Keystroke dynamics-based authentication for mobile devices

Download Keystroke dynamics-based authentication for mobile devices

Post on 26-Jun-2016

216 views

Category:

Documents

0 download

Embed Size (px)

TRANSCRIPT

<ul><li><p>don</p><p>742</p><p>often adopted as the only security mechanism for mobile devices.</p><p>keystroke dynamics-based authentication (KDA) on mobile devices. We found that a KDA</p><p>system can be effective for mobile devices in terms of authentication accuracy. Use of</p><p>artificial rhythms leads to even better authentication performance.</p><p> 2008 Elsevier Ltd. All rights reserved.</p><p>d mo</p><p>(from 0000 to 9999). It is much easier for a potential impostor</p><p>a typical year (Kowalski and Goldstein, 2006). Third, we tend to</p><p>lend mobile phones easily to other people, thus they are</p><p>exposed to a higher risk of surreptitious use.</p><p>Recently, biometrics has been proposed to improve the</p><p>security of mobile devices. The term biometrics is defined</p><p>improves the overall reliability of authentication.</p><p>mobile devices, KDA has the following advantages over other</p><p>biometrics-based methods. First, most biometrics-based</p><p>methods require an extra device, e.g. a finger-scanner or an</p><p>iris-scanner (Clarke and Furnell, 2005), which restricts</p><p>mobility as well as increases cost. On the other hand, KDA</p><p>* Corresponding author. Tel.: 82 2 880 6275; fax: 82 2 889 8560.ac.kr (S. Cho), shpark82@snu.ac.kr (S. Park).</p><p>ava i lab le at www.sc ienced i rec t . com</p><p>.e</p><p>c om p u t e r s &amp; s e c u r i t y 2 8 ( 2 0 0 9 ) 8 5 9 3E-mail addresses: hss9414@snu.ac.kr (S.-s. Hwang), zoon@snu.to acquire the password by shoulder surfing and systematic</p><p>trial-and-error attacks. Second, mobile devices may be easily</p><p>lost or stolen because of their small sizes. For example, more</p><p>than one million mobile phones are stolen in Europe for</p><p>Keystroke dynamics-based authentication (KDA) is one of</p><p>biometrics-based authentication methods, motivated by the</p><p>observation that a users keystroke patterns are consistent</p><p>and distinct from those of other users.When implemented foret al., 2008). Cell phones and personal digital assistants (PDA)</p><p>are used for banking and stock trading nowadays. However,</p><p>there are three reasons why security of mobile devices has</p><p>a lot to be desired. First a PIN comprises only four digits, thus,</p><p>the number of candidate passwords is limited to only 10,000</p><p>ical attribute such as a fingerprint, a face and an iris, whereas</p><p>behavioral approaches utilize some characteristic behavior,</p><p>such as the way we speak or sign our name (Clarke and Fur-</p><p>nell, 2005). Clarke and Furnell (2007a) concluded that the two-</p><p>factor authentication, combining PIN code and biometrics,Keywords:</p><p>Mobile device</p><p>Keystroke dynamics</p><p>Artificial rhythms</p><p>Tempo cues</p><p>Biometrics</p><p>User authentication</p><p>1. Introduction</p><p>Use of mobile devices is diversifie0167-4048/$ see front matter 2008 Elsevidoi:10.1016/j.cose.2008.10.002re and more (Chen</p><p>by International Biometric Group as the automated use of</p><p>physiological or behavioral characteristics to determine or</p><p>verify identity. Physiological biometrics relies upon a phys-2 June 2008</p><p>Accepted 29 October 2008Because of their limited length, PINs are vulnerable to shoulder surfing and systematic</p><p>trial-and-error attacks. This paper reports the effectiveness of user authentication usingReceived in revised form tion number (PIN) isArticle history:</p><p>Received 26 November 2007</p><p>Recently, mobile devices are used in financial applications such as banking and stock</p><p>trading. However, unlike desktops and notebook computers, a 4-digit personal identifica-Keystroke dynamics-basedevices</p><p>Seong-seob Hwang, Sungzoon Cho*, Sungho</p><p>Seoul National University, 599 Gwanangno, Gwanak-gu, Seoul 151-</p><p>a r t i c l e i n f o a b s t r a c t</p><p>journa l homepage : wwwer Ltd. All rights reservedauthentication for mobile</p><p>Park</p><p>, Republic of Korea</p><p>l sev ie r . com/ loca te /cose.