10/14/2016 TurnitinOriginalityReport

electronicmeans.Onfirstsight,socialengineeringisnotpossiblewith
keystrokedynamics.Intheidentificationcasethereisnopasswordthatcanbe
givenaway,notevenonpurpose.Askingforthepasswordonthephoneand
pretendingtobetheauthorizeduser,isnotfeasible.Nevertheless,phishing,
socialengineeringviaInternet,maybeawayoftrickingausertogiveawayhis
keystrokepattern.Theattackermightportraitasatrustworthyperson,asking
theusertologontoaprimedwebsite.Whentheuserlogontothewebsite,the
attackermightrecordsthekeystrokerhythmoftheusers.However,the
successratewouldprobablybeverylow.Theusermusttypehisusername
andpasswordseveraltimesinordertohaveameaningfulkeystrokepattern.
2.8.4GuessingandBruteForcePeopleusecommonwordsfortheirpasswords.
Thewayoftypingofadifferentusercanhardlybesimulated.Therearejust
toomanyvarietiesofwaysoftypingonthekeyboard.Guessingoftyping
rhymesisimpossibleinkeystrokedynamics.Inabruteforce

2attack,anintrudertriesallpossiblecombinationsofcharacterstocrackinga
password.Themorecomplexapasswordis,themoresecureitisagainst
bruteforceattacks.Themaindefenseagainstbruteforcesearchistohavea
sufficientlylargepasswordspace.Thepasswordspaceofkeystrokedynamic
authenticationschemesisquitelarge.Itisnearlyimpossibletocarryouta
bruteforceattackagainstkeystrokedynamics.Theattackprogramsneedto
automaticallygeneratekeystrokepatternsandimitatehumaninput.If
keystrokedynamicsareusedinatwofactorauthenticationmechanism,thatis
passwordandkeystroke,itisalmostimpossibletooverpowerthesecurity
system.2.8.5DictionaryAttackAdictionaryattackisatechniquefordefeating
authenticationmechanismbytryingtodetermineitspassphrasebysearching
alargenumberofpossibilities.Incontrasttoabruteforceattack,whereall
possibilitiesaresearchedthroughexhaustively,adictionaryattackonlytries
possibilitiesthataremostlikelytosucceed,typicallyderivedfromalistof
wordsinadictionary.As

fordictionaryattacks,itisimpracticalandbarelyimpossibleto

6carryoutdictionaryattacksagainstkeystrokedynamicauthentication
mechanisms(Benny,2007).Itispossibletouseadictionaryattackwhich
consistsofgeneralkeystrokepatterns,butanautomateddictionaryattackwill
bemorecomplexthanatextbaseddictionaryattack.Againtheattack
programsneedtoautomaticallygeneratekeystrokepatternsandimitate
humaninput.Overallkeystrokedynamicsarelessvulnerabletobruteforce
anddictionaryattacksthantextbasedpasswords.

2.9FalseAlarmandanImposterPassRate

1ReportingofresearchintoKeystrokeDynamicsbeganintheearly1980swith
theoftencitedpioneeringpaperbyGainesetal

(1980),

1fromtheRANDCorporation.Theymeasuredtheeffectivenessoftheir
KeystrokeDynamicssystembytwoparameters(stillinusetoday).FAR,therate
thatakeyboardrhythmisfalselyidentifiedasbelongingtoanimposter,and
IPR,theratethatanimposterskeyboardrhythmisincorrectlyidentifiedas
belongingtoalegitimateuser(Bergadanoetal,2002).Theidealsituationisfor
boththeseparameterstobeasclosetozeroaspossibleusuallyitismore
acceptabletohaveahigherFARthanIPRifasecureenvironmentisthegoal.
InGainesetal,(1980)experiments,sevensecretarieswereaskedtoretypethe
samethreeparagraphsattwodifferenttimesoverfourmonthsandkeystroke
timingswerecompared.TheirresultsshowedaFARof4%ofanIPRof0%.

https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 21/47
10/14/2016 TurnitinOriginalityReport

Whiletheyprovedtheconceptofuseridentificationbykeyboardtimingsas
viable,itisdifficulttoevaluatetheeffectivenessoftheirmethodsduetothe
limitedscaleoftheirexperiments.Joyceetal,(1990)describetheiridentity
Verifierwhichisbasedonkeystroketimings.Intheirexperiments,thirtythree
userseachprovidedareferencesignaturebytypingintheirloginname,
password,firstnameandlastnameeighttimes.Theuserthentriedtologinto
theiraccountfivetimesandthedatacollected.Sixoftheusersactedas
impostersandtriedtologintotheremaining27accounts.Theyachieveda
FARof16.7%and

1IPRof0.25%.ThehighFARof16.7%isequaltoarejectionof1in6login
attemptsrequiringanotherattempt.Joyce

etal,(1990)noted

1thattheFARcouldbereducedifahigherIPRwasconsideredacceptable.
TheyalsonotethatsignificantreductionsinFARcanbeachievedwithonly
slightincreasesinIPRifthresholdsaremanipulatedincertainways.
Interestinglythesamplesfortheirexperimentsweretakenusingthesame
computersystemandthereforethesamekeyboard.Joyceetal,(1990)
recommendthatfurtherresearchisdonetoseetheeffectofothersystemson
theirresultsparticularlyseeingthattheabilitytorecordaccuratetimingsis
anessentialpartoftheiralgorithmandthismaynotbeavailableina
distributedoronlineenvironment.

Cho

1etal,(2000)reportaFARof1%whichiswithinthespecificationfor
acceptancebyuserssuggestedby

1Robinsonetal,(1998).Howevertheyrejectedtheresultsfromsome
inexperiencedtypistswhichtheyclaimimprovestheFARresultsoftheir
experiments.Theyrecommendthatfurtherinvestigationonroleoftyping
experienceisconducted.Yuetal,(2004)reflectonthiswork

andidentified

1twosignificantproblems:1.Trainingtimewasexcessive.2.Thedataset
requiredwastoolarge.Theyproposedasolutionthataddressesthese
problemswhilestillretainingsimilarFARandIPRresults.

2.10KeystrokeandDurationsLatenciesDurationisthelengthoftimekeysarepressed.Whileslatencyis
thetimebetweensuccessivekeystrokes.Monroseetal,(1997)acknowledgedtheworkofJoyceetal,
(1990)andextended

1theirresearchworkby:Examiningtheuseofkeystrokedurations

inadditiontokeystrokelatencies.

1Exploringthelongtermmeasurementofkeystrokedynamicsoverweeks
Measurementofkeystrokedynamicsusingtheusersowncomputer.Their
resultsshowedthatallthreeaspectscouldbeachievedwithinaworkable
framework.Particularinterestistheirfoundationworkonthedesignofa
dynamicauthenticationsystem(Leggett

etal,

https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 22/47
10/14/2016 TurnitinOriginalityReport

11991)thatauthenticatesauserovertimeusingtheunstructuredtexttypedby
auserintheirnormalworkpractices.Obaidatetal(1997)reportontheirwork
usingkeystrokedurations,latenciesandneuralnetstodetermineausers
identitybasedsolelyontheiruserID.TheyclaimverylowFalseAlarmand
ImposterPassrates

madethemobserved

1thatthekeystrokedurations(holdtimes)aremoresignificantthanthe
keystrokelatencies(timebetweenkeypresses).Significantly,theyhave
achievedgoodrecognitionusingveryshortstrings(10characters).Whatis
notclearfromtheirpaperisamountoftrainingrequiredbeforetheirsystem
willbeabletoperformtheverificationrecognitionthattheyclaimed.
Additionallyitisofconcernthatboththeimpostersandownerstyping
patternswereusedforlearningwhichisnotapplicabletomostnetwork
situations.Robinsonetal(1998)alsoconductedastudyonverificationof
userID,withreferencetoObaidatetal(1997),heachievedaFARof10%and

1IPRof9%.Theyusedbothkeystrokedurationsandlatenciesandthemean
userIDlengthwas6.4characters.Thoughimpressive,theycautionedthataFAR
oflessthan1%isrequiredbeforethistypeofsecuritymeasurecouldbe
considerednoninvasive.Bergadanoetal,(2002)reportedontheirkeystroke
analysistechnique,whichtakesintoaccountproblemsassociatedwith
variabilityoftypingandtypingerrors,andproducesaFARof4%and

1IPRoflessthan0.01%.Thiswasachievedbyusingthesamesamplingtextof
683charactersperuser(entered5times),allowingtypingerrors,andina
simulatedonlineenvironment.Interestingly,onceagain,thesampleswereall
collectedinthesameroomonthesamecomputerandthereforethesame
keyboard.Theauthorsstatedthattheywerenotsureoftheeffectofvariability
onkeyboardtypeandcondition,andthismaybeaweaknessintheirmethod.
ThereseemstobesubstantialevidencethatKeystrokeDynamicsasamethodof
authenticationisproventobeviable.Ongoingresearchisclearlyneededto
reducebothFARandIPRtolevelsthatbecometransparenttotheuser.2.

11LatencyPatternsResearcherswhoanalysed

10keystrokelatencypatternstoidentifythepersontypingonthekeyboard

werePerrigetal,(1997).Unlikepreviousworks

10whichfocusedontakingonereferencesampleanddoinguser
authenticationbasedononereference.

Perrigetal,(1997)used

10continuouslysampleuserinputandusedthecumulativedatafor

identificationoftherightuser.Theyalsodidnotspecifytheidealnumberoftimes.

10Inmanysituations,ausermayleavehiscomputerwithoutloggingoutor
lockingthecomputer.Thisgivesanintruderachancetousetheconsoleand
theuserslogontobreakintothesystems.

Intheirprojectreporttheywereableto

https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 23/47
10/14/2016 TurnitinOriginalityReport

31presentatooltoprovidecontinuousauthenticationoftheuserby
continuouslymonitoringtheuserstypingpattern.Assoonasadifferent
typingpatternisdetected,thecomputerlocksupandthesuspectedintruderis
askedtotypeinapassword.Thistechniquecanbeusefulinmanysettings,for
instance,notebooks.Itcanalsobeusedasanadditionalbiometric
authenticationmethodinahighsecurity

institution.Theirapproachwas

10tovalidateuseridentityatalltimesbycontinuouslymonitoringkeystrokes.
Eachkeystrokeiscapturedthrough

10Xwindowsserverandprocessedeithertotrainthemodelortocomputea
probabilitythatthecurrentuseristhesameastheuseronwhomthemodel
wastrained.Thesystemisusingthekeystrokedelaystosetupastructure
similartoaMarkovchainwhichmodelsthemeansandvarianceofthedelay
betweentwokeystrokes.Thesystemtakesallthecombinationsoftwo
subsequentkeysandstoresthedata.Toidentifyauser,

thesystemchecks

10whichusersmodelmaximizesthelikelihoodoftherecentkeypresses.2.12
LatencyObservation

Perrigetal,(1997)definelatencyobservationasthemonitoringof

12allthekeyeventsthatusertypes.Intheirapproach,typingonekeytriggersa
pairofkeyevents:pressandrelease,whichtheycallakeystroke.Theyhadthe
latencybetweenpressingandreleasingakeyforeachkeythatistyped,which
iscalledPRlatency.Foreachtwocontinuouskeystyped,theyhadthelatency
betweenthereleaseeventofthefirstkeyandthepresseventofthesecond
key,whichiscalledRPlatency.PRlatencyisalwayspositive,becauseakey
canonlybereleasedafteritspressed.RPlatencycanbenegative,because
thesecondkeycanbepressedbeforethefirstkeyisreleased.

