Keystroke Dynamics Recognition: Theory, Methods and Application

From Antispoofing Wiki

Definition & Overview

Keystroke dynamics recognition (KDR) is based on identifying tempo, rhythms and manner of keyboard typing that is intrinsic to a specific individual. The concept can be traced back to the 19th century when telegraphy first appeared. It was relatively easy to recognize an operator by the manner they applied the Morse code. It is known that fine motor skills directly correlate with a person’s cognitive abilities and temperament — elements that serve as a personality foundation. The Culture of Ham Radio mentions that "The way a person sends code is almost as distinctive as his voice". These observations allowed distinguishing friendly operators from the enemy during the WWII with a technique dubbed The First of the Sender.



Keystroke dynamics can be used as an additional security layer along with biometrics, knowledge and token types of authentication. This method is generally seen as passive and unintrusive: it does the analysis while a person enters a password. At the same time, experts voice a concern that it can make authentication costlier and slower.

Areas of Application

There are 3 major types of authentication:

  • Knowledge. Something a person knows: password, PIN, etc.
  • Token. A specific item that only a person in question owns: mobile phone, SIM-card, passport, etc.
  • Biometrics. A parameter an accessor has from birth: fingerprints, blood type, voice, iris pattern.

Biometrics also have a subtype, which focuses on a person’s behavior: logging in/out schedule, online surfing/shopping habits, frequency of search requests, and so on. Keystroke dynamics are a part of behavioral biometrics as every individual tends to have a unique typing manner.



As a result, the method can enhance a static authentication modality, which solely depends on a reusable authenticator: password, secret phrase or a PIN. Its main vulnerability is that such an authenticator can be stolen through sniffing, eavesdropping, screenshotting or IP spoofing. Besides, KDR is seen as a promising solution for monitoring shared computer sessions as it can lock sensitive data to unauthorized users, raise an alarm in case of abnormal behavior or even detect a user’s gender.

Advantages & Disadvantages of Keystroke Dynamics Recognition

KDR has a number of pros and cons regarding its accuracy and implementation.

Advantages

It offers the following benefits:

  • Uniqueness. As typing has a unique character in each person’s case, it can be measured with a surgical precision with a specific algorithm.
  • Minimal invasiveness. The method does not collect highly private biometric or personal data and works in a background mode.
  • Enhanced password security. KDR can increase the lifespan of a password and increase its overall efficacy.
  • Resistance to hacking. Replicating KDR is extremely difficult. It makes typical hacking attacks — like brute force — useless since the system offers a limited number of retries.

Besides, KDR does not require dedicated gear to function, unlike many biometric solutions.

Disadvantages

The major drawbacks of the method are:

  • Increased wait time. While working in the backend, KDR can toll the system with an extra wait time. Especially if it is not cloud-supported and runs on a decrepit device.
  • Accuracy issues. Typing patterns may vary depending on fatigue, distractions, medical intoxication, user’s mood shifts, and other factors.
  • Decreased permanence. As a gained skill, typing can change over the time, which requires changing the keystroke profile.

Accuracy and permanence issues are the central problems of this approach.


Basics of Keystroke Dynamics Recognition

Here is a brief overview of how a KDR system works.

Capturing Keystroke Information

Basically, this is an enrollment stage, during which a user is prompted to type a text, on which their authentication profile will be formed. All subsequent access attempts will be matched against the given sample until it is changed.

General Structure of Keystroke Dynamics Recognition System

Typically, KDR architecture includes the following elements:

  • Data acquisition. Typing samples are acquired via an input device: computer keyboard, numpad, touchscreen, etc.
  • Feature extraction. With steps like feature selection and outlier detection, a reference pattern will be created.
  • Classification. It includes data categorization and discrimination.
  • Decision. At this stage reference data is compared against the input. To increase authentication accuracy, some fusion methods can be used.

Additionally, the architecture includes retraining in case a new reference template should be created.


The Main Methods of Keystroke Dynamics Recognition

Methods used in KDR include:

  • Statistical approach. It includes standard elements such as 𝑘-nearest neighbor, statistical 𝑡-test, median deviation, etc.
  • Probabilistic modeling. Based on a notion that keystroke feature vectors are predefined by Gaussian distribution, it employs such techniques as Hidden Markov Model, Gaussian Density Function, and others.
  • Cluster analysis. This idea suggests gathering similar characteristics pattern vectors to form a consistent, homogeneous cluster. (E.g. fuzzy C-means.)
  • Distance measure. This method estimates similarity or dissimilarity with a reference template using Euclidean distance, and other techniques.

