![Page 1: I can be You: Questioning the use of Keystroke Dynamics as Biometrics](https://reader035.vdocuments.us/reader035/viewer/2022062500/5681500a550346895dbde3e6/html5/thumbnails/1.jpg)
I can be You: Questioning the use of Keystroke
Dynamics as BiometricsTey Chee Meng, Payas Gupta, Debin Gao
Ke Chen
![Page 2: I can be You: Questioning the use of Keystroke Dynamics as Biometrics](https://reader035.vdocuments.us/reader035/viewer/2022062500/5681500a550346895dbde3e6/html5/thumbnails/2.jpg)
Outline
• Introduction• Keystroke biometrics• Experimental Design• Experimental Results• Conclusion
![Page 3: I can be You: Questioning the use of Keystroke Dynamics as Biometrics](https://reader035.vdocuments.us/reader035/viewer/2022062500/5681500a550346895dbde3e6/html5/thumbnails/3.jpg)
Authentication using Biometrics
• Physiological biometric:– facial features– hand geometry– Fingerprints– iris scans
• Behavioral biometric:– Signatures– Handwriting– Typing patterns ( i.e. keystroke dynamics)
![Page 4: I can be You: Questioning the use of Keystroke Dynamics as Biometrics](https://reader035.vdocuments.us/reader035/viewer/2022062500/5681500a550346895dbde3e6/html5/thumbnails/4.jpg)
Is Keystroke Biometrics Unique?• If imitation is possible, then keystroke
dynamics would be unsuitable for use as a biometrics feature.
• it is possible to imitate someone else’s keystroke typing if appropriate feedback is provided?
![Page 5: I can be You: Questioning the use of Keystroke Dynamics as Biometrics](https://reader035.vdocuments.us/reader035/viewer/2022062500/5681500a550346895dbde3e6/html5/thumbnails/5.jpg)
Keystroke DynamicsKeystroke dynamics refer to information about the typing pattern.
pressing and releasing of a keystroke pair (ka, kb) results in 4 timings which are of interest to keystroke biometrics systems
![Page 6: I can be You: Questioning the use of Keystroke Dynamics as Biometrics](https://reader035.vdocuments.us/reader035/viewer/2022062500/5681500a550346895dbde3e6/html5/thumbnails/6.jpg)
Keystroke Dynamics• Key-down time:• Key-up time:• four relative timings can be derived:
![Page 7: I can be You: Questioning the use of Keystroke Dynamics as Biometrics](https://reader035.vdocuments.us/reader035/viewer/2022062500/5681500a550346895dbde3e6/html5/thumbnails/7.jpg)
Data vectorization
![Page 8: I can be You: Questioning the use of Keystroke Dynamics as Biometrics](https://reader035.vdocuments.us/reader035/viewer/2022062500/5681500a550346895dbde3e6/html5/thumbnails/8.jpg)
Anomaly Detector Scoring• mean vector
![Page 9: I can be You: Questioning the use of Keystroke Dynamics as Biometrics](https://reader035.vdocuments.us/reader035/viewer/2022062500/5681500a550346895dbde3e6/html5/thumbnails/9.jpg)
Anomaly Detector Scoring• absolute deviation vector
![Page 10: I can be You: Questioning the use of Keystroke Dynamics as Biometrics](https://reader035.vdocuments.us/reader035/viewer/2022062500/5681500a550346895dbde3e6/html5/thumbnails/10.jpg)
Anomaly Detector Scoring• Euclidean distance based anomaly score
• Manhattan distance based anomaly score
![Page 11: I can be You: Questioning the use of Keystroke Dynamics as Biometrics](https://reader035.vdocuments.us/reader035/viewer/2022062500/5681500a550346895dbde3e6/html5/thumbnails/11.jpg)
Anomaly Detection Threshold• FRR: false rejection rate, decrease as
threshold sets higher• FAR: false acceptance rate, increase as
threshold sets higher• EER: equal error rate where FRR=FAR
![Page 12: I can be You: Questioning the use of Keystroke Dynamics as Biometrics](https://reader035.vdocuments.us/reader035/viewer/2022062500/5681500a550346895dbde3e6/html5/thumbnails/12.jpg)
Experiment Design• Attack scenarios
– the attacker is able to extract the victim pattern from a compromised biometrics database.
– the attacker may be able to capture samples of the victim’s keystrokes as she is authenticating (e.g. by installing a key- logger).
![Page 13: I can be You: Questioning the use of Keystroke Dynamics as Biometrics](https://reader035.vdocuments.us/reader035/viewer/2022062500/5681500a550346895dbde3e6/html5/thumbnails/13.jpg)
Choice of Password• “serndele”
– minimize finger movements on a standard US keyboard.
• “ths.ouR2”– chosen to maximize finger movements and
therefore difficulty of typing.
![Page 14: I can be You: Questioning the use of Keystroke Dynamics as Biometrics](https://reader035.vdocuments.us/reader035/viewer/2022062500/5681500a550346895dbde3e6/html5/thumbnails/14.jpg)
Experiment 1 (e1)• Training Data Collection
88 participants were asked to submit 200 samples for each of the two passwords using an existing keystroke dynamics based authentication system.