Theirapproach,

12PRlatenciesandRPlatenciesaregroupedrespectivelyinthreedifferent
ways:bigram,trigramandwordgram.AKeyeventisabigramevent,atrigram
eventorawordgramevent.Bigramgroupedeverytwocontinuouskeystrokes
intoonebigrameventandindexitbythetwokeys.Trigramgroupedevery
threecontinuouskeystrokesintoonetrigrameventandindexitbythethree
keys.Wordgramgroupeverycontinuoussetofkeystrokesthatonlycontains
letters,theCapsLockkeyandtheShiftkeyintoonewordgrameventandindex
itbythekeys.TheCardinalityofakeyeventisthenumberofkeysintheevent.
Abigrameventhasacardinalityoftwo.Atrigrameventhasacardinalityof
three.Awordgrameventhasacardinalityofthelengthoftheword.The
Bigrammodelcontainsallthebigrameventsdata.ATrigrammodelcontains
allthetrigrameventsdata.AWordgrammodelcontainsallthewordgram
eventsdata.Theycallthedatasetofeachindexinthethreemodelstheindex
set.TheCardinalityofanindexsetisthecardinalityoftheindexoftheindex
set.IntheStatisticsModel

26foreachuser,theybuildupthreemodels:bigrammodel,trigrammodeland
wordgrammodel.Inthetrainingphase,theyinsertedthedataintothethree
modelsastheydescribedabove.Thentheycomputedthemeanandthe
standarddeviationofeachindexsetofthethreemodels.Intheprediction

https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 24/47
10/14/2016 TurnitinOriginalityReport

phase,theyusedthekeystrokesgathered,fromtheXserverastheinputtothe
threemodelsandcomputedtheprediction.IntheIndexsetprediction,they
assumedanindexsethasavectorofmeanandavectorofstandarddeviation.
Theyweremonitoringthe

10keystrokesoftheuserscontinuously,foreachnewkeyeventandcomputing
theindexsetpredictionsaccordingtothekeyeventonthegivenmodel.Then
theycomputedthecurrentpredictionsofwhetherthekeystrokesaretypedfrom
theuserofthemodelbasedontheweightedaverage.The

weightedaveragedemandsthattheuserskeystrokepatternremainsrelativelyconstant.Butinreal
situationitisvirtuallynotpossibletomaintainconstantkeystrokepatterns.SystemArchitectPerrigetal
(1997),used

10aprogramcalledxlisten(writteninC)grabskeystrokesfromtheXserver
andforeachkeypressedorreleasedoutputsalineofdatadescribingthe
event,includingwhichkeywaspressedorreleasedandthelatencyin
millisecondssincethelastevent.Theserawdataarepassedbytheshelltothe
mainprogram(writteninJava)whichhasthreedistinctinputmodulesto
processthethreeinputeventtypes:bigrams,trigrams,andwordgrams.Each
keystrokecanbeprocessedsimultaneouslybythesemodulesandtheresults
combinedorcompared.Thethreeinputmoduleshaveacommonoutput
formatwhichissenttothestatisticsmodule.Thestatisticsmodulehastwo
modes:trainandpredict.Intrainingmode,itincorporateseachneweventinto
itsmodel.

Thesestepsmakethesystemuserunfriendly,whichisneededinthesuccessfulimplementationofthe
system.2.13TypingErrorThe

7distancebetweentwosamplesiscomputedonthebasisoftherelative
positionsofthetrigraphsthesamplesaremadeof.Therelativepositionofa
trigraphinasampledependsonthedurationofthattrigraph.Asa
consequence,whencomparingtwosamples,theymustcontainthesame
trigraphs.However,thisdoesnotmeanthatthetwosamplesmustbe
producedbytypingexactlythesametext.Simply,beforethesamplesare
comparedtocomputetheirdistance,theyarefilteredinordertokeeponlythe
sharedtrigraphs,ofcourse,thelargerthenumberofcommontrigraphs,the
moremeaningfulthevalueoftheirdistance.Ifthesametextisusedforallthe
typingsamples,theonlytrigraphsnotsharedbytwosamplesarethosedueto
typingerrors.Suchtrigraphsarefilteredawaybeforecomparingthetwo
samples.Ifthenumberoftrigraphskeptinthetwosamplesislargeenough,
thecomputationcanstilltakeplace.Intheseexperiments,eachuserwas
alwaysleftfreetomaketypingerrorsandtodecidewhethertocorrectthemor
not.Also,theuserwasfreetostoptypingashe/sheliked(torereadwhatwas
writtenuptothatpoint,tocorrectsomething,orjusttotakeabreak)

(Bergadanoetal,2002).

7Nosamplewasthrownawaybecauseoftypingerrorsinit.Ofcourse,this
hadconsequencesonthenumberoftrigraphsactuallyinvolvedinthe
comparisonoftwosamples,thoughthetextusedintheexperimentsismade
ofabout350differenttrigraphs,thenumberoftrigraphssharedbytwo
sampleswas272ontheaverage.Inthewholesetofsamplesusedinthese
experiments,thereisvirtuallynoonepairofsamplescontainingthesameset
oftrigraphs.Itmustbenotedthatmostoftheexperimentsfoundinthe
literaturerejectedanysamplecontainingtypingerrors(Blehaetal,1990,
Brownetal,1993andObaidat

etal,1997).Accordingto,Leggettetal

https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 25/47
10/14/2016 TurnitinOriginalityReport

7,(1988),samplesarekepteveniftheycontaintypingerrors,whileno
informationisavailablefortheexperimentdescribed.

2.14ClassificationsofUsersWhen

7givenasetofusersandasetoftypingsamplesofthesametextfromthose
users.Givenanewsamplefromoneoftheusers,

Bergadanoetal(2002)andClaudia(2005)didstudiesontheClassificationofusers.Theywantedto

7determinewhotypedit.Ontheaverage,theyexpectedthedistancebetween
twosamplesofthesameusertobesmallerthanthedistancebetweentwo
differentuserssamples.

Oltsik(2006)saidthatthe

16advantagesofKeystrokeDynamicsinauthenticationsoftwaredeliversa
solutionthatisfast,accurate,scalabletomillionsofusers,requiresnochange
inuserbehaviourandisimmediatelydeployableacrosstheorganizationand
theInternetwithouttheneedforexpensivetokens,cardsorotherspecialized
hardware.

2.15TypingTaskSomeresearchersworkonlogintypeauthenticationwhileothersworkoninsession
authentication.Amongresearchonlogintypeauthentication,wheresubjectstypethesamesequence
repeatedly,thesequencerangesfroma7characterpasswordtoa50charactersentence(Choetal,
2000).Amongresearchoninsessionauthentication,wheresubjectstypelongspansoftext,some
researchershavesubjectstranscribetext(e.g,apassagefromanovel),whileothersmonitorkeystrokes
duringsubjectsdaytodayactivities(Bergadanoetal,2002).Becauseresearchhasfoundsomedigraphs
tobebetterthanothersforaccuratekeystrokedynamics(Janakiraman,2007),thesystemknowsthatthe
errorratesdependonthetypingtask.Perhapsthesedifferenttypingtasksexplainwhydifferent
researchersgetdifferenterrorrates.2.16ReliabilityofUserAuthenticationKeystrokedynamicismost
appropriatewayofchecking

3ReliabilityofuserAuthentication.Thefactisthatpeoplecanbeidentified
throughtheirtypingbehaviour,alreadyknownintheearlydaysofthetelegraph

3becameimportantduringtheSecondWorldWar.Morsecodeismadeupof
dotsanddashes,eachofwhichhasitsdescribedlength.Butnoonereplicates
thoseprescribedlengthsperfectly(Magnus,2009).Thevariationofspacing,
stretchingoutofthe

3dotsanddashes,definesarhythmspecifictotheoperator.Thisrhythmis
calledtheoperatorsfirst.The

3basicideaofthestatisticalapproachistocompareareferencesetoftyping
characteristicsofacertainuserwithatestsetoftypingcharacteristicsofthe
sameuseroratestsetofahacker.Thedistancebetweenthesetwosets
(referenceandtest)shouldbebelowacertainthresholdorelsetheuseris
recognizedasahacker.Dataminingisacollectionoftechniquesfromthefield
ofArtificialIntelligenceandMachineLearning,andincludesalsoneural
networks.Adataminingprocesstypicallyfirstbuildsapredictionmodelfrom
historicaldata,andthenusesthismodeltopredicttheoutcomeofanewtrial
(ortoclassifyanewobservation).Incontrasttostatistics,dataminingmakes
noassumptionaboutthedata.Thekeydifferencebetweenthestatisticaland
dataminingmethodsisthereforetheinformationthatisused.Forexample,ina
dataminingapproach,notonlythesimilaritiesbetweenthepatternsofthe
sameuserareconsidered,butalsothedifferencesofthispatternwithallthe
otherpatternsobservedinbuildingofthemodel.

https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 26/47
10/14/2016 TurnitinOriginalityReport

Thisis

3wherethesystemcontinuouslymonitorsauserstypingpattern.Ifthe
patterndoesnotmatchtheprofileoftheloggedonuserthecomputershuts
downoraskstheuserorhackertotypeapassword.Withthismethodone
continuouslyupdatesandmonitorsaloggedonusersprofile.

Magnusin1999goesontosaythat

3distinguishingbetweenrealusersandhackerscanalsobeviewedasaone
classclassificationproblemwhereonetriestodistinguishoneclassofobjects
(realusers)fromallotherpossibleobjects(hackers)bylearningfroma
trainingsetcontainingonlytheobjectsofthatclass.

3Oneproblemwiththeempiricalapplicationsisthelackofdata

andthestudyingshiftkeypatterns.His

3datasetconsistsof1254participantswhotypedthesameusernameand
password,20timeseach.Ofcourse,mistakesweremadeandnotall
participantscompletedthefullsessionof20logins.Nevertheless,thedataset
islargeenoughtobeinformative.Thefactthateachparticipanthasthesame
usernameandpasswordisimportant,becausethisallowsthemtoconsider
eachasapossiblehackertotheother.

Magnus(1999)said

3whenapotentialparticipanthitsthewebsite,asessionisstarted.Intotal,
3476sessionswerestartedinthisway.Thefirststepfortheparticipantisto
clicktherelevantlinkanddownloadaflashapplet

3tohis/herowncomputer.Thepurposeoftheflashappletistorecordthe
necessarytimingsduringthesession,basedontheclockoftheparticipants
computer.Themainactivitythustakesplaceontheparticipantscomputerand
notonthewebsitesserver,thereforetechnicalproblemssuchasnetwork
latencyoroverloadingoftheserverareavoided.Understandably,many
potentialparticipantsdidnotdownloadtheflashappletorloggedoff
immediatelyafterwards,withoutrecordinganytimings.Thishappenedin64%
ofthesessions.Thisleavesuswith1254sessionswheretimingshavebeen
recorded.Theparticipantsweregivenausername(35atrick)andapassword
(water83),thesameforallparticipants.Theywerethenaskedtotypetheir
usernameandpassword20times.Foreachofthe20loginattempts,fromthe

figure1below,theypressed(P)andreleasesI

3clocktimesofeachofthe14characterswererecorded.Thisgives(Pi,Ri)
fori=1,...,14.Fromthesedata,

hewasableto

3calculatedwelltimes(D)andflighttimes(F)as= = 1.
Hence,thedwelltimerecordsthetimethateachkeyisheldpressed,andthe
flighttimerecordsthetimebetweentwoconsecutivepresstimes.Clearly,F1
hasnomeaning,

becausehe

https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 27/47
10/14/2016 TurnitinOriginalityReport

3attachnosignificancetothetimeelapsedbetweenthelastletterofthe
usernameandthefirstletterofthepassword.Thisgiveshim14dwelltimes
and12flighttimesperloginattempt.Itmightseemmorenaturaltodefine
flighttimeas=1sothatthelogindurationisbrokenupin
independentnonoverlappingpieces.Thisisnot,however,agoodidea,
becauseFcanbe(andoftenis)negative.Althoughtheflashappletrecords
bothpressandreleasetimes,charactersregisteredbythecomputerare
controlledonlybythemomentthekeyispressed,notbythemomentthekey
isreleased,andonemay(andoftenwill)pressthenextkeywhentheprevious
keyisnotyetreleased.

2.16.1DwellandFlightTimeCalculations

94Figure.1:DwellandFlightTime

Calculation(Source:

49InternationalJournalofAdvancedResearchinComputerand
CommunicationEngineeringVol.3,Issue10,October2014)

3Ifallparticipantswouldcompletetheirsession(20logins)andmakeno
typingerrors,

whenhehad2620

31254=652,080datapoints.Someparticipantsquittedvoluntarily(theyclosed
theirbrowser)orinvoluntarily(theircomputercrashed),sothattheydidnot
completeall20logins.Inaddition,participantsmadetypingerrors.Ifatyping
errorismadeinausername(orpassword),thenalldwellandflighttimesfor
thatattemptedusername(password)aredeleted.Errorscannotbecorrected.
Usingbackspace

3usesonlytwofingerswillhavealargerflighttimeonaveragethanaperson
whousestenfingers.Finally,hecommentedbrieflyonthewithinperson
variance.