Machine learning and Deep Neural Networks (DNNs) are also employed. For their training keystrokes of both the legitimate claimant and potential intruder can be used. Other methods include evolutionary computation, decision tree, fuzzy logic, Support Vector Machine, etc.


User Verification, Identification & Recognition

Verification framework in KDR consists of the following components:

  • Enrollment. A User’s model and reference template are created from the keystroke samples.
  • Outliers detection. Presence of outliers impacts performance of the classifiers during matching/verification.
  • Preprocessing. This step implies data normalization (with a normalization function) before further analysis.
  • Feature selection. Useless and irrelevant features are removed to increase operational speed.
  • Model computation. A model is computed to ensure user verification in the future. It can be done with learning clusters using k-mean, calculating standard deviation of enrolled samples and the mean vector, etc.

(Model computation can be based on both data mining and statistics.)

Evaluation of Keystroke Dynamics Recognition Systems

A KDR system is attested using three factors:

  • Performance. It considers the biometrics standards estimating Failure-To-Enroll rate, Equal Error Rate, and other metrics.
  • Satisfaction. It measures acceptance of the KDR approach among the users, as well as its ease-of-use and, perchance, commercial performance.
  • Security. This aspect focuses on Presentation Attack (PA) resistance potential, false Acceptance Rate (FAR), and other nuances.

Note: Performance and security metrics are taken from the ISO standardization (such as ISO/IEC 19795-1.)


The influence of Emotion on Keyboard Typing

The emotional state of an individual is seen to have an impact on their keystroke dynamics. During an experiment, volunteers were exposed to a sound that could potentially alter their emotional state while typing, such as bird chirping, from the IADS-2 dataset. A study revealed that emotional state affects keystroke duration and latency, while typing accuracy mostly stays the same. (Possibly due to the involvement of muscle memory).


Keystroke Biometrics Ongoing Competition

Keystroke Biometrics Ongoing Competition (KBOC), organized by IEEE and ATVS, is a challenge, which strives to create a baseline that can ensure accurate keystroke dynamics recognition. The contest has a public keystroke dataset with 7,600 sequences recorded from 300 unique individuals.


Keystroke Dynamics in Gender Recognition

It is considered possible to detect genders based on the keystroke dynamics data. As another experiment showed, male typing features a 373.04 ms latency and a 135.26 ms deviation, while female typing has 375.71 ms latency and 116.86 ms deviation.

Keystroke Dynamics Fatigue Recognition

A test, during which volunteers were challenged to type in a password repeatedly, showed that it is possible to detect fatigue levels of a user. An especially accurate result was produced by the key release-to-release data with a 91% accuracy rate. The technique can be used for creating more favorable work environments, among all else.

Authentication Using a Combination of Keystroke & Mouse Biometrics

Computer mouse dynamics can complement KDR as their monitoring and measuring is based on similar principles. To create an authentication template, a user is prompted to perform a fixed task with a mouse. Later, by analyzing mouse dynamics, button clicks, and other actions, a system can tell an imposter from a bona fide user.

Behavioral Biometric Authentication on Smartphones

A Behavioral Biometric Authentication method is proposed for smartphone gestures as well, which consist of strokes — a sequence of consecutive timed points. The method analyzes a user’s finger movement on the screen by extracting a group of features: temporal, geometric, spatial, dynamic, etc. In essence, this method has similar mechanics, advantages and drawbacks as the KDR approach.


References

  1. Relations between fine motor skills and intelligence in typically developing children and children with attention deficit hyperactivity disorder
  2. The Culture of Ham Radio
  3. The physiology of keystroke dynamics
  4. The Telegraph Operator
  5. A Survey of Keystroke Dynamics Biometrics
  6. Enrollment and authentication of the keystroke dynamics
  7. KDR can be potentially implemented in banking and real pinpads
  8. Fuzzy C-Means Clustering
  9. Evolutionary computation
  10. Decision Tree and Random Forest Algorithms: Decision Drivers
  11. Fuzzy logic
  12. Support Vector Machine
  13. Archive ouverte HAL
  14. ISO/IEC 19795-1:2021 Information technology — Biometric performance testing and reporting — Part 1: Principles and framework
  15. The Influence of Emotion on Keyboard Typing: An Experimental Study Using Auditory Stimuli
  16. Affective auditory stimuli: adaptation of the International Affective Digitized Sounds (IADS-2) for European Portuguese
  17. Keystroke Biometrics Ongoing Competition (KBOC)
  18. Database & Evaluation
  19. Keystroke Dynamics Features for Gender Recognition
  20. Analysis of Keystroke Dynamics for Fatigue Recognition
  21. A study on Continuous Authentication using a combination of Keystroke and Mouse Biometrics
  22. A Survey on Behavioral Biometric Authentication on Smartphones