Keystroke Dynamics Based User Authentication using Numeric Keypad (original) (raw)

Keystroke Dynamics Based User Authentication using Numeric Keypad

Baljit Singh Saini
Research Scholar: CSE,Sri Guru Granth Sahib
World University, Fatehgarh Sahib, Punjab
Asst. Professor: CSE, Lovely Professional
University Phagwara, Punjab
Email: baljitsaini28@gmail.com

Navdeep Kaur
CSE,Sri Guru Granth Sahib
World University, Fatehgarh Sahib, Punjab
Email: drnavdeep.sggswu@gmail.com

Kamaljit Singh Bhatia
ECE, GZSCCET, Maharaja
Ranjit Singh Punjab
Technical University
Bathinda, Punjab
Email: kamalbhatia.er@gmail.com

Abstract

Keystroke dynamics is the study to identify/authenticate a person based on his/her typing rhythms, which are inferred from keystroke events like key-press and key-release. A lot of research work has been done in this field where the researchers have used either only alphabetic or alphanumeric or only numeric inputs. In this paper we address the question What is the best possible numeric input for authentication using keystroke dynamics. We accomplished this by making the users enter four different numbers. Each number consisted of 8 -digits. Out of these four numbers two were random numbers while the other two were formed using digits which had some pattern to them. Random Forest and Naive Bayes were used as classifiers. The results showed that using Random Forest classifier yielded best results when a random number is taken as input. The study also proved that a combination of hold time and latency as features yielded improved results. We achieved an average false acceptance rate of 2.7%2.7 \% and false rejection rate of 35.9%35.9 \%.

I. InTRODUCTION

In modern times all the information is stored and shared using computers or mobile devices. With increased use of mobile devices the risk of theft of sensitive data has also increased. To protect data we use password but these passwords can be easily cracked by the hackers [2]. For better security, measures like finger scan, retina scan etc. are used which are a form of physical biometric. But these measures are very costly to implement. Keystroke dynamics is a behavioural biometric method which identifies the user on the basis of his/her typing pattern [1] . The characteristics of a keyboard has cognitive qualities [6] and hence can be used very effectively for identification purposes. This biometric system works by extracting features from the collected data. Then a classifier is used to build up the user profile. The same process is repeated while testing and if the profile matches the one in the database the user is authenticated otherwise not. The working of a biometric system is shown in the figure 1. The deployment of keystroke dynamics for authentication does not include any extra cost as you just require a keyboard for typing which is an integral part of computer system. There are two types of authentication in keystroke dynamics: fixed text and free text. In fixed text the input text is predefined and the user has to type the same text during enrolment and authentication time. In free text the user is free to type any text according to his liking during enrolment and authentication time, thus eliminating the need to remember passwords. Although free text seems a better choice yet accuracy rate with free text is low as compared to

Fig. 1: Biometric System [15]
fixed text.
To measure the efficiency of the system three common measures are used:

1. False Acceptance Rate(FAR) - It is the count of how many times an imposter is accepted as an authorised user.
2. False Rejection Rate(FRR) - It is the count of how many times a genuine user is rejected as being an imposter.
3. Equal Error Rate(EER) - It is the value at which FRR is equal to FAR.

In this paper we worked with fixed text input method. The input consisted of 8 -digit numbers that were typed using the numeric keypad. Each user typed four different numbers. Two numbers were random numbers while two formed some pattern. The aim of the study is to determine whether a random number or a number having some pattern to it, acts as a better input for making user typing profile.
The rest of the paper is organized as follows. In Section II we summarise the work done so far taking numbers as an input. Section III discusses about the problem and the approach that is being followed. Section IV details about the methodology adopted. We first discuss about the data collection technique, then about the features used and lastly about the classifiers that are used for analysis.In Section V the analysis and results are discussed in detail. The final section concluded the findings of the paper and touches upon the possible future work.

