Authenticating Passwords by Typing Pattern Biometrics
DOI:
https://doi.org/10.47672/ajce.661Abstract
Passwords are a common measure used in Authentication systems to make sure that the users are who they say they are. The complexity of these Passwords is relied on while ensuring security. However, the role of complexity is limited. Users are forced to write down complex passwords since easy ones are easily guessed. This study aimed at evaluating the uniqueness of typing patterns of password holders so as to strengthen the authentication process beyond matching the string of characters. Using our own dataset, this research experimentally showed that k Nearest Neighbor algorithm using Euclidean distance as the metric, produces sufficient results to distinguish samples and detect whether they are from the same authentic user or from an impostor based on a threshold that was computed. Results obtained indicated that typing patterns are distinct even on simple guessable passwords and that typing pattern biometrics strengthens the authentication process. This research extends work in typing pattern analysis using k Nearest Neighbor machine learning approach to auto detect the password pattern of the authentic and non-authentic users. It also provides an investigation and assessment to the effect of using different k values of the KNN algorithm. Further to this field is the methodology for calculating an optimal threshold value with higher accuracy levels that acted as a basis for rejection or acceptance of a typing sample. Additionally is an introduction of a new feature metric of a combined dataset which is a concatenation of both the dwell and latency timings. A comparison of performance for independent and a combined dataset of the feature metrics was also evaluated.
Downloads
References
S. Perkins E. Wolfart A. Walker, R. Fisher. Adaptive thresholding, 2003.
Bellovin. Limitations of the kerberos authentication system. ACM SIGCOM Computer Communication, 1, 1990.
Applied Biosystems. Data analysis on the abi prism7700 sequence detection system: Setting baselines and thresholds. Report 4370923 Revision A, Apple Computer, Inc, 2002.
V. Brennen. Kerberos infrastructure how to. Technical report by kerberos consortium. Report, 2004.
P S Dowland. A preliminary investigation of user authentication using continuous keystroke analysis. IFIP 8th Annual Working Conference on Information Security Management and Small Systems Security, 2001.
C. Xiao E. Lau, X. Liu and X. Yu. Enhanced user authentication through keystroke biometrics. Computer and Network Security, 6(857), 2004.
J. Hu K. Xi, Y. Tang. Correlation keystroke verification scheme for user access control in cloud computing environment. Computer, 54(10):16321644, 2011.
M. Kim. A survey of kerberos v and public key kerberos security. Report, 2009.
S. Lisa. Your password isn’t safe: 90 are vulnerable to hacking. Technical report by deloitte’s Canadian technology, media telecommunications arm. Report, 2013.
B McCord. Dna typing and threshold setting: Setting instrument parameters and thresholds. Report, International Forensic Research Institute, 2002.
B. Cukic N. Bartlow. Keystroke dynamics-based credential hardening systems. Springer, London, UK, 2009.
Mtenzi Omary. Machine learning approach to identifying the dataset threshold for the performance estimators in supervised learning. IJI, 3(3), 2010.
W.LisowskiR. Gaines. Authentication by key stroke timing:. Some primary results rand report. Report, R-2560-NSF, Rand Corporation, 1980.
SANS. Password protection policy, 2014.
S. Sanyal. Multifactor authentication and security. Fourth ACM Conference on Computer and Communications Security, 10, 2013.
Z.Xiaorong S. Yeqin, T.Zhongqun. Security analysis of kerberos 5 protocol. Computer Knowledge and Technology. Intelligent data analysis, IOS Pres, 6(6):1319–1320, 2010.
Z.Xiaorong S.Yeqin, T.Zhongqun. Security analysis of kerberos 5 protocol. Computer Knowledge and Technology. Intelligent data analysis, IOS Pres, 6(6):1319–1320, 2010.
Teh. A survey of keystroke dynamics biometric. Scientific World, 2013.
G. D. Tambakis Y. S. Boutalis, I. T. Andreadis. A fast fuzzy k-nearest neighbor algorithm for pattern classification. Intelligent data analysis, IOS Pres, 4, 2009.
Pedregosa, F. and Varoquaux, G. and Gramfort, A. and Michel, V. and Thirion, B. and Grisel, O. and Blondel, M. and Prettenhofer, P. and Weiss, R. and Dubourg, V. and Vanderplas, J. and Passos, A. and Cournapeau, D. and Brucher, M. and Perrot, M. and Duchesnay, E. Journal of Machine Learning Research. 12: 2825—2830, 2011
Cook J, Ramadas V. When to consult precision recall curves. The Stata Journal. 2020;20(1):131-148. doi:10.1177/1536867X20909693
Yıldırım, M., Mackie, I. Encouraging users to improve password security and memorability. Int. J. Inf. Secur. 18, 741–759 (2019). https://doi.org/10.1007/s10207-019-00429-y
Wiedenbeck, S., Waters, J., Birget, J.C., Brodskiy, A., Memon, N.: Authentication using graphical passwords: effects of tolerance and image choice. In: Proceedings of the 2005 Symposium on Usable Privacy and Security, SOUPS ’05, pp. 1–12. ACM, New York, NY, USA (2005)
Chao Yang, Junwei Zhang, Jingjing Guo, Yu Zheng, Li Yang, Jianfeng Ma, "Fingerprint Protected Password Authentication Protocol", Security and Communication Networks, vol. 2019, ArticleID 1694702, 12 pages, 2019. https://doi.org/10.1155/2019/1694702
Downloads
Published
How to Cite
Issue
Section
License
Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution (CC-BY) 4.0 License that allows others to share the work with an acknowledgment of the work’s authorship and initial publication in this journal.
