• Journal of Korea Multimedia Society
• /
• v.17 no.8
• /
• pp.968-976
• /
• 2014

Authentication methods on smartphone are demanded to be implicit to users with minimum users' interaction. Existing authentication methods (e.g. PINs, passwords, visual patterns, etc.) are not effectively considering remembrance and privacy issues. Behavioral biometrics such as keystroke dynamics and gait biometrics can be acquired easily and implicitly by using integrated sensors on smartphone. We propose a biometric model involving keystroke dynamics for implicit authentication on smartphone. We first design a feature extraction method for keystroke dynamics. And then, we build a fusion model of keystroke dynamics and gait to improve the authentication performance of single behavioral biometric on smartphone. We operate the fusion at both feature extraction level and matching score level. Experiment using linear Support Vector Machines (SVM) classifier reveals that the best results are achieved with score fusion: a recognition rate approximately 97.86% under identification mode and an error rate approximately 1.11% under authentication mode.

• International Journal of Fuzzy Logic and Intelligent Systems
• /
• v.15 no.4
• /
• pp.295-299
• /
• 2015

The developed security scheme for user authentication, which uses both a password and the various devices, is always open by malicious user. In order to solve that problem, a keystroke dynamics is introduced. A person's keystroke has a unique pattern. That allows the use of keystroke dynamics to authenticate users. However, it has a problem to authenticate users because it has an accuracy problem. And many people use passwords, for which most of them use a simple word such as "password" or numbers such as "1234." Despite people already perceive that a simple password is not secure enough, they still use simple password because it is easy to use and to remember. And they have to use a secure password that includes special characters such as "#!($^*$)^". In this paper, we propose the automatic fortified password generator system which uses special characters and keystroke feature. At first, the keystroke feature is measured while user key in the password. After that, the feature of user's keystroke is classified. We measure the longest or the shortest interval time as user's keystroke feature. As that result, it is possible to change a simple password to a secure one simply by adding a special character to it according to the classified feature. This system is effective even when the cyber attacker knows the password.

• IE interfaces
• /
• v.25 no.3
• /
• pp.290-299
• /
• 2012

Keystroke dynamics refers to a way of typing a string of characters. Since one has his/her own typing behavior, one's keystroke dynamics can be used as a distinctive biometric feature for user authentication. In this paper, two authentication algorithms based on keystroke dynamics of long and free texts are proposed. The first is the K-S score, which is based on the Kolmogorov-Smirnov test, and the second is the 'R-A' measure, which combines 'R' and 'A' measures proposed by Gunetti and Picardi (2005). In order to verify the authentication performance of the proposed algorithms, we collected more than 3,000 key latencies from 34 subjects in Korean and 35 subjects in English. Compared with three benchmark algorithms, we found that the K-S score was outstanding when the reference and test key latencies were not sufficient, while the 'R-A' measure was the best when enough reference and test key latencies were provided.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 1997.11a
• /
• pp.345-353
• /
• 1997

Password checking is the most popular user authentication method. The keystroke dynamics can be combined to result in a more secure system. We propose an autoassociator multilayer perceptron which is trained with the timing vectors of the owner's keystroke dynamics and then used to discriminate between the owner and an imposter. An imposter typing the correct password can be detected with a very high accuracy using the proposed approach. The approach can also be used over the internet such as World Wide Web when implemented using a Java applet.

• International journal of advanced smart convergence
• /
• v.5 no.3
• /
• pp.40-46
• /
• 2016

The internet allows the information to flow at anywhere in anytime easily. Unfortunately, the network also becomes a great tool for the criminals to operate cybercrimes such as identity theft. To prevent the issue, using a very complex password is not a very encouraging method. Alternatively, keystroke dynamics helps the user to solve the problem. Keystroke dynamics is the information of timing details when a user presses a key or releases a key. A machine can learn a user typing behavior from the information integrate with a proper machine learning algorithm. In this paper, we have proposed mini-batch ensemble (MIBE) method which does the preprocessing on the original dataset and then produces multiple mini batches in the end. The mini batches are then trained by a machine learning algorithm. From the experimental result, we have shown the improvement of the performance for each base algorithm.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.8
• /
• pp.4076-4092
• /
• 2019