II. Related Work

Majority of the research in keystroke dynamics has focused on single password for all the users or different password for each user [3].
Rodrigues et al. [4] used Hidden Markov Model on a fixed 8digit number and obtained EER of 3.6%.203.6 \% .20 users participated in this research and each user typed the password 40 times. Maxion and Killourhy [5] conducted their experiment in a controlled environment involving 28 users. All the users used their right hand index finger only to enter the same input, which was a 10 digit number. The number 412-193-7761 was used as the input. They achieved an accuracy rate of 99.97%99.97 \% using Random Forest algorithm.
In another experiment Patrick Bours and Elnaz Masoudian [6] used the approach of one-time PIN codes, consisting of 6 digits. They obtained an EER of 26%26 \%. They extended their experiment by increasing the length of PIN codes to 12 and achieved an EER of 22%22 \%. A total of 30 users participated in this study.
Kotani and Horii [6] tried 9 subjects utilizing a weight/power keypad, which depicted the state of a computerized tellermachine’s numeric keypad. Every user entered the same 4digit PIN. They obtained an EER of 2.4%2.4 \%.
Clarke et al. [7] conducted two experiments involving 16 users: one with 4 digit PIN and other with 11 digit telephone number. An EER of 11.3%11.3 \% was achieved when the input was PIN and 10.4%10.4 \% when they used telephone number as the input.
In another experiment Clarke and Furnell [8] requested 32 subjects to enter a PIN (4 digits) and a 11-digit phone number on a portable phone. 30 samples per user were collected in a secluded environment (incorrect entries were rejected and rehashed). They got an EER of 8.5%8.5 \% for the PIN and 4.9%4.9 \% for the phone number.
Hwang et al. [9] used the concept of artificial rhythm and tempo cues (which means giving a pause while typing e.g. while typing 1234 you type it as 1−−23−−41--23--4 i.e. you give a 3 beat pause after 1 and 2 beat pause after 3 ). The achieved EER was 4%4 \%.
Trojahn et al. [10] asked the users to enter 17-digit passphrase. Each of the 152 users typed the passphrase 10 times in a row. They analysed the data by using K-means classifier and got an FAR of 4.19%4.19 \% and an FRR of 4.59%4.59 \%.
Buchoux and Clarke [11] experimented using different classifiers to find a trade-off between computation power and performance of mobile phones. They concluded that the statistical classifiers are the most effective classifiers to be used for mobile phones. Using PIN as input an FAR of 53.13%53.13 \% and an FRR of 20.63%20.63 \% was achieved. Using an alphanumeric input an improved FAR of 20%20 \% and an FRR of 2.5%2.5 \% was achieved. Ahmed and Traore [1] worked on free text based authentication. They used neural network techniques to foresee missing digraphs based on relation of the keystrokes pressed. 53 users participated in their research. A FAR of 0.0152%0.0152 \% and a FRR of 4.82%4.82 \%, at an ERR of 2.14%2.14 \% was achieved in the initial experiment when a heterogeneous environment was used. In the subsequent experiment they used homogeneous environment that yielded FAR of 0%0 \% and FRR of 5.01%5.01 \%, at ERR of 2.13%2.13 \%.
Latency is the most frequently used feature. There are four types of latencies: press-press, press-release, release-press and release-release [12]. Latency is also refered to as digraph by

Fig. 2: Keystroke Features
some researchers [1]. Buchoux and Clarke [11] used latency for conducting their research. Another feature is the hold time which is the time duration for which a particular key is pressed. Patrick Bours and Elnaz Masoudian [13], Clarke and Furnell [8] and Hwang et al. [9] used hold time and latency in combination both for testing and concluded that a combination of both gave better results.Maxion and Killourhy [5] used three features: (1) hold time (2) press-press latency (3) release-press latency. Figure 2 shows these keystroke features.
Saevanee and Bhatarakosol [14] in addition to hold time and latency used pressure with which a user presses the keys as a feature and got an impressive EER of 1%1 \%. Trojahn et al. [10] used additional features like pressure and size. Since their experiment was conducted using a touch screen mobile phone so in addition to hold and latency time they collected the data related to the pressure with which a user presses the keys and the size of the impact of the finger while typing. Table I summarizes the experimental results of some of the previous studies. .

III. Problem and Approach

Majority of the research on keystroke dynamics for mobile phones has worked on fixed input. The input that is chosen is mostly numeric with varying lengths. In all the papers the researchers have chosen a single input irrespective of length i.e. if the input size is 4 digits they chose one number whose length is 4 digits. To the best of our knowledge no one has tried to find out whether the pattern of choosing the digits that form the input number plays any significant role in the output or not. This is a novel approach and will help future researchers to correctly identify the right input text.
For experimentation we decided to choose a total of four numbers.

1. 11223344

TABLE I: Results of previous studies

1. 51595159
2. 70852641
3. 15963708

The four numbers were chosen in such a manner that the first two form a pattern and are easy to type while the third and fourth are random numbers. Remembering the first two numbers is easy and user can type them without having to look at them again. The last two numbers are random, hence the user might have to look at them repeatedly while typing. The thought was that this might give a better user typing profile as compared to the first case.
The data was analysed with two approaches: using hold time only and using hold time and latency together.