</p></li><li><p>quality. Another measure of data quality is how unique the</p><p>employed novelty detection framework where only the valid</p><p>users patterns are used for training. Second, each user in their</p><p>experiments enrolled 30 typing patterns. In practice, users</p><p>would not endure such a long enrollment procedure. More-</p><p>over, the typing speed on mobile devices is much slower than</p><p>that on a local PC. In our study, we collected only five patterns</p><p>from each user for enrollment. We compensated the reduced</p><p>data quantity with improved data quality through use of</p><p>artificial rhythms and cues strategy. Third, they utilized</p><p>various patterns such as 4-digit PINs, 11-digit telephone</p><p>numbers, and text messages while we focused only on 4-digit</p><p>PIN since PIN has been fixed to four digits for decades. Fourth,</p><p>c om p u t e r s &amp; s e c u r i t y 2 8 ( 2 0 0 9 ) 8 5 9 386typing patterns are. The more unique, the less likely the</p><p>patterns are similarly replicated by impostors. Recently, arti-</p><p>ficial rhythms and tempo cues were proposed to improve the</p><p>quality of typing patterns: uniqueness and consistency in</p><p>particular (Cho and Hwang, 2006). Improving the data quality</p><p>by decreasing variability and increasing uniqueness helps us</p><p>alleviate the weakness of a short PIN.</p><p>In this paper, we propose KDA with artificial rhythms and</p><p>tempo cues for mobile user authentication. To compare</p><p>between Natural Rhythm without Cue and Artificial</p><p>Rhythms with Cues, we completed the following tasks. First,</p><p>we implemented KDA system on a mobile phone which is</p><p>connected to a remote server through a wireless network. The</p><p>novelty detector classifier was built since only valid users</p><p>patterns are available in practice. Second, subjects were asked</p><p>to perform enrollment, login, and even intrusion to other</p><p>subjects accounts. Whenever a subject types his or her</p><p>password, the typing pattern is collected, sent to a server and</p><p>stored. Third, a comparative analysis was conducted to verify</p><p>the superiority of artificial rhythms and cues over natural</p><p>rhythms without cues. We also tested hypotheses to compare</p><p>the performance involving different typing strategies.</p><p>The organization of this paper is as follows. The following</p><p>section introduces keystroke dynamics-based authentication</p><p>for mobile devices and describes our methods to improve the</p><p>quality of typing patterns. Section 3 presents the data</p><p>collected and experimental results. Finally, conclusions and</p><p>a list of future work are discussed in Section 4.</p><p>2. Keystroke dynamics-based authenticationfor mobile devices</p><p>2.1. Keystroke dynamics-based authentication (KDA)</p><p>The password-based authentication is the most commonly</p><p>used in identity verification. However, it becomes vulnerable</p><p>when the password is stolen. Keystroke dynamics-based</p><p>authentication was proposed to provide additional security</p><p>(Gaines et al., 1980; Umphress and Williams, 1985). Keystroke</p><p>dynamics-based authentication (KDA) is to verify a users</p><p>identity using not only the password but also keystroke</p><p>dynamics. For example, a keystroke pattern is transformedrequires no additional device. Second, users tend to be reluc-</p><p>tant to provide their fingerprints or irises. On the other hand,</p><p>a user always has to type his or her password to log in, so</p><p>collecting keystroke patterns can be donewithout causing any</p><p>extra inconvenience to the user. Third, a scanned fingerprint</p><p>or iris requires a large volume of memory, a higher computing</p><p>power and communication bandwidth than keystroke timing</p><p>vectors. The efficiency of KDA is particularly important in</p><p>mobile environment which tends to have a smaller memory,</p><p>a lower computing power and slower wireless Internet than</p><p>a PC on the wired Internet.