Keystroke Dynamics
Keystroke dynamics analyzes the rhythm of a person's typing — timing between keystrokes, key durations and pressure — to build a low-cost behavioral biometric profile using only a standard keyboard.
Computer systems are now used in almost all aspects of business and commerce, and many businesses rely heavily on the effective operation of their computer systems. With the dramatic rise in interest in computer security over the past few years, there is strong demand for suitable alternatives to traditional computer user authentication.
Biometrics — the physical traits and behavioural characteristics that make each of us unique — are a natural choice for identity verification. Unlike passwords and PINs, biometrics cannot be lost, stolen, or overheard. A physiological characteristic is a relatively stable physical feature, such as a fingerprint, iris pattern, or retina pattern. A behavioural trait, on the other hand, has some physiological basis but also reflects a person's emotional state. The most common trait used in identification is a person's signature. Other behaviours used include a person's keyboard typing and speech patterns. Behavioural biometrics work best with regular use.
Because no single system meets all needs, a range of biometric systems is in development or on the market.
The same neurophysiological factors that make a written signature unique are also reflected in a user's typing patterns — also known as keystroke dynamics. When a person types, the latencies between successive keystrokes, keystroke durations, finger placement and pressure applied to the keys can be used to construct a unique profile for that individual. For well-known, regularly typed strings — e.g. a computer user's login string — such profiles can be quite consistent.
Most verification techniques involve a registration phase in which a number of the user's inputs are captured and processed to generate a reference profile. When a user claims to be a particular individual and enters a login string, this test profile is compared with the reference profile for that individual, and the difference between the two is computed. If the difference exceeds a predefined threshold, the user is rejected; otherwise, they are authenticated. Typical matching approaches use neural network architectures or traditional pattern-recognition schemes to associate identity with keystroke dynamics features. Neural networks have a fundamental limitation in that each time a new user is added to the database, the network must be retrained. In environments with a high turnover of users, the downtime associated with retraining can be significant.
The advantages of keystroke dynamics in the computer environment are clear. Neither enrollment nor verification disrupts the regular workflow, because the user would be typing anyway. And, unlike other biometric systems, keystroke dynamics is almost free — the only hardware required is the keyboard.
Legacy links (no longer active) (2)
- http://www.it.lut.fi/kurssit/03-04/010970000/seminars/Ilonen.pdf
- http://www.biopassword.com/home/technology/BP 204.5 Technical Paper.pdf