Hecomparedparticipants

3fromthegroupwherethefirstloginisdeletedandexactly15oftheremaining
19loginsarecorrect,

3withthegroupofallparticipantswhohaveatleast6errorfreeattempts.He
thencalculateforeachofthe96participantsandforeachcharactertheSDof
thedwelltimesandcomparedthiswiththeaverageover1000randomdrawsof
15attemptsonthesamecharacterfromtheentirepopulation.Thewithin
personSDisabout47%fortheusernameand44%forthepasswordcompared
withtheSDinthewholepopulation.Herepeatedtheexperimentforasecond
groupwherethefirstfiveloginsaredeletedandall15remainingloginsare
correct,

3thenthewithinpersonSDdropstoabout42%fortheusernameand38%for
thepasswordcomparedwiththeSDinthewholepopulation.Thepercentages
inthesecondexperimentarelowerbecausetheseparticipantsmakefewer
errorsandarethereforelikelytobemoreconsistenttypists.AdropinSDof
5060%maynotseemmuchtodevelopapowerfultest.

https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 28/47
10/14/2016 TurnitinOriginalityReport
Magnus(1999)waysoftestingReliabilityofuserAuthenticationisnotaccuratebecauseerrorscannotbe
correctedbytherightuser.Alltheseruleshavemadekeystrokedynamicsunpopularintheuser
authentications.2.17PasswordHardening

42PasswordHardeningisanyoneofthevarietyofmeasurestakentomakeit
moredifficultforanintrudertocircumventtheauthenticationprocess.
PasswordHardeningmaytaketheformofmultifactorauthenticationby
addingsomecomponentstotheusername/passwordcombinationormaybe
policybased

(Margaretetal,2007).(Choetal,2000)

1Researchorientedtowardsimprovingthesecurityofpasswordsispresented
inthissection.Thesesystemsintegrateandaugmentthesecurityprovidedby
conventionalusername/passwordsystems.

Heproposed

1awebbasedjavaappletsystemforverifyingauthenticityofpasswordsusing
keystrokedynamicsandneuralnetsforanalysis.Thesystemisdescribedas
follows:Whenaclienttriestoaccessahomepage,forexample,sayaschools
onlineshop,locatedinaserver,theusertypesthealreadyregistereduserID.
ThentheserversendstheclientaJavaappletcodethatcanmeasurethe
userspasswordkeystroketimingvector.OncetheJavaappletisrunningon
theclientsystem,itgatherstheuserskeystroketimingvector,itsendsitback
totheserver.Thentheautoassociativeneuralnetworklocatedintheservercan
verifywhethertheuseristhepersonhe/sheclaimstobe.Becausethecodeis
programmedinJava,anyclientsystemthathasaJavabrowsercanbe
connectedtotheserver.Monroseetal(2002)presenteda

1systemwhereauserskeystrokelatenciesanddurationsarecombinedwith
theuserspasswordtoformahardenedpasswordthatismoresecurethana
conventionalpassword.Theirschemeautomaticallyadaptstogradual
changesinauserstypingpatternswhilestillmaintainingthesamehardened
passwordacrossmultiplelogins.Initiallythepasswordisassecureasa
conventionalpasswordandisgraduallyhardenedasbiometricinformation
becomesavailable.Theyidentifythemainlimitationoftheirsystemthatisthe
situationwhereauser,whostypingpatternschangesubstantiallybetween
successivelogins,possiblyduetoanunfamiliarkeyboardfailstogeneratethe
correcthardenedpasswordandislockedoutofthesystem.

1Monroseetal(2002)alsoclaimthattheirsystemimprovesonotherexisting
passwordhardeningsystems,inparticularthecommercialBIOPASSWORD
system,bygeneratingarepeatablekeyfromthebiometriccomponentofthe
hardenedpasswordthatisstrongerthanthepassworditself.Othersystems,
theyargue,areabletobecompromisedifthehardenedpasswordiscaptured
andattackedalthoughonewouldexpectthistotakesignificantlylongerthan
withaconventionalpassword.Whiletheirresultsareveryencouragingthey
provideacautionarynotethatthetrialwaslimitedto20usersand1password
theystronglyrecommendthatfurtherresearchisconductedinthisarea.
Whiletheresearchonpasswordhardeningusingkeystrokedynamicsis
limited,itisclearthatasameansofimprovingthesecurityof
username/passwordauthenticationwhilestillworkingwithinexisting
frameworks,themethodisviableinanetworkedenvironment.

2.18CommercialImplementationofKeystrokeDynamicsFewsoftwarehousesmadeanattempttocome
outwithproductsonkeystrokedynamics.Themostpopularoneisthe

https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 29/47
10/14/2016 TurnitinOriginalityReport

1BIOPASSWORD(www.biopassword.com).Itisacommercialimplementation
ofKeystrokeDynamicsforsecuringnetworks,andstandalonePCsusinga
standardusername/passwordlogon.Itismiddlewarethatreplacesthenormal
logonscreenofaPC.ItissoldbyBioNetSystemswhorecentlypurchasedthe
rightsandtechnologyfromNetNannyInc.BIOPASSWORDisaderivativeof
thepioneeringworkconductedbytheRANDCorporation

andisprotectedbyanumberofpatents(Gainesetal,1980

1).Inthenetworkversionofthesoftware,specialserversoftwareisinstalled
onawindowsNT/2000/2003domaincontroller,whichthencontrolsthelogon
ofdomainmembercomputers.Newusersarerequiredtoentertheirusername
andpassword15times(defaultvalue)toenablekeystrokedynamicstobe
recordedthisiscalledthetrainingcycle.Asecuritylevelcanbesetforeach
userthisappearstobeathresholdforbalancingFARandIPR.(Patricketal,
2004).BIOPASSWORDhasreceivedanumberoffavourablereviewsfromthe
ITpress.

1Itwouldseemthatreviewersonthewholefoundthesecurityofferedbythe
systemtobereliableandeffectivewithnoneofthereviewersabletogenerate
ImposterPasserrors.Reviewersalsofoundthelearningphasetobe
acceptable.Therewasmixedopinionontheeaseofinstallationwithone
reviewerlamentingonthehighknowledgeofWindowsDomainstructures
required.Becauseofthemiddlewarenatureofthesoftware,onereviewerwas
abletobypasssecuritybyusingrunasprivilegeshoweveritwas
suggestedthatwouldbefixedinalaterversionofthesoftware.Particular
interestisthetimingofthereviewarticleswhichalloccurredaroundthe
launchofthesoftwarein2001/2002.Therewerealsoanumberof
announcementtypearticleswrittenaroundthistimealso.Sincethistimethe
BIOPASSWORDsoftwareseemstohavebeenlargelyforgottenbytheITand
popularpress.Thiscouldbeinterpretedtomeanthatithasnotyetmadethe
marketpenetrationthatwasheraldedinitsinitialrelease,howeveritcould
alsoindicatethatthemediahassimplyturneditsattentiontomore
newsworthyitemstimeofcoursewilltell.(

Altman,2002andBragg,2002).

1BIOPASSWORDcomesinaSoftwareDevelopmentKit(SDK)versionand
twocommercialproductsclaimtoincorporateitintotheirproducts
(WWW.DistanceEducator.com,

2001).BIOPASSWORDhas

1enteredintoalicensingagreementwithNetNannyInc(thethenownersof
BIOPASSWORD)toincorporateBIOPASSWORDtechnologyintotheironline
verificationsystem.Whetherthisactuallyoccurred(andisstillinuse)cannot
bedeterminedfromavailableonlineinformation.SymmetricSciences,developed
(2002),issoftwarethatmanagesclinicaltrialdata.Ithasincorporated
biometricuserauthenticationfeaturesdevelopedusingtheBIOPASSWORD
SDKsince2001.Accordingtotheirwebsite,(www.symetric.ca,2001)thelatest
versionofthesoftwarestillhasthisfeature.TheCreditUnionTimesGentile
(2004)reportedthat,SanAntonioCityEmployeesCreditUnionhasrecently
introducedBIOPASSWORDsecurityintotheirlaptops.BioNetSystems
themselvesclaimontheirwebsite,(www.biopassword.com,2006)tobein
partnershipwithlargecorporationssuchasNovell,Citrixandareactively
developingproductsincorporatingtheirBIOPASSWORDtechnology.

2.19ApplicationsUnderKeystrokeDynamics

https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 30/47
10/14/2016 TurnitinOriginalityReport

14Keystrokedynamicshasmanyapplicationsinthecomputersecurityarena.
Oneareawheretheuseofastaticapproachtokeystrokedynamicsmaybe
particularlyappealingisinrestrictingrootlevelaccesstothemasterserver
hosting.

5Anyuseraccessingthenetworkispromptedtotypeafewwordsofapass
phraseinconjunctionwithhis/herusernameandpassword.Accessisgranted
ifhis/hertypingpatternmatcheswithinareasonablethresholdoftheclaimed
identity.Thissafeguardiseffectiveasthereisusuallynoremoteaccess
allowedtothenetwork,andtheonlyentrypointisviaconsolelogin.
Alternatively,dynamicorcontinuousmonitoringoftheinteractionofusers
whileaccessinghighlyrestricteddocumentsorexecutingtasksin
environmentswheretheusermustbealertatalltimes(forexampleair
trafficcontrol),isanidealscenariofortheapplicationofakeystroke
authenticationsystem.Keystrokedynamicsmaybeusedtodetect
uncharacteristictypingrhythm(broughtonbydrowsiness,fatigueetc.)inthe
userandnotifythirdparties.

Magnus(1999)concludedbyaddressingthe

5practicalimportanceofusingkeystrokedynamics,asabiometricfor
authenticatingaccesstoworkstations.Keystrokedynamicsistheprocessof
analyzingthewayuserstypebymonitoringkeyboardinputsand
authenticatingthembasedonhabitualpatternsintheirtypingrhythm.He
reviewsthecurrentstateofkeystrokedynamicsandpresentclassification
techniquesbasedontemplatematchingandBayesianlikelihoodmodels.He
arguethatalthoughtheuseofabehaviouraltrait(ratherthanaphysiological
characteristic)asasignofidentityhasinherentlimitations,whenimplemented
inconjunctionwithtraditionalschemes,keystrokedynamicsallowsforthe
designofmorerobustauthenticationsystemsthantraditionalpasswordbased
alternativesalone.Theinherentlimitationsthatarisewiththeuseofkeystroke
dynamicsasanauthenticationmechanismareattributedtothenatureofthe
referencesignatureanditsrelationshiptotheuserrecognizingusersbased
onhabitualrhythmintheirtypingpatternusesdynamicperformancefeatures
thatdependuponanacttherhythmisafunctionoftheuserandthe
environment.Theproblemwithkeystrokerecognitionisthatunlikenonstatic
biometrics(suchasvoice)therearenoknownfeaturesorfeature
transformationswhicharededicatedsolelytocarryingdiscriminating
information.Fortunately,inthepastfewyearsresearchershavepresented
empiricalfindingsthatshowthatdifferentindividualsexhibitcharacteristicsin
theirtypicalrhythmthatarestrikingindividualisticandthatthese
characteristicscanbesuccessfullyexploitedandusedforidentification
purposes.Theperformanceofhisclassifiersonadatasetof63usersranges
from83.22%to92.14%accuracydependingontheapproachbeingused

5inthatthereissignificantvariabilitywithwhichtypistsproducesdigraphs.
Hence,Hesuggeststheuseofdigraphspecificmeasuresofvariabilityinstead
ofsinglelowpassfilters.Additionally,Hearguesinfavouroftheuseof
structuredtextinsteadofallowinguserstotypearbitrarytext(i.e.,freetext)
duringtheidentificationprocess.Whilerecognitionbasedonfreetextmaybe
moredesirable,freetextrecognitionwasobservedtovarygreatlyunder
operationalconditionsthefactthattheinputisunconstrained,thattheuser
maybeuncooperative,andthatenvironmentalparametersthatare
uncontrolledimposelimitationsonwhatcanbeachievedwithfreetext
recognition.