</p><p>Behavioral attributes are more subject to deviation from</p><p>norms than physical ones. A high variability leads to a high</p><p>authentication error. The variability is a measure of datainto a timing vector when a user types a string 5805 as</p><p>illustrated in Fig. 1. The duration and interval times aremeasured by milliseconds. A user can get access only if his</p><p>timing vector is similar enough to those already registered in</p><p>the server. Thus, he or she can only get access if the password</p><p>is typed with the correct rhythm.</p><p>Three steps are involved in KDA as illustrated in Fig. 2.</p><p>First, a user enrolls his/her keystroke patterns. A keystroke</p><p>pattern is defined as depicted in Fig. 1. A password of m</p><p>characters is transformed into a (2m 1)-dimensional timingvector. A duration denotes a time period during which a key</p><p>is pressed while an interval is a time period between</p><p>releasing a key and stroking the next key. Second, a classifier</p><p>is built using the keystroke patterns. The classifier, in a sense,</p><p>is a prototype of the valid user patterns. Third, when a new</p><p>keystroke pattern is given, one will reject it as an impostor</p><p>pattern if the distance between the prototype and the pattern</p><p>is greater than some threshold, or accept it as the valid users</p><p>pattern otherwise.</p><p>KDA can help us improve security for various services</p><p>involving mobile devices (Hwang et al., 2007). Even when an</p><p>impostor obtains both PIN and the mobile device, KDA can still</p><p>prevent him from logging in through the strengthened</p><p>authentication process. Recently, Clarke and Furnell (2005,</p><p>2007a,b) studied user identification using KDA on mobile</p><p>devices. They utilized the keystroke of 11-digit telephone</p><p>numbers and text messages as well as 4-digit PINs to classify</p><p>users. Their identification models were based on feed forward</p><p>multi-layer perceptron (FF-MLP), radial basis function (RBF)</p><p>networks, andgeneralizedregressionneuralnetworks (GRNNs).</p><p>Our approach is different from that of Clarke and Furnell</p><p>(2005, 2007a,b) in the following aspects. First, they built</p><p>a classifier using impostors patterns aswell as the valid users</p><p>patterns. In reality, however, impostors patterns are not</p><p>available unless the password be disclosed to potential</p><p>impostors and their patterns are collected. Rather, we</p><p>Fig. 1 A keystroke pattern is transformed into a timing</p><p>vector when a user types a string 5805. The duration and</p><p>interval times are measured by milliseconds.their subjects used an SW interface developed on a laptop</p><p>while our subjects used a real mobile phone, which is a third</p></li><li><p>en</p><p>c om p u t e r s &amp; s e c u r i t y 2 8 ( 2 0 0 9 ) 8 5 9 3 87generation synchronized IMT-2000 cellular system</p><p>(CDMA2000 1xEV-DO) (Qualcomm).</p><p>2.2. Improving data quality</p><p>One way to cope with the lack of data quantity is to improve</p><p>data quality. Data quality in KDA can be measured in terms of</p><p>uniqueness, consistency, and discriminability (Cho and</p><p>Hwang, 2006). Uniqueness is concerned with how different</p><p>a valid users typing patterns used to build a classifier are from</p><p>those of potential impostors. Also, consistency is concerned</p><p>with how similar a valid users access typing patterns are to</p><p>his enroll typing patterns. Finally, discriminability is con-</p><p>cerned with how well access typing patterns and impostor</p><p>typing patterns could be separated. The definition of</p><p>discriminability implies that two possible approaches exist to</p><p>improve discriminability. The first is to improve uniqueness,</p><p>and the second is to improve consistency.</p><p>Fig. 2 Three steps of KDA framework: enrollmAs oneway to improve uniqueness, it has been proposed to</p><p>type a password with artificial rhythms reproducible by the</p><p>valid user only (Cho and Hwang, 2006). Table 1 represents</p><p>various artificial rhythms to increase typing uniqueness. In</p><p>this paper, pauses are selected among various artificial</p><p>rhythms since they are simple and easy to control. A user</p><p>inserted a number of intervals where deemed necessary to</p><p>make the timing vector unique. As shown in Fig. 3, 5805 can</p><p>be typed as 5_ _ _80_ _5 with a three beat long pause between</p><p>5 and 8, and another two beat long pause between 0 and 5.