IV. Methodology

A. Data Collection

For collection of data a Windows based application was developed. 30 users participated in the experiment out of which 22 were male and 8 were female. Each user typed the four numbers 20 times each using only the numeric keypad of the keyboard. Since the typing pattern can be influenced by various factors, the users were encouraged to give the inputs in different sessions as per their convenience. This helped to get the data in a natural fashion and the results obtained were close to a real time situation which is not the case with most of the studies where the data is collected in a controlled manner and the results may not be same when implemented in real life scenario. All the participants were engineering students. A snapshot of the user interface is shown in the figure 3

B. Feature Extraction

After collecting the raw data from the users feature extraction was performed. Based on the time i.e. the key press time(P) and key release time ® 5 features were extracted.

1. Hold time: The time for which a particular key remain pressed. It is calculated as (Ri−Pi)\left(\mathrm{R}_{\mathrm{i}}-\mathrm{P}_{\mathrm{i}}\right).
2. Press-press time: It is the time interval between press event of key i and and press event of key ( i+1\mathrm{i}+1 ). It is calculated as Pi+1−Pi\mathrm{P}_{\mathrm{i}+1}-\mathrm{P}_{\mathrm{i}}.
3. Press-release time: It is the time interval between press event of key i and release of key (i+1). It is calculated as Ri+1−Pi\mathrm{R}_{\mathrm{i}+1}-\mathrm{P}_{\mathrm{i}}.
4. Release-release time: The time interval between release event of key i and key ( i+1\mathrm{i}+1 ). It is calculated as Ri+1−Ri\mathrm{R}_{\mathrm{i}+1}-\mathrm{R}_{\mathrm{i}}.

Fig. 3: User Interface

TABLE II: Elements of feature vector

1. Release-press time: The time interval between release event of key i and press of key ( i+1\mathrm{i}+1 ). It is calculated as Pi+1−Ri\mathrm{P}_{\mathrm{i}+1}-\mathrm{R}_{\mathrm{i}}.

Every number consists of 8 digits which gives a total of 36 features. The component wise breakdown of the feature vector is given in table II.

C. Classifier

Various classifiers based on statistical methods, decision trees, neural networks, fuzzy logic have been used previously, for review see [3], [15]. For our study we used two classifiers which have been used in previous studies and have shown good results.
Random Forest [16] is an ensemble learning technique (additionally considered as a type of nearest neighbour indicator).

It works by constructing many decision tress during training and outputs the mode of the classes of the individual trees.
Naive Bayes is a Bayes’ theorem based probabilistic classifier that assign class labels to problem instances. It works very effectively when trained using supervised methods. Naive Bayes has given very good results when implemented in realworld situations.
WEKA(Waikato Environment for Knowledge Analysis), a machine learning tool in which both these algorithms are implemented was used for performing the analysis.

V. ANALYSIS AND RESULTS

The analysis was done on two different data sets: one comprising of only hold time features and the other comprising of hold time plus latency(press-press, press-release, releaserelease and release-press) features. Thus in first case we had 8 features and in the second case we had 36 features. The collected data was subjected to pre-processing where the outliers and extreme cases were discarded. This was done inorder to remove those cases where the user might not have given the input with full concentration e.g. the user might have been engaged in a conversation with his friend while he was giving input and this might have affected his typing rhythm. Every user provided 20 samples for each input string. 10-fold cross-validation technique was used for analysing the results of the classifiers.
The results when only hold time was used as a feature are represented in table III. The values in table are the average FAR and FRR of all the users. The best FAR of 3.9%3.9 \% is achieved and the FRR of 53.5%53.5 \% is achieved. The FAR is low in all the cases but the FRR is on the higher side. Moreover it is observed that the values of FAR and FRR are low in case the input is a random number as compared to the input where the numbers have some sort of pattern to them.
Table IV shows the results when hold time and latency were used as a combination. A better FAR rate is achieved and there is significant improvement in case of FRR. The best FAR achieved was 2.7%2.7 \% and FRR was 35.9%35.9 \%. In this case also the results are better in case of random number inputs.
It is evident from both the experiments that better results are achieved using Random Forest as a classifier as compared to Naive Bayes. Also the best FAR and FRR rate is achieved when the input number was “70852641”.
The same is also evident from the ROC curve shown in figure 4. It is clear that the area under the curve “rldi(70852641)” which is the ROC curve for user 5 when analysis was done using Random Forest and hold time and latency both were used as features and the input number was 70852641 is greater than the area under any other curve.