ThebelieveisthatMagnus(1990)pointofviewofusingfreetesttolearnisthebestbecausesome
charactermaynotbecommonlyusedortypedbysomegroupofpeople.FortheexampleanAkanstribe

https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 31/47
10/14/2016 TurnitinOriginalityReport
inGhanadonotcommonlyuseortypeletterslikeq,c,z,x,j.SoitisbettertoallowforFreeText.2.20
LessonsandConclusion

1DespitethegreatpromiseofbiometrictechniquesusingKeystrokeDynamics
asameansofimprovingauthentication,thereseemstohavebeena
disproportionatelylowpenetrationofthemethodintomainstream
authentication

ofuserofcomputer.

1Nearlyallthedocumentsreviewedinthisresearchwork,complainonthis
situation.Anumberofplausiblereasonscanbeofferedthatcenteredaroundthe
theme,whichonceaKeystrokeDynamicssystemofauthenticationisdeployed,
lifeismademoredifficultforeveryoneinvolvedincludingusers,
administrators,andsupportstaff.Forexample:Thetechnologyusually
requirestheinstallationofmiddlewarewhichisanadditionalexpenseand
additionaldrainonITadministrativeandsupportresources.Middleware
introducesmorecomplexityintothelogonprocedureandcreatesagreater
opportunityforfailureandattackvectors(Bragg,2002).Withthe

systemtobedeveloped,therewillbenomiddleware.The

1technologymakesthelogonproceduremoredifficultforusers,particularly
whenFARarehigh.ThiswillimpactonHelpDesks,alreadyreceivinghalftheir
workloadaspasswordrelatedissues.Patrick,(2002)whocouldriskhaving
evenmorepasswordrelatedsupportcalls.Theuseofsuchbiometric
techniquesneedstobecoordinatedacrossausergroupandthisrequires
setupandmaintenanceresources.Theuseofsuchtechniques,withitsgreater
relianceonacceptablepasswordconstructionmayexposeexisting
weaknessesinIT(InformationTechnology)policyandimplementationina
workplace.Thetechnologyisnewandtheremaybearesistanceandlackof
trusttowardssuchaninnovation.Conservativeorganizationsmaybewaiting
untilotherorganizationsadoptsuchprocedures.Thereisprobablyalackof
government/legislativerequirements/incentivestoimproveauthenticationto
thelevelaffordedby

BiometricKeystrokeDynamicsCHAPTER3METHODOLOGYANDDESIGN3.1ReviewThe

95motivationforusingkeystrokefeaturesto

strengthenpasswordbasedauthenticationcomesfromnumerousresearcheffortsthatvalidatethe

84hypothesis,thatcertainkeystrokefeaturesarehighlyrepeatableand

thatsignificantvariationexistbetweenusers(Gainesetal,1980).Whileresearchesonnetworksecurity
authentication

1usingkeystrokedynamicsarelimited,itisclearthatasameansofimproving
networksecurityauthenticationwhilestillworkingwithinexistingframeworks.
Themethodsareviableinanetworkedenvironment.

Thesystemwill:GenerateIDandkeystrokepatternDesignanefficientwayofsavingandretrieving
passwordCodedatabaseinbinaryformattoavoidpasswordhackingHelpuserstolearnpassword
patternProvideefficientandsecurewayofaccessingthenetworkProvidinglocalauthenticationThe
systemwillbeanalysed,designed,developedtestedandimplementedattheAnglicanSeniorHighSchool
tohandleactivitiesatthefollowingdepartments:AdministrationAcademicDomestic3.2System
AnalysisInordertocomeupwithanymeaningfulsolutiontotheproblembeingfacedbytheSchool,there
isa

https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 32/47
10/14/2016 TurnitinOriginalityReport

24needtoseeallsidesoftheproblemtocomeoutwithanacceptablesolution.
Analysisinvolvesstudyingthesystemandseeinghowtheyinteractwiththe
entitiesoutsideaswellasinsidethesystem.

24Detailedspecificationsofwhatthesystemwillaccomplishbasedonthe
userrequirements

wereanalysed(Theuserrequirementsinthiscasewereproposed,sincethisisastudentsprojectwork).

33InSystemAnalysismoreemphasisisgiventounderstandingthedetailsof
anexistingsystemoraproposedoneandthendecideswhethertheproposed
systemisdesirableornotandwhethertheexistingsystemneeds
improvements.Thus,systemanalysisistheprocessofinvestigatingasystem,
identifyingproblems,andusingtheinformationtorecommendimprovements
totheexistingsystem.Systemsdesignwilltakethe

24requirementsandanalysisintoconsiderationandcomeoutwithhighand
lowleveldesignsthatwillformtheblueprinttotheactualsolutiontothe
problemathand.Inthisdynamicworld,analysisanddesignhavetolookinto
makingsystemsthatareflexibleenoughtoaccommodatechanges,astheyare
inevitableinanysystems.System

79developmentcangenerallybethoughtofhavingtwomajorcomponents:

Followingthestepsbelow,

46itbecomesveryeasytodrawtheexactboundaryofthenewsystemunder
consideration:Keepinginviewtheproblemsandnewrequirements
WorkouttheprosandconsincludingnewareasofthesystemSystem
Analysis

and

58designalsoincludesubdivisionofcomplexprocessesinvolvingtheentire
system,identificationofdatastoresandmanualprocesses.Allprocedures
andrequirements

will

65beanalysedanddocumentedintheformofdetaileddataflowdiagrams
(DFDs),EntityRelationalDiagrams,andLogicaldatastructures.

3.3RequirementsGatheringIntheefforttoreallyunderstandthecurrentsystembeingoperatedatthe
School,AnexistingproblemwereknownbygoingtotheschooltofindouttheproblemstheSchoolwas
facing,tocomeoutwithalternativesolutionsandfinallychoosethebestsolutionfortheSchool,Various
techniqueswereadoptedinachievingthemainaimofsystem.Theunderlistedtechniqueswereadopted:
3.3.1SamplingofExistingDocumentsandEventsVarioussamplesofdocumentsandeventsthatoccurat
theSchoolconcerningtheschoolnetworksecuritysystemwerecollectedincludedthefollowing
IntrusiontoadministrationrecordsAlterationofstudentsmarksIndepthanalysisofthesedocuments
hadbeenconductedwhichformsthebasisofthegenerationoftheentityrelationaldiagram.3.3.2
InterviewwiththeStaffoftheSchoolTheheadmasterwasthemainsourceofinformationinregardsto
knowingabouttheproblemdomain.Thecontextdiagramaspartofthisdocumentwasgeneratedduring
theinterviewwiththeSchoolHeadmaster.HeactuallymadeusunderstandthattheSchoolhavenothad
anymeaningfulsecuritypolicyorsystemstomanagetheirSchoolnetwork.Inhisview,beingableto
outlinesomeoftherequirementsoftheproposedsystemwasabitofaproblemastheusershavebeen
sousedtotheoldwaysofworking.Therewerestaffswithoutcomputeraccessduetothefearthatthey
mayinterferewiththeexistingsystem.Staffswithaccess,haveunlimitedaccesswhichisalsodangerous
intermsofsecurity.Studentrecordsmanipulationintheaccountsofficewassomeofthecitedissues.
3.3.3ObservationoftheWorkingEnvironmentSeveralvisitshavebeenconductedattheSchool,

https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 33/47
10/14/2016 TurnitinOriginalityReport
especiallytheaccounts,administrationdepartmentandtheComputerlaboratories.Beingatthe
administrationwasimportantforustounderstandhowthenonteachingstaffsperformtheiradministrative
proceduresonthenetwork.Variousscenariosonnetworklogonandlogoutwerecaptured,whichwill
formthebasisofcapturingofauthenticationhistoryintothesystem.3.3.4TestingoftheoldsystemAfter
theobservationsandinterviews,therewastheneedtopracticallytestfortheabilityofthesystemto
securethenetwork.Thetestwasdonetocomparewiththenewsystemtodoabetteranalysisofboth
systems,whichwillresultindrawingabetterconclusionastothedirectiontheschoolmusttake.Five
workingdayswereused.3.3.4.1ShoulderSurfingAttackShouldersurfingisanattackingtechnique
wherebyanintrudersecretlywatchausertypeshis/herpasswordwiththeintensionofusingitlater.This
attackusuallyoccurinanopenofficewheretypingofpasswordisexposedtosurroundingonlookers.
Thiswashowtheshouldersurfingtestwasconducted.Thetestwasconductedcontinuouslyforfive
workingdays.Tenintruderswhereaskedtowatchusersastheytypetheirpasswords.?Userswerenot
awarethattheywerebeingwatched.?Afterfivedaystheintrudersweremadetotrytoenterwhatthey
wereabletocapturebywatchingtheuserstypetheirusernameandpassword.?Thetable2explainsthe
result(whatoccurredontheconcurrentdayswiththesamepreamble).Table.2:Summaryoftestresults
forshouldersurfingattackexperimentDaysNumberofIntrudersSuccessFailureRemarksDay120119
FairauthenticationDay220182PoorauthenticationDay3201010FairauthenticationDay420515
GoodauthenticationDay520137WeakauthenticationTotal1005743FairauthenticationThiswashow
theexperimentwasconductedOnthefirstday,twentyuserswerewatchedastheytypedtheiruser
namesandpasswords.Elevenintruderswereabletoproducethosetheywatched,thususernamesand
passwords.Thereforetheywereabletoentertheirvictimscomputer.Preamblecontinuousuptothefifth
dayasindicatedinthetableabove.ObservationsOutof100experienceperformedwithshouldersurfing
attackontheoldsystem57oftheintrudersweresuccessful,whichmeansthatmorethan50%ofthe
intruderswheresuccessful.3.3.4.2

2BruteForceAttackInabruteforceattack,anintrudertriesallpossible
combinationofcharacterstocrackingapassword.Themorecomplexa
passwordis,themoresecureitisagainstthebruteforceattack.Themain
defenseagainstbruteforcesearchistohaveasufficientlylargepassword
space.

68Table.3:Summaryoftestresultsforguessingand

bruteforceattackexperimentDaysNumberofIntrudesSuccessFailureRemarksDay120173Poor
authenticationDay220911FairauthenticationDay3201010FairauthenticationDay420317Good
authenticationDay520020GoodauthenticationTotal1002961GoodauthenticationThiswashowthe
experimentwasconducted?Twentyintrudersweremadetoguessthepasswordofusersintheschool,
usingwordandphraseliketheirname,telephonenumbers,namesoftheirspousesandsamplenumbers
like0to9.?BruteforceAttackprograms(likeJohntherapper)wereusetoautomaticallysearchforuser
nameandpasswordsFromthetableabove,onthefirstday,twentyintruderswereallowedtouse
guessingandattackprogramstogainaccesstotheusersmachine.Theresultwasthatseventeenofthe
intrudersweresuccessfulandthreeoftheintrudersfailed.Thepreamblecontinuousuptothefifthdayas
indicatedthetableabove.ObservationsOutofhundredexperimentperformontheoldsystemtwentynine
intruderweresuccessfulwhichaccountfor29%ofsuccess.Butinnetworksecuritytermsitisbadrate,it
shouldbe0%successrate.3.3.4

23.3SocialEngineeringAttackSocialengineeringisthepracticeofobtaining
confidentialinformationbymanipulatingoflegitimateusers