</p><p>There are many combinations of inserting pauses in terms of</p><p>Table 1 Various artificial rhythms.</p><p>Artificial Rhythms Advantages</p><p>Pauses Flexible</p><p>Musical rhythm Consistent, Easy to remember</p><p>Staccato Consistent</p><p>Legato Consistent</p><p>Slow tempo Flexiblethe positions and lengths of pauses. The more combinations</p><p>there are, the harder an impostor can guess it correctly.</p><p>In order to prevent pauses from being inconsistent, tempo</p><p>cues are provided (Cho and Hwang, 2006). Tempo cues (Fig. 6)</p><p>work like a metronome helping the user keep the beat. Given</p><p>the tempo beat, the user only needs to remember the number</p><p>of beats for each pause. Usually, they can be provided in three</p><p>modes: auditory, visual, and audio-visual. In addition, users</p><p>are allowed to choose the tempo of the cue. It has another</p><p>advantage of improving uniqueness since only the valid user</p><p>knows the tempo.</p><p>Fig. 3 presents the timing vectors of password 5805 from</p><p>strategies Natural Rhythm without Cue (Fig. 3a) and Arti-</p><p>ficial Rhythms with Cues (Fig. 3b). The dotted lines represent</p><p>the enroll patterns, x, while the solid line represents the</p><p>prototype, m. Note that the timing vectors depicted in Fig. 3</p><p>were normalized, or divided by the two-norm. When</p><p>comparing timing vectors between strategies, there are</p><p>t, classifier building, and user authentication.differences in terms of both uniqueness and consistency.</p><p>First, observe the intervals between 5 and 8 from Artificial</p><p>Rhythms with Cues are very large compared to those from</p><p>Natural Rhythm without Cue. An impostors pattern would</p><p>be more similar to those from Natural Rhythmwithout Cue</p><p>and it is highly likely to be distinct from those from Artificial</p><p>Rhythms with Cues. Same can be said for intervals between</p><p>0 and 5. Thus, long intervals improve uniqueness of a users</p><p>patterns. Second, observe that the differences between the</p><p>enroll patterns and the prototype are smaller from Artificial</p><p>Rhythms with Cues than from Natural Rhythm without</p><p>Disadvantages Remedies</p><p>Inconsistent when long Use of cues</p><p>Rhythmical sense required</p><p>Limited</p><p>Limited, Exact duration Use of cues</p><p>Inconsistent Use of cues</p></li><li><p>participated in our experiment in July 2006. In the experiment,</p><p>Fig. 3 Timing vectors of a password 5805.</p><p>c om p u t e r s &amp; s e c u r i t y 2 8 ( 2 0 0 9 ) 8 5 9 388Cue. Tempo cues improved the consistency of the patterns</p><p>from Artificial Rhythms with Cues.</p><p>2.3. Mobile application</p><p>The experiments were performed on the third generation</p><p>synchronized IMT-2000 cellular system (CDMA2000 1xEV-DO)</p><p>(Qualcomm). The mobile device used is SAMSUNG SCH-V740</p><p>(Korean model number; Samsung Electronics website) as</p><p>shown in Fig. 4. The software authentication module was</p><p>implemented in WIPI (wireless Internet platform for interop-</p><p>erability), developed by the Mobile Platform Special Subcom-</p><p>mittee of the Korea Wireless Internet Standardization Forum</p><p>(KWISF). These are standard specifications necessary for</p><p>providing an environment for mounting and implementing</p><p>applications downloaded via the wireless Internet on the</p><p>mobile communication terminal. For more details, see the</p><p>WIPI website.</p><p>Any user authentication including KDA has two types of</p><p>error, i.e. false acceptance rate (FAR) and false rejection rate</p><p>(FRR) (Golarelli et al., 1997). One type of error can be reduced at</p><p>the expense of the other by varying a threshold. Thus, in order</p><p>to avoid effects of arbitrary threshold selection, the modelswere compared in terms of the equal error rate (EER) where</p><p>Fig. 4 Mobile phone used in the exa 4-digit numeric PIN was used. Two strategies were</p><p>employed: Natural Rhythm without Cue and Artificial</p><p>Rhyt...</p></li></ul>

Recommended

View more >