VI. CONCLUSION

This paper analyses the issue of choosing a correct input for performing keystroke Dynamics authentication. The best results were obtained when input consisted of random number. The combination of hold time and latency gave the best results. The results could be even better if more number of samples per user could have been used but that will limit the practicality as in real life the user will like to give as less inputs as possible while training the system. Since we could not find a research paper which has done a comparison based on

Fig. 4: ROC curve for 70852641 and 11223344 using Random Forest

TABLE III: FAR and FRR using hold time only

TABLE IV: FAR and FRR using hold time and latencies

different combination of inputs we could not compare our results directly. This can be a possible area of future research.

ACKNOWLEDGMENT

We would like to thank all the users to participated in the study and provided us the data which could be used for analysis.

REFERENCES

[1] A. A. Ahmed and I. Traore, “Biometric recognition based on free-text keystroke dynamics.” IEEE transactions on cybernetics, vol. 44, no. 4, pp. 458-472, 2014.

[2] A. Alsultan and K. Warwick, “User-Friendly Free-Text Keystroke Dynamics Authentication for Practical Applications,” in 2013 IEEE International Conference on Systems, Man, and Cybernetics, 2013, pp. 4658−46634658-4663.
[3] S. P. Banerjee and D. Woodard, “Biometric Authentication and Identification Using Keystroke Dynamics: A Survey,” Journal of Pattern Recognition Research, vol. 7, no. 1, pp. 116-139, 2012.
[4] R. N. Rodrigues, G. F. G. Yared, C. R. N. C. Costa, J. B. T. YabuUti, F. Violaro, L. L. Ling, and B. T. Yabu-uti, “Biometric access control through numerical keyboards based on keystroke dynamics,” Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 3832 LNCS, pp. 640-646, 2005.
[5] R. A. Maxion and K. S. Killourby, “Keystroke Biometrics with NumberPad Input,” in IEEE/IFIP International Conference on Dependable Systems & Networks(DSN), 2010, pp. 201-210.
[6] K. Kotani and K. Horii, “Evaluation on a keystroke authentication system by keying force incorporated with temporal characteristics of keystroke dynamics,” Behaviour and Information Technology, vol. 24, no. 4, pp. 289-302, 2005.
[7] N. L. Clarke, S. M. F. B. M. Lines, and P. L. Reynolds, “Keystroke Dynamics on a Mobile Handset : A Feasibility Study,” Information Management and Computer Security, vol. 11, no. 4, pp. 161-166, 2003.
[8] N. L. Clarke and S. M. Furnell, “Authenticating mobile phone users using keystroke analysis,” International Journal of Information Security, vol. 6, no. 1, pp. 1-14, 2007.
[9] S. S. Hwang, H. J. Lee, and S. Cho, “Improving authentication
accuracy using artificial rhythms and cues for keystroke dynamics-based authentication,” Expert Systems with Applications, vol. 36, no. 7, pp. 10 649-10 656, 2009.
[10] M. Trojahn, F. Arndt, and F. Ortmeier, “Authentication with Keystroke Dynamics on Touchscreen Keypads-Effect of different N-Graph Combinations,” MOBILITY 2013 : The Third International Conference on Mobile Services, Resources, and Users Authentication, pp. 114-119, 2013.
[11] A. Buchoux and N. L. Clarke, “Deployment of keystroke analysis on a Smartphone,” in Proceedings of 6th Australian Information Security Management Conference, 2008, pp. 29-39.
[12] K. S. Balagani, V. V. Phoha, A. Ray, and S. Phoha, “On the discriminability of keystroke feature vectors used in fixed text keystroke authentication,” Pattern Recognition Letters, vol. 32, no. 7, pp. 10701080, 2011.
[13] P. Bours and E. Masoudian, “Applying keystroke dynamics on one-time pin codes,” 2nd International Workshop on Biometrics and Forensics, no. 200, pp. 1-6, 2014.
[14] H. Saevanee and P. Bhattarakosol, “Authenticating User Using Keystroke Dynamics and Finger Pressure,” 2009 6th IEEE Consumer Communications and Networking Conference, pp. 1-2, 2009.
[15] B. S. Saini, N. Kaur, and K. S. Bhatia, “Keystroke Dynamics for Mobile Phones: A Survey,” Indian Journal of Science and Technology, vol. 9, no. 6, pp. 1-8, 2016.
[16] L. Breiman, “Random Forests,” Machine Learning, vol. 45, no. 1, pp. 5−32,20015-32,2001.