Typing Pattern Authentication Techniques

3rd Quarter

Luke Knepper

Agenda

Background Final Process Experimentation Current Results Goals

The Dilemma

Passwords can sometimes be suboptimal Advanced biometrics are expensive Need an alternative

A Solution

• Authenticate people by how they type

• Typing patterns differ by person

• Studies show that people can be authenticated by their typing patterns

• Cheap and flexible to implement

A Problem

• Usually will measure the user's keystrokes when typing in username & passwords

• Commercial packages available (ex. Psylock)

• However, uses static text (username & password) → easy to hack

• Need an improvement

The Fix

• Generate random text and record keystrokes while the user types it

• Not a static text segment → Makes it considerably harder to hack

Another Advantage

• What if another person jumps on the computer while you are logged in?

• Can continuously monitor the user's typing patterns during program use

• If a change is detected, system suspects an intruder and locks the user out

Background

Measures users' typing patterns, compares to a previous standard

Technique first used in WWII Works with ~90% Accuracy Usually implemented in a neural network

structure

Background

Process (front-end)

On account set-up, user will type large amounts of dynamic text

On subsequent log-ins, user will type smaller amount of dynamic text

User will still need to use username, password, etc.

Process (back-end)

Set-up data will be used to breed (i.e. train) a neural network

The optimal weight vector can be generated efficiently via back-propagation, genetic algorithms, parallel processing

Log-in data will be fed through neural network: result either meets threshold (admitted) or does not meet (rejected)

Continuous Authentication

• Uses same general process as log-in time authentication

• Measures the user's typing patterns while the system is in use

• Runs the typing data through the neural network at regular intervals

• Raise the warning level if a change is detected, lock out after critical point

Experimentation

Goals: Develop and test the accuracy of

different types of neural networks for this purpose

Develop and test log-in authentication application

Develop and test continuous authentication application

Experimentation

Neural Network Optimization:

1. Develop online data collection applet

2. Collect massive amounts of data

3. Use data to train multiple neural network types

4. Test different network types to determine accuracy of each type

Experimentation

Neural Network Optimization:

Will train a neural network for each data file collected

Sample data will be sent through the neural network

Success vs. Failure ratio will be measured and compared between different network types

Experimentation

Accuracy Testing:

1. Collect large number of test subjects

2. Subjects set up dummy accounts

3. Subjects attempt to log into their accounts and accounts of others on subsequent sittings (spaced out by 1 week and 1 month)

4. Measure final accuracy

Current Results

Proof-of-concept program Determines the mystery typer between two

known users Uses simple single-layer neural network Correct 18 / 20 = 90%

Current Results

Data collection Flash applet Shows user segment of dynamic text, asks

them to type it in a box below Records their keystroke times Sends keystroke data to server to be

stored in separate files Collected over 1,500 samples

Current Results

Keystroke data file format:

– For each keystroke, records the following:

Key-# / up-or-down / time-in-millis

Example: “65 U 22424”– Flexible format allows for different

characteristics to be measured (e.g. time between strokes or time of depression)

Current Results

Working on an automated testing system First will train neural networks of each type

for every data file as noted before Then will record the results of each neural

network through automated tested Finally will compute statistics for the

accuracy of the different types

Current Results

• Developped continuous authentication simulation program

• Simulates an instant-messaging session with an automated chat bot

• Asks the user questions and measures typing data for each response

• Locks the user out if a significant change is detected

Goals

Final program interface will be: Easily implementable Difficult to crack Accurate above 90% Will be combined with password security

to make inexpensive and secure system

Fin

Questions and wrap-up