Thisishowtheexperimentwasconducted.Twentyoftheintrudersweremadetocalltheusersandjust
askthemoftheirpasswordTheintrudersalsosendformthroughemailtouserstofillandintheform,they
weresupposedtoentertheirusernameandpasswordontheirmachineandsomeofthemdid.The
passwordwasassumetohelptheintrudertoinstallprogramslikegames,antivirusandmanyattractive
programsforfreefortheusers,andsomeofthemweretrickedinthatprocesstogiveouttheiruser
namesandpasswordsTable.4:SummaryoftestresultsforsocialengineeringattackexperimentDays
NumberofIntrudersSuccessFailureRemarksDay120128FairauthenticationDay220119Fair
authenticationDay320155WeakauthenticationDay4201010FairauthenticationDay520812Fair
authenticationTotal1005644FairauthenticationThetable4:explaintheexperimentOnthefirstday
twentyoftheintrudersusedbothtelephonecallandemailtrickstoobtainusernameandpasswordtwelve
oftheintrudersweresuccessfulandeightofthefailed.Thepreamblecontinueuptofifthday,asshowin
thetableabove.ObservationsOutofhundredexperimentsperformedforsocialengineeringattacks
(impersonation)fiftysixoftheintrudersweresuccessful,thataccountformorethan50%intrudersuccess
ratewhichisbad.3.3.4.4RecordinguserinformationAttackRecordinguserinformationistheuseof
spywaresoftwareinrecording

2informationaboutusers,usuallywithouttheirknowledge.Howthe

https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 34/47
10/14/2016 TurnitinOriginalityReport
experimentwasconductedSpywareapplicationorexecutablefileswereinstalledonusersmachines.A
spywarecalledmediacces.exewasinstalledontwentyoftheirmachineswiththeintenttocopythe
informationlikeusernameandpasswords.Table.5:Summaryoftestresultsforrecordinguser
informationattackexperimentDaysInstalledspywareoncomputersSuccessFailureRemarksDay12018
2PoorauthenticationDay220164PoorauthenticationDay320182PoorauthenticationDay420173
PoorauthenticationDay520173PoorauthenticationTotal1008614PoorauthenticationTable.5:
explaintheexperimentOnthefirstdaytwentyofthemachineonwhichthespywarewareinstalledwere
checked,nineteenofthemachinedatawassuccessfulrecorded,onecouldntrecordtheinformation.The
preamblecontinuesuptofifthday,asshowonthetableabove.ObservationsOutofthehundred
experimentsconductedforrecordinguserinformation84ofthespywarewasabletocopytheuser
informationleavingonly14.Thereforeitmeansthattherewasalmost90%successfulrateintheattack.
Alltheresultsoftheexperimentsperformedabovealreadygoestoprovethattheoldsystemhavealotof
defectswhichneedtobesolved.3.4DescriptionofthenewSystemTheKeystrokeDynamics
authenticationSystemisdesignedtopreventusersattheSchoolfromgainingaccesstonetworkwithout
authorization.Inaddition,thesystemisexpectedtorequireuserstolearnkeystrokedynamicstocreatea
keystrokepatternwhichshouldbeuniquetoanyuserinadditiontotheirpassword.Thesystemshouldbe
designedsuchthattheadministratorlogonfirstandpersonallycreatesanaccountforusers.Afterwhich
usersarerequiredtolearnthekeystrokedynamicswiththesystem.Afterasuccessfullearningofthekey
strokepattern,theuserisallowedtologon.Meanwhileatanypointintimethecomputerscreenis
covereduntilasuccessfullogon.3.5TheSoftwareDevelopmentLifecycle(SDLC)Thesoftware

83developmentlifecycle(SDLC)coversthewholelifeofthe

softwareproject.Thatisfrom

57feasibilitystudy,analysis,specification,design,developmentandeventhe
aspectswhichtakeplaceafterthesystemhasbeenacceptedbytheenduser

thatisoperation,maintenanceandenhancement.Forthepurposeofthisproject,thewaterfall
developmentmodelwasusedasaguidetodeveloptheKeystrokeDynamicsauthenticationSystem,since
thisisasmallscaleproject.TheWaterfallmodelisoneofthemostcommonsoftwaredevelopment
lifecyclemodelsavailable.

44Itisverysimpletounderstandanduse.Eachnextphaseinthismodelmust
beginonlyafterthepreviousphaseiscompleted.Waterfallsoftware
developmentmodelmaybeapplicabletoprojectswhere:Software
requirementsareclearlydefinedandknown

asinthecaseofthisproject

93Softwaredevelopmenttechnologiesandtoolsarewellknown

3.6.1TheWaterfallModelDiagram

60FeasibilityStudyRequirementDefinitionHighleveldesignDetaileddesign
CodeandUnittestingIntegrationandtestingOperationsMaintenanceFigure.2:
TheWaterfallModel

Diagram3.6.2ProjectVersionoftheWaterfallModelFeasibilityStudyRequirementAnalysisProduct
DesignDevelopmentandTestingInstallationandBetatestingDocumentationFigure.2:ProjectVersionof
theWaterfallModelForthepurposeofthisproject,thewaterfallmodelhasbeenmodifiedtosuitthe
natureofwhatthissystemwantstoachievewithintheprojectconstraints.3.7ExplanationofModified
WaterfallModelThisprojectisforacademicpurposes,hencerequiresthatthesoftwaretobeproducedat
theendofitallwillbeanalyzed,designedandimplemented.Lookingatthetimeconstraints,thebelieveis
that,thesystemwillnothavetheluxurytoseetheprojectthroughitsentirelifecycle,henceamodified
versionofthedevelopmentmodel.3.8

80NonFunctionalRequirementsoftheSystemInorderfortheprojectto
succeed,thesystemisexpectedto

beeasytousebyusersattheSchool.The

74Softwareshallprovideaneasytousegraphicaluserinterfacethatis
intuitive

https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 35/47
10/14/2016 TurnitinOriginalityReport
andshallgiveagraphicalrepresentationoftheactionthatuserperform.TheKeystrokeDynamics
authenticationSystemwouldbeadaptableenoughtoallowforfuturechangesshouldthebusiness
processesoftheSchoolchange.

35Thissystemshouldbeabletoexpandtomeetfuturebusinessneeds.This
shouldincludeincreasingthenumberofcomputersthatcanconnecttouse
theapplication.The

systemshouldincludetechnicalsupportandprovideupgradeswheneverpossible.TheKeystroke
DynamicsauthenticationSystemwill

35becapableofintegratingwithanyothersystem

thattheSchoolmaywishtointroducelater.Thesystemshallprovidesecureprotectiontonetwork.The
systemisexpectedtoperformverywellandenabletheappropriateuserstoLogontothesystem,

35withausernameandpassword.Administratorsshallbegivenfullrightsto
viewthesystem,addanddelete

usersinthesystem.Usersarealsorequiredtolearnkeystrokedynamicsinordertohaveaccesstothe
system.3.8.1BusinessRulesThefollowingbusinessrulesshallbefollowedandimplementedinthe
system.SystemsOwnerandAdministratorsshouldhaveextraprivileges.OnlyInformationneededbya
particularstaffshallbemadeavailabletothem.Usersshallhavethreeattemptstoenterusernamesand
passwords,afterwhichthesystemslogonscreenshallbeclosed.3.9FunctionalRequirementsTheactual
functionalitiesofthesystemtobedevelopedareoutlinedusingtheUnifiedModelingLanguage(UML)
Usecasemodelsasdetailedbelowinausecasesurvey:3.10TheUseCaseModelsThesystemwilluse
UMLUseCasemodelingtechniquetoidentifyalltherelevantactorsandtheparticulartypeoffunctions
thatthesystemcanoffereachactor.Ingeneral,theusecasemodelsshallhelptoidentifythescopeand
functionalityoftheKeystrokeDynamicsauthenticationSystem.3.10.1UseCaseSurveyTable.6:Use
CaseSurveyNAMEOFACTORDESCRIPTIONAdministratorTheonlypersonresponsibleforcreating
useraccountsNonteachingstaffThisactorlearnskeyboarddynamicsandlogonTeachersThisactor
learnskeyboarddynamicsandlogonStudentsThisactorlearnskeyboarddynamicsandlogon3.10.2Use
CasesDescriptionTable7:UseCasesDescription

81USECASEDESCRIPTIONCreateaccountThisusecasedescribeshowthe

administratorcreatesaccountsforusersLearnDynamicsThisusecasedescribeshowuserslearntheir
keystrokedynamics.LogonThisusecasedescribeshowtheuserlogonintothesystem.3.10.3UseCase
DiagramCRATEACCOUNTAdministrator<<extend>><<extend>>LEARNDYNAMICSLOGINUser
TeacherNonTeachingStaffStudentFigure.3:UseCaseDiagramoftheKeystrokeDynamics
AuthenticationSystem3.11ContextDiagram,DataFlowDiagramsandEntityRelationalDiagramsAllthe
relevantdocumentsthatareinuseattheSchoolwillbegathered,whichwillformthebasisoftheentity
relational(ER)diagramsanddataflowdiagram.Followedbytheinitialcontextdiagramforthesystemto
bedevelopedfortheSchool.Thecontextdiagramshallbeusedtodepictthesystemanditsexternal
entities.Dataflowdiagramswillbeusedtodepicttheprocessesinvolvedindeliveringlogonauthentication
system.Itwillincludethefollowing:CreatingpasswordLearningpasswordpatternandAuthenticating
usersThepurposeoftherequirementsanalysisprocessistoproducerequirementsspecifications
document,Figure.4:DataFlowDiagramInformationInformationRegistrationRegistrationInformation
RegistrationRegistrationAccountInformationRnegistration64StudentNonTeacherTeacher
InformationRegistrationLogonInformationRegistrationAdministratorRegistrationInformation
RegistrationInformationAccountCreateInformationRegistration3.12DataFlowDiagram3.13Main
ArchitectureDesignCreateAccountLoginMainformUserlearnAdministratorSetupUserFigure.5:Main
ArchitectureDesign3.14ProcessAnalysis3.16.1ContextDiagramCreateRequestofloginaccount
accountInformationofuserRegisterCreateaccountforusers.uusseerrssInformationofaccountuserID
userIDUserpasswordUserlearningdynamicBioNetLogPAToInENTSHEALTHCAREDELIVERY
SYSTEMInformationofaccountsUserIDAdminPasswordAdministratorFigure.6:ProcessAnalysis66
3.15TheAlgorithmThealgorithmoftheexistingsystemintheclientsorganizationshouldbeknown.To
buildanalgorithm,thesystemanalystneedtoobtainadetailedunderstandingofeachprocessand
analyseditingreaterdetailsThisprojectworkconsiderstheuseofdataflowdiagramstomodelthe
algorithmfortheschoolnewsystem.3.15.1TheSystemAlgorithm

76Duetotheimplementationoftheproposedsystem,fewchangeswilloccur
in

theexistingalgorithm.Step1.StartStep2.WhilenetworkIsAvailablegoto3else15Step3.DisableDesktop
andWindowsaccessStep4.GetadminkeyvaluefromregistryStep5.IfAdminKeyValueisnothinggoto
9else6Step6.EnterAdminUsernameandPasswordStep7.ConfirmPasswordStep8.CreateAdminKey

https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 36/47
10/14/2016 TurnitinOriginalityReport
Valueinregistrygoto10Step9.DisplayNoAdministratorFoundErrorMessagegoto6Step10.Enter
UsernameandPasswordStep11.IfuserisAdmingoto12else14Step12.DisplayCreateNewUser
FormStep13.CreateNewuserStep14.AllowWindowsAccessStep15.MinimizetoTaskbarStep16.Stop
673.15.2SystemFlowChartStartIsNoAvailableNetwork?MinimizetotrayiconYesNoisAdminKey
Detected?BlockWindowsAccessYesEnterUsernameandPasswordUsernameandPasswordCorrect?
NoFailed3xThresholdYesNoIsUserAdmin?AllowwindowaccessYesAddNewUserYesStop
Figure.7:SystemFlowChart3.16TheLogonProcessThescopeofthesystemtobedevelopedincludes
acceptinguserpasswordandlogoninkeystrokedynamics.Theadministratorcreatesaccountsforusers
withthenewsystemandhelpthemtogothroughthekeystrokedynamicslearningprocesses,toobtaina
wellpracticedpasswordrhythmwiththenewsystem.Thesystempreventstheuserfromhavingaccessto
theschoolnetworkuntilacorrectusernameandpasswordistypedinaparticularpatternwhichis
recognisedbythesystem.Ateacherwillhaveanewpasswordandusernametogetherwithhiskeystroke
dynamicpattern,whichwillhelphimauthenticatewiththenewsystem.Thenewsystemwillpreventother
teacherswhodonthavepermissiontousethenetworktoenterit.Itwillalsohelpinreducingnetwork
trafficwhichisaseriousproblemfornetworks.Thenonteachingstaffsaregoingtobeassuredofthe
factthatintrudersarenotgoingtointerferewiththeirdataduetothenewauthenticationsystem.Student
areonlyallowedtothesystemwhentheyareauthenticated,thisreducesthenetworktrafficdrastically
andimprovessystemefficiency.3.17BackEndDesignThesystemwillusebinaryfileasthebackend,
thatisafilewhosecontentmustbeinterpretedbyaprogramorahardwareprocessorthatunderstandsit.
BinaryfileformathastheadvantagesThefileissmallerduetotheformat.

