Evaluating the Reliability of Credential Hardening through Keystroke Dynamics

Nick Bartlow, Bojan Cukic
2006 Proceedings - International Symposium on Software Reliability Engineering  
Most computer systems rely on usernames and passwords as a mechanism for authentication and access control. These credential sets offer weak protection to a broad scope of applications with differing levels of sensitivity. Traditional physiological biometric systems such as fingerprint, face, and iris recognition are not readily deployable in remote authentication schemes. Keystroke dynamics provide the ability to combine the ease of use of username / password schemes with the increased
more » ... thiness associated with biometrics. Our research extends previous work on keystroke dynamics by incorporating shift-key patterns. The system is capable of operating at various points on a traditional ROC curve depending on application specific security needs. A 1% False Accept Rate is attainable at a 14% False Reject Rate. An Equal Error Rate of 5% is suitable for systems requiring a relatively low security. As a username password authentication scheme, our approach decreases the system penetration rate associated with compromised passwords by 95%-99%. Said performance measures can be further improved through optimization of the classification algorithm on a user specific basis.
doi:10.1109/issre.2006.25 dblp:conf/issre/BartlowC06 fatcat:reuysb62ofdpto2f5y7yzkeb6u