![Page 15: I can be You: Questioning the use of Keystroke Dynamics as Biometrics](https://reader035.vdocuments.us/reader035/viewer/2022062500/5681500a550346895dbde3e6/html5/thumbnails/15.jpg)
Experiment 2 (e2)• Imitation using Euclidean distance
30 minutes imitation task: 84 participants played the role of attackers. 10 victims were randomly chosen from e1. Each attacker was randomly assigned one of the 10 victims, and was given the victim’s mean vector for. Attackers gets real-time feedback of the Euclidean distance based anomaly score.
![Page 16: I can be You: Questioning the use of Keystroke Dynamics as Biometrics](https://reader035.vdocuments.us/reader035/viewer/2022062500/5681500a550346895dbde3e6/html5/thumbnails/16.jpg)
Experiment 3 (e3a)• Investigate the additional imitation session
with Euclidean distance
14 best attackers were chosen from e2 to perform the same imitation task in e2 for only 20 minutes.
![Page 17: I can be You: Questioning the use of Keystroke Dynamics as Biometrics](https://reader035.vdocuments.us/reader035/viewer/2022062500/5681500a550346895dbde3e6/html5/thumbnails/17.jpg)
Experiment 4 (e3b)• Investigate the imitation performance of highly
motivated attackers in optimal environment
Feedback is based on full victim typing pattern Information (Manhattan distance and absolute deviation)
![Page 18: I can be You: Questioning the use of Keystroke Dynamics as Biometrics](https://reader035.vdocuments.us/reader035/viewer/2022062500/5681500a550346895dbde3e6/html5/thumbnails/18.jpg)
Feedback Interface: Mimesis
![Page 19: I can be You: Questioning the use of Keystroke Dynamics as Biometrics](https://reader035.vdocuments.us/reader035/viewer/2022062500/5681500a550346895dbde3e6/html5/thumbnails/19.jpg)
Experiment Results• Result from e1: collision attack
given a target organization with 10 high value targets, if a team of 84 attackers were to be
assembled, we expect to find on average, one attacker with the same typing pattern as
one of the high value targets.
![Page 20: I can be You: Questioning the use of Keystroke Dynamics as Biometrics](https://reader035.vdocuments.us/reader035/viewer/2022062500/5681500a550346895dbde3e6/html5/thumbnails/20.jpg)
Experiment Results• Results from e2: Improvement in FAR after
imitation training
![Page 21: I can be You: Questioning the use of Keystroke Dynamics as Biometrics](https://reader035.vdocuments.us/reader035/viewer/2022062500/5681500a550346895dbde3e6/html5/thumbnails/21.jpg)
Experiment Results• Results from e2: Effect of password difficulty
The differences in mean between the easier and the harder password suggest that passwords
that are easier to type are also easier to imitate.
![Page 22: I can be You: Questioning the use of Keystroke Dynamics as Biometrics](https://reader035.vdocuments.us/reader035/viewer/2022062500/5681500a550346895dbde3e6/html5/thumbnails/22.jpg)
Experiment Results• Results from e2: effect of training duration
56% attackers took no more than 20 minutes to reach their b20 performance.
![Page 23: I can be You: Questioning the use of Keystroke Dynamics as Biometrics](https://reader035.vdocuments.us/reader035/viewer/2022062500/5681500a550346895dbde3e6/html5/thumbnails/23.jpg)
Experiment Results• Results from e3a:
– 6 attackers improved their b20 FAR– 4 attackers unchanged– 4 attackers worsened
![Page 24: I can be You: Questioning the use of Keystroke Dynamics as Biometrics](https://reader035.vdocuments.us/reader035/viewer/2022062500/5681500a550346895dbde3e6/html5/thumbnails/24.jpg)
Experiment Results• Results from e3b:
![Page 25: I can be You: Questioning the use of Keystroke Dynamics as Biometrics](https://reader035.vdocuments.us/reader035/viewer/2022062500/5681500a550346895dbde3e6/html5/thumbnails/25.jpg)
Experiment Results• Factors affecting imitation outcome
– Gender: male performs significantly better than females
– Therefore there exists a weak correlation between the imitation outcome and the similarity between the attacker and victim’s typing pattern
– Typing speed, keyboard, Number of trials per minute are not affecting factors
![Page 26: I can be You: Questioning the use of Keystroke Dynamics as Biometrics](https://reader035.vdocuments.us/reader035/viewer/2022062500/5681500a550346895dbde3e6/html5/thumbnails/26.jpg)
Conclusion• A user’s typing pattern can be imitated
– Trained with incomplete model of the victim’s typing pattern, an attacker’s success rate is around 0.52
– The best attacker increases FAR to 1 after training– When the number of attackers and victims are
sizeable, chance of natural collision is significant
![Page 27: I can be You: Questioning the use of Keystroke Dynamics as Biometrics](https://reader035.vdocuments.us/reader035/viewer/2022062500/5681500a550346895dbde3e6/html5/thumbnails/27.jpg)
Conclusion
• Easier passwords are easily imitated• Males are better imitators
![Page 28: I can be You: Questioning the use of Keystroke Dynamics as Biometrics](https://reader035.vdocuments.us/reader035/viewer/2022062500/5681500a550346895dbde3e6/html5/thumbnails/28.jpg)
Questions?