45Binaryformatsalsoofferadvantagesintermsofspeedofaccess

Binaryfiles

45aremoreefficient,intermsofmemorystoringvaluesusingnumeric
formats,suchasIEEE754,ratherthanastextcharacters,whichtendstouse
morememory.Codedatabaseinbinary

formattoavoidpasswordhacking.3.18FrontEndDesignMicrosoftVisualBasic.Net2008IDEwillbe
usedforthefrontenddesign,thereasonsbeingthat:The

63structureoftheVisualBasic.Netprogramminglanguageisverysimple,
particularlyastothereadabilityoftheexecutablecodes.VB.Netprovides

theDotNetframeworkthat

41isnotonlyalanguagebutprimarilyanintegrated,interactivedevelopment
environment("IDE").TheVBIDEhasbeenhighlyoptimizedtosupportrapid
applicationdevelopment("RAD").Itisparticularlyeasytodevelopgraphical
userinterfacesandtoconnectthemtohandlefunctionsprovidedbythe
application.Sincethechoiceof

usersaremainlyaveragecomputerliterates,theflexiblevisualinterfacewillallowtodevelopprototypes
asquicklyaspossible,tohelpsolicitusersviewinmodifyingthemodulesasandwhentheyare
developed.

48ThegraphicaluserinterfaceoftheVBIDEprovidesintuitivelyappealing
viewsforthemanagementoftheprogramstructureinthelargeandthe
varioustypesofentities(classes,modules,procedures,forms).

3.29Technical/HardwareRequirementsThefrontendapplicationsoftware(whichwouldbedeveloped
usingVisualBasic.Net2008version)shallbeinstalledonallclientcomputersattheSchool
(administration,andacademicdepartments).Backenddatabasewillbewrittentobinaryfile.Inorderfor
theinstallationoftheapplicationtobesuccessful,thesystemshallrequirethefollowinghardware
equipmenttobeinstalledattheSchool:3.20HardwareEquipmentTable.8:HardwareRequirementsItem
NameMinimumSpecificationsHPProLiantG5ServerM3603.6GHzSpeed,2GBMemory4x146HDD,
RackMountable,SupportsRaid5Windows2008ServeroperatingsystemClientworkstationIntel1.8GHz
speed,WindowsXPoperatingsystem1GBMemory,80HDDLocalAreaNetwork(LAN)Networkspeedof
about100/1000MbpsSwitchSupportsupto100/1000MbpsPowerfulNetworkPrinterTobeplacedatthe
administrationtoprintstudentsreports3.21

50TestingThegeneralaimoftestingistoaffirmthequalityofsoftware
systemsbysystematicallyexaminingthesoftwareincarefullycontrolled
circumstances.Testingshouldhavethemajorintentoffindingerrors.

https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 37/47
10/14/2016 TurnitinOriginalityReport

Thesystemusedbothunitandintegratedtesting.Eachmoduleoftheapplicationdevelopedhasbeen
testedthoroughlytoensurethatitsuitsthedesignspecification.Thetestedmoduleshavebeenintegrated
usingtestdatatoensurethatthemodulescanoperatetogetherwithoutanyproblems.Oneofthetests
thatwasveryimportanttotheschoolwassystemtest.Hardwareandsoftwaretestingwareconductedto
ascertainhowtheBionetlogonwillfunctiononwindowsoperatingsystemandtheminimumhardware
requirementthatwillbeneeded.ThefollowingStepswerefollowedfortesting.3.21.1StaticandDynamic

40TestingStatictestingincludesreviewofdocumentsrequiredforthe
softwaredevelopment.

40Allthedocumentsrelatedtocustomerrequirementsandbusinessrulesthat
arerequiredforsoftwaredesignanddevelopmentshouldbehandedoverto

theprojectworksupervisor.Thedocumentswerereviewed.The

40reviewingofdocumentsincludescomprehensiveandthoroughstudyofthe
documents.Discrepancyfound

inthemwerenotedandfigureoutwhysuchdiscrepancies,sothatitwillnotoccuragain.Dynamictesting

53dealswithspecificmethodsforascertainingandorapproximatingsoftware
qualitythroughactualexecutions,i.e.withrealdataandunderreal(or
simulated)circumstances.

AftertheseTestcasesandtestscenariosareprepared.AReportofbugswasprepared,whichhelpedin
thefurtherdebuggingofthecodes.ThesystemshallfirstbeimplementedontheAnglicanSeniorHigh
Schoolnetworkaftertesting.Believeisthatmoreinstitutionswillexpressinterestinthesystemifitableto
serveitspurpose.3.22ImplementationAftersuccessfultestingofthenewauthenticationsystem,
NetBiologonsoftwarewasimplementedtotestagainstthetraditionalattacksdiscoveredattheschool,
thusAnglicansecondaryschool,whichincluded:shouldersurfingRecordinguserinformationSocial
engineeringGuessingandBruteforce3.22.1

2ShoulderSurfingSimplewaytoobtainauserpasswordistowatchhim
duringauthentication.

Itwasobservedthatuserpasswordswerebeingspyonbyothers,becauseofthefactthattheiroffices
wereanopenone,whichreducesconfidentialitytopasswords.TherewereCCTVcamerasattheirstore
rooms,whichfacilitatedshouldersurfing.When

2keystrokedynamicswasusedinverificationoridentificationmode,Shoulder
surfingnolongerbecameathreatfortheauthentication.Sincepasswordalone
isnotusedintheidentificationcaseandthereforethepasswordcannotbe
stolen.

Table.9:SummaryoftheResultsofTestedAttackforShoulderSurfingExperimentDaysNumberofusers
watchedSuccessFailureRemarksDay120020ExcellentAuthenticationDay220020Excellent
AuthenticationDay320020ExcellentAuthenticationDay420020ExcellentAuthenticationDay520020
ExcellentAuthenticationTotal1000100ExcellentAuthenticationThiswashowtheexperimentwas
conductedOnthefirstdaytwentyuserswerewatchedandnoneoftheintruderswereabletoproduce
keystrokedynamicspatternpasswordofuserstheywatched.Thereforetheywereabletoentertheir
victimscomputer.PreamblecontinuoustothefifthdayasindicatedinthetableaboveObservation
Shouldersurfingattackwastestedwiththenewsystem,thusthekeystrokedynamicsauthentication
systemandtheresultwasremarkable.0%oftheattackersweresuccessful,whichmeans100%failure.
Theattackerswereabletocapturethepasswordbutwerenotsuccessful74becausekeystrokedynamics
arenotjustaboutpassword,italsorequirespatternsandsequences.Theyfailedbecausetheycouldnot
getthepatternandthesequences.3.22.2RecordingUserInformationSpywaresaresoftwarethatcan
recordinformationaboutusersduringauthentication.Theuseofinternetattheschoolincreasesthe
chanceofspywaresattacks,whichrecordsuserstyping.Keystrokedynamicsisnotjustaboutusername
andpasswordalone,italsoaboutsequencesandpatternswhichmakesitdifficultforthesespywares
softwaretorecord.Table.10:SummaryoftheResultsofTestedAttackforRecordingUserInformation
ExperimentDaysInstalledofspywareoncomputersSuccessFailureRemarksDay120218Excellent
AuthenticationDay220020ExcellentAuthenticationDay320020ExcellentAuthenticationDay420020

https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 38/47
10/14/2016 TurnitinOriginalityReport
ExcellentAuthenticationDay520020ExcellentAuthenticationTotal100098ExcellentAuthentication
ThisishowtheexperimentwasconductedSpywareapplicationsuchasTrojanviruswasinstalledonthe
twentyusercomputers,withtheaimofrecordingtheirauthenticationinformation.Onthefirstdayonlytwo
oftheuserrecordswereabletocapturebythespywarevirus.Preamblecontinuoustothefifthdayas
indicatedinthetableabove.ObservationTestingtherecordingofuserinformationattacktechnique
againstkeystrokedynamicsauthenticationsystemwasabout98%failure.

2Spywareisprobablythebestandeasiestwaytocrackkeystrokedynamics
authenticationsystem,if

theintruderintentionallyinstallaTrojanviruswhichrecordsallinformationtoreproducetheusers
keystrokepattern.3.22

23.3SocialEngineeringSocialengineeringisthepracticeofobtaining
confidentialinformationbythemanipulationoflegitimateusers.Becauseof
social

bondingattheschool,peopleentrusttheirpasswordtofriends.Othersareabletotrickpeopletogiven
theirpasswordthroughtelephonecallandotherformsofconversations.Onthe

2firstsight,socialengineeringisnotpossiblewithkeystrokedynamics.Inthe
identification

stagepasswordpatternsthatcould

2begivenaway,notevenonpurpose.Askingforpasswordonthephoneand
pretendingtobetheauthorizeduserwasnot

possible.Table.11:SummaryoftheResultsofTestedAttackforSocialEngineeringExperimentDays
NumberofuserswatchedSuccessFailureRemarksDay120020ExcellentAuthenticationDay220020
ExcellentAuthenticationDay320020ExcellentAuthenticationDay420020ExcellentAuthentication
Day520020ExcellentAuthenticationTotal1000100ExcellentAuthenticationTable.11:explainthe
experimentOnthefirstdaytwentyoftheintrudersusedimpersonationtypeofsocialengineeringattack
onusers,bycallingandsendingthemEmailstotrickthemtogivetheirkeystrokedynamicsauthentication
patternpasswordtotheintruders.Althoughtheintrudersweresuccessfulingettingthepasswordsfrom
theusers,theycouldnotbeabletotypeinthepatternknowntothenewsystem.Sothereforethe
intruderscouldnotlogontotheuserscomputers.Preamblecontinuoustothefifthdayasindicatedinthe
tableabove.ObservationTestingkeystrokedynamicsagainstsocialengineeringattack,thesuccessrate
was0%.

2However,thesuccessratewillprobablybeverylow.

2Intheidentificationcase,thereisnopasswordthatcanbegivenaway,not
evenonpurpose.

3.22.4Guessingand

2BruteForceInthebruteforceattack,anintrudertriesallpossible
combinationsofcharacterstocrackapassword.Themorecomplexapassword
is,themoresecureitisagainstbruteforce

attack.Itwasrealizedthatstudentattheschoolhavetriedandevenonsomeoccasionsbeenableto
breakintotheschoolmainserverbycontinuouslyguessingandusingcombinationofcharacters.The

2maindefenseagainstbruteforcesearchistohaveassufficientlylarge
passwordspace.Thepasswordspaceofkeystrokedynamicsauthentication
schemeisquitelarge.Itisnearlyimpossibletocarryoutabruteforceattack
againstkeystrokedynamics.Theattackerorprogramneedtoautomatically
generatekeystrokepatternsandimitatehumaninput.Whenkeystroke
dynamicsareusedintwofactorauthenticationmechanism,thatispassword
andkeystroke.Itwasalmostimpossibletooverpowerthesecuritysystem.

https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 39/47
10/14/2016 TurnitinOriginalityReport
Table.12:SummaryoftheResultsofTestedattackforGuessingandBruteForceExperimentDays
NumberofuserswatchedSuccessFailureRemarksDay120020ExcellentAuthenticationDay220020
ExcellentAuthenticationDay320020ExcellentAuthenticationDay420020ExcellentAuthentication
Day520020ExcellentAuthenticationTotal1000100ExcellentAuthenticationThiswashowthe
experimentwasconductedBruteforceAttackprogramswereinstalledontwentyusercomputersto
automaticallysearchforuserskeystrokedynamicspatternpasswords.Fromthetableabove,onthefirst
day,theresultswerethatnoneofthetwentyintruderprogramswereabletocapturethekeystroke
dynamicspatternpasswords.Thepreamblecontinuoustothefifthdayasindicatedthetableabove.
ObservationIntheguessingandbruteforceattachtechnique,0%wassuccessfulagainstthekeystroke
dynamicsauthenticationsystem.Theattackerorprogram

2needtoautomaticallygeneratekeystrokepatternandimitatehumaninput.If
keystrokedynamicsareusedinatwofactorauthenticationmechanismthatis
passwordandkeystrokedynamicspatterns,itisalmostimpossibleto
overpowerthesecondarysystem,

thuskeystrokedynamicspatterns.3.22.5

2DictionaryAttackAdictionaryattackisatechniquefordefeating
authenticationmechanismbytryingtodetermineitspassphrasebysearching
alargenumberofpossibilities.Incontrasttoabruteforceattack,whereall
possibilitiesaresearchedthroughexhaustively,adictionaryattackonlytries
possibilitiesthataremostlikelytosucceed,typicallyderivedfromalotof
wordsinadictionary.