Nowadays, most users access internet through mobile applications. The common way to authenticate users through websites forms is using passwords; while they are efficient procedures, they are subject to guessed or forgotten and many other problems. Additional multi modal authentication procedures are needed to improve the security. Behavioral authentication is a way to authenticate people based on their typing behavior. It is used as a second factor authentication technique beside the passwords that will strength the authentication effectively. Keystroke dynamic rhythm is one of these behavioral authentication methods. Keystroke dynamics relies on a combination of features that are extracted and processed from typing behavior of users on the touched screen and smart mobile users. This Research presents a novel analysis in the keystroke dynamic authentication field using two features categories: timing and no timing combined features. The proposed model achieved lower error rate of false acceptance rate with 0.1%, false rejection rate with 0.8%, and equal error rate with 0.45%. A comparison in the performance measures is also given for multiple datasets collected in purpose to this research.

• Journal of Information Processing Systems
• /
• v.14 no.2
• /
• pp.523-538
• /
• 2018

Keystroke dynamics user authentication is a behavior-based authentication method which analyzes patterns in how a user enters passwords and PINs to authenticate the user. Even if a password or PIN is revealed to another user, it analyzes the input pattern to authenticate the user; hence, it can compensate for the drawbacks of knowledge-based (what you know) authentication. However, users' input patterns are not always fixed, and each user's touch method is different. Therefore, there are limitations to extracting the same features for all users to create a user's pattern and perform authentication. In this study, we perform experiments to examine the changes in user authentication performance when using feature vectors customized for each user versus using all features. User customized features show a mean improvement of over 6% in error equal rate, as compared to when all features are used.

• Journal of Korean Institute of Industrial Engineers
• /
• v.42 no.4
• /
• pp.280-289
• /
• 2016

User authentication is an important issue on computer network systems. Most of the current computer network systems use the ID-password string match as the primary user authentication method. However, in password-based authentication, whoever acquires the password of a valid user can access the system without any restrictions. In this paper, we present a keystroke dynamics-based user authentication to resolve limitations of the password-based authentication. Since most previous studies employed a fixed-length text as an input data, we aims at enhancing the authentication performance by combining four different variable creation methods from a variable-length free text as an input data. As authentication algorithms, four one-class classifiers are employed. We verify the proposed approach through an experiment based on actual keystroke data collected from 100 participants who provided more than 17,000 keystrokes for both Korean and English. The experimental results show that our proposed method significantly improve the authentication performance compared to the existing approaches.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.369-383
• /
• 2018

User authentication using PIN input or lock pattern is widely used as a user authentication method of smartphones. However, it is vulnerable to shoulder surfing attacks and because of low complexity of PIN and lock pattern, it has low security. To complement these problems, keystroke dynamics have been used as an authentication method for complex authentication and researches on this have been in progress. However, many studies have used imposter data in classifier training and validation. When keystroke dynamics authentications are actually applied in reality, it is realistic to use only legitimate user data for training, and using other people's data as imposter training data may result in problems such as leakage of authentication data and invasion of privacy. In response, in this paper, we experiment and obtain the optimal ratio of the thresholds for distance based classification. By suggesting the optimal ratio, we try to contribute to the real applications of keystroke authentications.

• International Journal of Internet, Broadcasting and Communication
• /
• v.8 no.4
• /
• pp.19-25
• /
• 2016

There are many free applications that need users to sign up before they can use the applications nowadays. It is difficult to choose a suitable password for your account. If the password is too complicated, then it is hard to remember it. However, it is easy to be intruded by other users if we use a very simple password. Therefore, biometric-based approach is one of the solutions to solve the issue. The biometric-based approach includes keystroke dynamics on keyboard, mice, or mobile devices, gait analysis and many more. The approach can integrate with any appropriate machine learning algorithm to learn a user typing behavior for authentication system. Preprocessing phase is one the important role to increase the performance of the algorithm. In this paper, we have proposed ensemble-by-session (EBS) method which to operate the preprocessing phase before the training phase. EBS distributes the dataset into multiple sub-datasets based on the session. In other words, we split the dataset into session by session instead of assemble them all into one dataset. If a session is considered as one day, then the sub-dataset has all the information on the particular day. Each sub-dataset will have different information for different day. The sub-datasets are then trained by a machine learning algorithm. From the experimental result, we have shown the improvement of the performance for each base algorithm after the preprocessing phase.