Intheschoolcase,dictionaryattackshavealsobeennotedwherestudentsdownloadsoftwarefromthe
internettocarryouttheseattacks.Asfordictionaryattack,itwasimpracticalandbarelyimpossibleto
carryitoutagainstkeystrokedynamicsauthenticationmechanism.CHAPTER4AnalysisTheanalysiswill
comparetheresultsofboththeoldnewsystemsexperimentstoestablishthecleardifferencesbetween
thetwosystemswithrespecttosecurityofauthenticationattheschoolnetwork.4.1Thesystems
experimentresults.Theoldandnewsystemsweretesteduponbyattackmechanisms,thussocial
engineeringshouldersurfing,bruteforceandrecordinguserinformation.Resultsforshouldersurfing
techniqueattack.Fortheoldsystem,outofhundredintrudersusedintheexperiment,asalreadystatedin
theexperimentinchapterthree,fiftysevenoftheintrudersweresuccessfulwhilefortythreefailedinthe
attempttoauthenticate,usingtheusernameandpasswordobtainedfromtheshouldersurfingtechnique.
Sincehundreduserswereusedintheexperiment,itmeans57usersaccountfor57%,soinvariablymore
than50%succeededintheattack.Whereasthenewsystemalsoproducedthefollowingresultsfromthe
testconducted.Outofthehundredusers(intruders)usednoneofthemwereabletousetheshoulder
surfingtechniquetoattackthenewsystem.0%successfuland100%failure.Socialengineeringresults
Outofhundredusersusedfortheexperimentforthesocialengineeringattackontheoldsystem,56%of
theintrudersweresuccessful,while44%failedintheattempttoauthenticateusingthesocialengineering
techniques.Withtheuseof100users,56accountsfor56%success.Soinvariably,morethan50%
intrudersweresuccessfulintheattack.Butthetestonthenewsystemusingsocialengineeringattack
experimentsproducedthefollowingresults.Outofthehundreduserused,noneoftheintruderscould
succeedinbreakingintothenewsystem.Therefore100%failedand0%successful.Bruteforceattack
resultsInreferencetochapterthree,theoldsystemexperimentresultshowsthat29%intruderswere
successful,while61%ofthemfailedintheattempttoauthenticateusingbruteforceattack.Theteston
thenewsystemusingbruteforceandguessingattackexperimentbroughtaboutthefollowingresults.
Hundredintruderswereused,Nointruderwassuccessfulinbeatingthenewsystem,whichimplythat
100%failedand0%succeeded.RecordinguserinformationresultattackAsalreadystatedinthe
previewsexperiments,hundredusersagainwereputtotaskand86ofthesoftwaresonthemachines
weresuccessfuland14ofthemfailedinrecordingtheuserinformation.Using100machinesforthe
experimenttheresultgoestoprovethat86%ofthemachineswerevenerabletotheattackwhileonly14%
ofthemwereableresisttheattack.ThetestconductedonthenewsystemusingRecordinguser
informationtechniqueshowedthat,outofhundredusers(intruders)used,onlytwooftheinstalled
spywaresoftwareswereabletorecordkeystrokedynamicspatternsoftheusers.98%failedand2%were
successful.4.2ConclusionofAnalysisFromtheexperimentconductedforbotholdandnewsystem,the
oldsystemhadanaverageof40%failureoftheattackwhiles57%oftheattacksweresuccessful.57%of
successinattacktoasystemshowsveryhugerisktothesystemwhichwillrequireabettersystemtostop
thislargesecurityrisktotheschoolnetworkingsystem.Upontheinstallationofthenewsystemandtest
conducted,thesearetheresultsobtained.Anaverage99.5%oftheexperimentedattackersfailed,itwas
0.5%marginofrisk.ThisriskmarginswasfoundintheRecordinguserinformationattacktechnique.

2Spywareisprobablythebestandeasiestwaytocrackintokeystrokedynamics
authenticationsystem.Iftheuser

intentionallyinstallanattackingsoftwaresuchastrojanhorseviruswhichrecordsallinformation.4.3
ResultAfterImplementationofKeystrokeDynamicsAftertheimplementationofkeystrokedynamics

https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 40/47
10/14/2016 TurnitinOriginalityReport
followinggeneralobservationsweremade.4.3

4.1UniquenessKeystrokeeventcanbemeasureduptomillisecondsprecision
bysoftware.Thus,itisimpracticaltoreplicateoneskeystrokepatternatsuch
highresolutionwithoutenormousamountsofeffort.4.3.2Transparencyand

Noninvasiveness

4Oneofthesignificantedgekeystrokedynamicsbiometricshasoverother
optionsisthedegreeoftransparencyitprovides.Itrequiresnoneorminimal
alterationtouserbehavioursincethecaptureofkeystrokepatternisdone
throughbackendsoftwareimplementation.Inmostcases,usermightnotbe
evenawarethattheyareprotectedbyanextralayerofauthentication.This
simplicitynotonlyconsiderablyfavourssystemdesignerbutalsotothoseend
userwithlittleornotechnicalbackground.4.3.3IncreasePasswordStrength
andLifespanPasswordhasbeenthemostwidelydeployedidentity
authenticationmethods,despitethesystemsthatrelysolelyonsingle
credentialsetconstituteweaknessandvulnerability.Researchershave
identifiedkeystrokedynamicsbiometricsasaprobablesolutionthatisableto
atleastaddanextralayerofprotectionandincreasingthelifespanof
password.Keystrokedynamicsbiometricsprovidesthecapabilitytofusethe
simplicityofpasswordschemewithincreasedreliabilityassociatedwith
biometrics.Byusingkeystrokedynamicsbiometrics,usercanfocuson
creatingastrongpasswordwhilstavoidbeingoverwhelmbydifferentsetsof
password.4.3.4ReplicationPreventionandAdditionalSecurityKeystroke
patternsarehardertobereproducedthanwrittensignatures.Thisisbecause
mostsecuritysystemsonlyallowlimitednumberoferroneousinputattempts
beforelockingdowntheaccount.Additionally,integrationofkeystroke
dynamicsbiometricsleaverandompasswordguessingattackobsolete,and
stolencredentialsbecomeentirelyinsignificant,sincesuccessfulpossession
ofsecretkeyisonlyamereconditionoftheentireauthenticationchain.Evenif
itdoesgetcompromised,anewtypingbiometrictemplatecanberegenerated
easilybychoosinganewpassword.4.3.6

DisadvantagesLowerAccuracyThesystemwas

4inferiorintermsofauthenticationaccuracyduetothevariationsintyping
rhythmthatwascausedbyexternalfactorssuchasinjury,fatigue,or
distraction.Nevertheless,otherbiometricsystemsarenotsparedbysuch
factorseither.

4LowerPermanenceMostbehaviouralbiometricsgenerallyexperiencelower
permanencycomparedtophysiologicalbiometrics.Typingpatternofahuman
maygraduallychangefollowingthecustomizationtowardsapassword,
maturingtypingproficiency,adaptationtoinputdevices,andother
environmentalfactors.However,researchershaverecommendedmethodsto
constantlyupdatestoredkeystrokeprofilethatmayresolvethisissue.

4.3.7

4SystemEvaluationCriteriaTheeffectivenessofakeystrokedynamics
authenticationsystemisusuallygaugedbytherecognitionrateofthesystem.
However,inordertoputforwardthistechnologyintorealworldpractice,
equalweightsshouldbeputinconsiderationonseveralotheressentialcriteria
asshownbelow.4.3.8EffectivenessEffectivenessindicatestheabilityofa
methodtocorrectlydifferentiategenuineuserandimposter.Performance
indicatorsemployedbytheresearcharesummarizedasfollow.FalseRejection
Rate(FRR)referstothepercentageratiobetweenfalselydeniedgenuineusers

https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 41/47
10/14/2016 TurnitinOriginalityReport

againstthetotalnumberofgenuineusersaccessingthesystem,occasionally
knownasFalseNonmatchRate(FNMR)ortype1error.AlowerFRRimplies
lessrejectionandeasieraccessbygenuineuser.FARisdefinedasthe
percentageratiobetweenfalselyacceptedunauthorizedusersagainstthetotal
numberofimpostersaccessingthesystem.TermssuchasFalseMatchRate
(FMR)ortype2error,referstothesamemeaning.AsmallerFARindicates
lessimposteraccepted.EqualErrorRate(EER)isusedtodeterminethe
overallaccuracyaswellasacomparativemeasurementagainstothersystems.
ItmaybesometimesreferredtoasCrossoverErrorRate(CER).Result
comparisonportrayedinthenextsectionwillmainlybeexpresswithFAR,
FRR,andEER.4.3.9EfficiencyTheefficiencyreferstothecomplexityof
methodemployed,whichnormallyconsideredbetterifComplexityislower.A
computationallyexpensivemethoddoesnotonlyputmountedstrainto
hardwarebutalsofrustratesuserwithlongerwaitingtime.4.3.10Adaptability
andRobustnessAdaptabilityimpliestheabilityofasystemtoaccommodate
gradualtypingchangesofuseracrosstime.Robustnessindicatesthe
capabilitytoworkwellwithusersfromdiverseprofessionswithdissimilar
typingproficiencies.

CHAPTER5ConclusionThisprojectworkaddressesthe

5practicalimportanceofusingkeystrokedynamicsasabiometricfor
authenticatingaccesstoworkstationsofanetwork.Keystrokedynamicsisthe
processofanalysingthewayuserstypebymonitoringkeyboardinputsand
authenticatingthembasedonhabitualpatternsintheirtypingrhythm.The
currentstateofkeystrokedynamicsandpresentclassificationtechniques
basedontemplatematchingandBayesianlikelihood

modelwerereviewed.Theargumentwas

14that,althoughtheuseofabehaviouraltrait(ratherthanaphysiological
characteristic)asasignofidentityhasinherentlimitations,whenimplemented
inconjunctionwithtraditionalschemes.Keystrokedynamicsallowsforthe
designofmorerobustauthenticationsystemsthantraditionalpasswordbased
alternativesalone.TheinherentlimitationsthatarisewiththeuseofKeystroke
dynamics,asanauthenticationmechanismareattributedtothenatureofthe
referencesignature"anditsrelationshiptotheuserrecognizingusersbased
onhabitualrhythmintheirtypingpatternusesdynamicperformancefeatures,
thatdependuponanact(therhythmisafunctionoftheuserandthe
environment).Theproblemwithkeystrokerecognitionisthat,unlikeother
nonstaticbiometrics(suchasvoice)therearenoknownfeaturesorfeature
transformationswhicharededicatedsolelytocarryingdiscriminating
information.Fortunately,inthepastfewyearsresearchers

(Joyce

87etal,1990,Maharetal,1995,andMonroseetal,

1997)

5havepresentedempiricalfindingsthatshowthatdifferentindividualsexhibit
characteristicsintheirtypingrhythmthatarestrikinglyindividualisticandthat
thesecharacteristicscanbesuccessfullyexploitedandusedforidentification
purposes.

This

5researchsupportstheobservationof(Maharetal,1995)inthatthereis
significantvariabilitywithwhichtypistproducesdigraphs.Hence,theresearch

https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 42/47
10/14/2016 TurnitinOriginalityReport

suggeststheuseofdigraphspecificmeasuresofvariabilityinsteadofsingle
lowpassfilters.Additionally,theresearchargueinfavouroftheuseoffreetext
thusallowinguserstotypeanytextoftheirchoice(i.e.,freetext")duringthe
identificationlearningprocess.Whilerecognitionbasedonstructuredtextmay
bemoredesirable,structuredtextrecognitionwasobservedtovarygreatly
underoperationalconditions.

5.1SummaryoftheResearchThesummaryoftheresearchdrawnbasedonthefindingsand
recommendationsmadearediscussedbelowwarefocusedon

85objectivesoftheresearchstudy.5.1.1FindingsThe

argumentis

14thatalthoughtheuseofabehaviouraltrait(ratherthanaphysiological
characteristic)asasignofidentityhasinherentlimitations,whenimplemented
inconjunctionwithtraditionalschemes.Keystrokedynamicsallowedforthe
designofmorerobustauthenticationsystemsthantraditionalpasswordbased
alternativesalone.Oneofthe

23problemwithkeystrokerecognitionisthatunlikeothernonstaticbiometrics
(suchasvoice)therearenoknownfeaturesorfeaturetransformationswhich
arededicatedsolelytocarryingdiscriminatinginformation.

Belowareimportantfactorsthatare

4directlyrelatedtouseracceptabilitytothetechnology.Thetechnologyshould
offeruserasmuchcomfortableandtransparencyaspossiblebynot
overloadinguserwithlonginputs,memorizationofcomplexstrings,or
providehugeamountsofrepetitiveinput.

Otherthantheuserandimpostortypingstyle,noneoftheothertestedtraits(i.e.,age,gender,or
dominanthand)werefoundtohaveasignificanteffectontheexperiment.Theexperimentcontinuesto
havethelowestmissrates(i.e.,thechanceofsuccessfullyevadingdetection),acrossmostfeaturesets,
typingtasks,amountsoftraining,updatingstrategies,andimpostorfamiliaritylevels.Impostorswho
becomefamiliarwithatypingtaskoftensignificantlyincreasetheirmissrate.Employinganupdating
strategysignificantlyreducesmissratesacrosstheexperimentandtypingtasks.Ineachinvestigation,we
drewtheseconclusionsbyevaluatingexperimentsundersystematicallyvariedconditions.Wecompared
ourfindingstothoseofearlierworks,ineachinvestigation,bydrawinginferencesusingdifferent
experiments.wewereabletomakediscoveriesandunderstandphenomenainwaysthatwouldnothave
beenpossiblewithoutthiswork.5.1.2RecommendationsSystemadministratorsshouldbeencouragedto
usekeystrokedynamicsauthenticationsystemtosecuretheirnetworks.5.2AreaofapplicationThis
softwareisdesigntosecurenetworkfromunauthorizeduserinanetworkenvironment.Networkcomes
withalotofbenefitincludingsharingofresources,butwithinherentriskofhackingbyanintruder.

91Thishasledtothedevelopmentofthissoftware,

whichisintendedtopreventnetworkintruders.Aninstitutionthataredelicateandusesnetwork
infrastructureslikebanks,schools,militaryinstallationsandmanyotherscanusethissystemtoprevent
intrudersfromtheirnetwork.5.3FurtherworkDevelopersofkeystrokerelatedsystemsshouldcomeout
withtheversionsthatcanbeinstalledonnonMicrosoftOperatingSystemsoftwareprogrammes,suchas
LinuxDevelopersshouldbeabletocomeoutwithsystemthatcanperiodicallychecktoensure

10thatthecurrentuseristhesameuser

authenticatedearlier.REFERENCES

2Accesssecurity,Computers&Security,22,695706,2003.

Ahmedetal.AnomalyIntrusionDetectionbasedon

https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 43/47
10/14/2016 TurnitinOriginalityReport

2AnilK.Jain,ArunRossandSalilPrabhakar2,AnIntroductiontoBiometric
Recognition.

Benny

6,SecuringPasswordsAgainstDictionaryAttacks,CCS02,1822,November
2007.Bergandoetal,UserAuthenticationthroughkeystrokeDynamics,
ACMtransactiononInformationSystemSecurityVol.No.5,pg367397,Nov
2002.

Bragg,2002,DistanceEducator.com,2000.Biometrics,ProceedingsoftheIEEE,2005.

47BrownetalUserIdentificationviaKeystrokeCharacteristicsofTyped
NamesUsingNeuralNetworks

1993.Brown,

6UserIdentificationviaKeystrokeCharacteristicsofTypedNamesusing
NeuralNetworks.InternationalJournalofManMachineStudies,vol.39,pp.
9991014,1993.Choetal,Webbasedkeystrokedynamicsidentityverification
usingneuralnetwork,Journaloforganizationalcomputingandelectronic
commerce,Vol.10,No.4,295307,2000.

Downland,etal,

6Alongtermtrailofkeystrokeprofilingusingdigraph,trigraphandkeyword
latencies,inproceedingsofIFIP/SEC19thInternationalConferenceon
InformationSecurity,pages275289,2004.

Guven,etal,

54Understandinguserskeystrokepatternsforcomputer

49InternationalJournalofAdvancedResearchinComputerand
CommunicationEngineeringVol.3,Issue10,October2014

Janakiramanetal,2007.Karnan,etal,

20"PersonalAuthenticationBasedonKeystrokeDynamicsUsingSoft
ComputingTechniquesetal",SecondInternationalConferenceon
CommunicationSoftwareandNetworks,Pp.334338,2010.

Joyceetal.,

6IdentityAuthenticationBasedonKeystrokeLatencies,Communicationsof
theACM,vol.39pp168176,1990.Lawrenceetal,ComparingPasswords,
Tokens,andBiometricsforUserAuthentication,ProceedingsoftheIEEE,
Vol.91,No.12,Dec,pp.20192040,2003.Leggett,

70etal,DynamicIdentityVerificationviaKeystroke
Characteristics.InternationalJournalofManMachineStudies,

1991.Maxionetal,2010.Monrose,etal,

54KeystrokeDynamicsasaBiometricforAuthentication.FutureGeneration
ComputerSystems,16(4)pp351359,1999.Monrose,etal.,

https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 44/47
10/14/2016 TurnitinOriginalityReport

52AuthenticationviaKeystrokeDynamics,Proceedingsofthe4thACM
ConferenceonComputerandCommunicationsSecurity,p4856,April1997.
Obaidat,etal,Verificationofcomputerusersusingkeystrokedynamics,
IEEETransactionsonSystems,Man,andCybernetics,PartB

27(2):261269,April1997.Shanmugapriya,etal,

29ASurveyofBiometrickeystrokeDynamics:Approaches,Securityand
Challenges,(IJCSIS)InternationalJournalofComputerScienceand
InformationSecurity,ISSN19475500,Vol.5,No.1,2009.

Napieretal

6KeyboardUserVerification:TowardanAccurate,EfficientandEcological
ValidAlgorithm.InternationalJournalofHumanComputerStudies,vol.43,
pp213222,1995.

Furnell,etal,

51UserAuthenticationforKeypadBasedDevicesusingKeystroke
Analysis.MScThesis,UniversityofPlymouth,UK,2000.Obaidatetal
,Computeruserverificationusingtheperceptron,IEEETrans.onSystems,
Man,andCybernetics,

2vol.23,no.3,pp.900902,May1993.

Sogukpinar.etal

59(2004),Useridentificationatlogonviakeystrokedynamics,Journalof
ElectricalandElectronicsEngineering,Vol.4,No.1,9951005.

2VideoBasedBiometrics,Vol.14,No.1,January2004.

Choetal,

73Keystrokedynamicsidentityverificationanditsproblemsandpractical
solutions,Computers&Security,2004.Furnell,etal,

2AuthenticatingmobilephoneusersusingkeystrokeanalysisInternational
JournalofInformationSecurity,6(1):114,2007.

Dawnetal,1997.Difference

14inDigraphLatencyDistributions.Int.JournalofHumanComputerStudies,
43:579592,1995.

23DigraphLatencyBasedBiometricTypistVerificationSystems:Interand
IntraTypists

DistanceEducator.com,(August,2013).Dowland

86etal,2004.Wagneretal,2004Monroseetal.

https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 45/47
10/14/2016 TurnitinOriginalityReport

67AuthenticationViaKeystrokeDynamics.Francescoetal.FourthACM
ConferenceonComputerandCommunicationsSecurity,Pages4856,1997.

Gunettietal,

2Keystrokeanalysisoffreetext,ACMTransactionsonInformationand
SystemSecurity,volume8,pages312347,2005.

Choetal,

2Retrainingakeystrokedynamicsbasedauthenticatorwithimpostor
patterns,Computers&Security,26(4):300310,2007.

KevinCMUCS12100January2012.Pin

2etal,StatisticalFusionApproachonKeystrokeDynamics,Third
InternationalIEEEConferenceonSignalImageTechnologiesandInternet
BasedSystem,2007.

Joyceetal.

14IdentityAuthorizationBasedonKeystroke.2001Latencies.
CommunicationsoftheACM,33(2):168{176,February1990.}

47Gaines,etal.Authenticationbykeystroketiming:somepreliminaryresults.
RandreportR256NSF.RandCorporation,1980.

Obaidat,etal,

61B.:Verificationofcomputerusersusingkeystrokedynamics.IEEE
TransactionsonSystems,ManandCybernetics27(1997)Pages261269.

66UniversityofTorino(2002)TransactionsonInformationandSystem
Security,Vol.5,No.4,November2002,Pages367397.

Magnus,1990,2009Margaretwhatis.com(2007),(accessedNovember,2014).Sogukpinaretal

29Asurveyofbiometrickeystrokedynamics:Approaches,Securityand
Challenges(IJCSIS)InternationalJournalofComputerScienceand
InformationSecurity,Vol.5,No.1,2009.

WWW.Symetric.ca,(accessed2015June19).www.biopassword.com(accessed2014May).Appendix
UserManualWindowsSystemRequirementsMinimumrequirements:Intel1.8GHzspeed,WindowsXP
operatingsystem1GBMemory,80HDD

5616XCDROMDrive360MBFreeHardDiskspace*16bitcolourmonitor800x
600ResolutionsWindowscompatiblesoundcardWindowscompatible
mouse

Acolourprinterwith300dpiorbetterisrecommended.InstallingBionetlogonSystemAfterinstallingthe
programfromtheCD,BioNetLogontheSystem

30runsfromyourharddrive.Tocompletetheinstallation,360MBfreespaceis
requiredonyourharddrivetostoreprogramfiles.Closeallprogramsand
applicationsbeforeinstalling.

WhenusingBioNetLogonSystemunderatypicalinstallation,

https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 46/47
10/14/2016 TurnitinOriginalityReport

30theseinstructionsassumethattheAutoPlayfeatureisturnedon.Windows
Insertthe

BioNetLogonSystem

30CDintheCDROMdrive.Followtheonscreeninstructionstocompletethe
setupprocess.The

30setupprogramplacesBioNetLogonSystemfileiconsinthestartmenu.

99StepstoSetupsAdministratorEnteradministratordetailsintoformthususername,passwordand
confirmit.Clickokbottomtosave.RestartthesystemforBioNetLogonsoftwaretostartrunning.
EnterlogondetailsthusadministratorusernameandpasswordforauthenticationUsethelogonlearner
windowtolearnthekeystrokeDynamicspatternorrhythm.Savelearntkeystrokepattern.Addnew
usertothesystem.StepstoSetupUserEnteruserdetailsintoformthususername,passwordand
confirmit.Clickokbuttontosave.UsethelogonlearnerwindowtolearnthekeystrokeDynamics
patternorrhythm.Savelearntkeystrokepattern.Enterlogondetailsthus

71usernameandpasswordforauthentication.12345678910

131415161718192021222324252627282930313233343536373839404142434445
464748495051525354555657585960616263656869707172737576777879808182
83848586878889909192939495969798100101

https://www.turnitin.com/newreport_printview.asp?eq=0&eb=0&esm=0&oid=720756931&sid=0&n=0&m=0&svr=09&r=87.2921191671043&lang=en_us 47/47

You might also like