Keystroke Dynamics for Authentication Based on ...

Download PDF
90 downloads 0 Views 2MB Size Report
Comment
Krishna Sankar. 1PG Student, ,Department of CSE, K S R Institute for Engineering and Technology. Tiruchengode,Tamil Nadu, India vshanmugavallibe@gmail.
IJRIT International Journal of Research in Information Technology, Volume 1, Issue 12, December, 2013, Pg. 67-74

International Journal of Research in Information Technology (IJRIT)

www.ijrit.com

ISSN 2001-5569

Keystroke Dynamics for Authentication Based on Biometrics for Convincing User 1

1

V.Shanmugavalli, 2 V.Chandrasekar , 3P.Krishna Sankar

PG Student, ,Department of CSE, K S R Institute for Engineering and Technology Tiruchengode,Tamil Nadu, India [email protected]

2

Assistant Professor,Department of CSE, Vivekanadha College of Technology for Women Tiruchengode,Tamil Nadu, India [email protected]

3

Assistant Professor, Department of CSE, K S R Institute for Engineering and Technology Tiruchengode,Tamil Nadu, India [email protected]

Abstract User authentication is to prevent the unauthorized access based on username and password, but it has less security because of the possibilities of hackers can easily stolen the password of the legitimate users. Biometric technologies are providing more security since they provide more reliable and efficient means of authentication and verification. We present a novel approach for user authentication based on fingerprint and the keystroke dynamics of the password entry. The authentication process is done via 3 ways. 1) Login credential based on Username and password; 2) Finger print; 3) Keystroke Dynamics (patterns of rhythm and timing created when person types via keyboard).Proposed approach is a multimodal biometric authentication system. Keywords – Biometric technology, finger print, keystroke dynamics, user authentication, multimodal biometric authentication I.INTRODUCTION The first and foremost step in preventing unauthorized access is user Authentication. User authentication is the process of verifying claimed identity. The authentication is accomplished by matching some short-form indicator of identity, such as a shared secret that has been pre-arranged during enrollment or registration for authorized users. This is done for the purpose of performing trusted communications between parties for computing applications. Conventionally, user authentication is categorized into three classes [4]: • Knowledge - based, V.Chandrasekar, IJRIT

67

• Object or Token - based, • Biometric - based. The following Figure 1. Shows the different classification of user authentication methods. The knowledge-based authentication is based on something one knows and is characterized by secrecy. The examples of knowledge-based authenticators are commonly known passwords and PIN codes. The object-based authentication relies on something one has and is characterized by possession.

Biometric technologies are defined as automated methods of verifying or recognizing the identity of a living person based on a physiological or behavioral characteristics [3]. Biometrics technologies are gaining popularity due to the reason that when used in conjunction with traditional methods of authentication they provide an extra level of security. Biometrics involves something a person is or does. These types of characteristics can be approximately divided into physiological and behavioral types [4]. Physiological characteristics refer to what the person is, or, in other words, they measure physical parameters of a certain part of the body. Some examples are Fingerprints, Hand Geometry, Vein Checking, Iris Scanning, Retinal Scanning, Facial Recognition, and Facial Thermo gram. Behavioral characteristics are related to what a person does, or how the person uses the body. Voiceprint, gait recognition, Signature Recognition, Mouse Dynamics and keystroke dynamics, are good examples of this group. Keystroke dynamics is the detailed timing information that describes exactly when each key was pressed and when it was released as a person is typing at a computer keyboard. Keystroke dynamics is considered as a strong behavioral Biometric based Authentication system [2]. It is a process of analyzing the way a user types at a terminal by monitoring the keyboard in order to identify the users based on habitual typing rhythm patterns. Moreover, unlike other biometric systems, which may be expensive to implement, keystroke dynamics is almost free as the only hardware required is the keyboard. We organized the paper as follows. In Section II we give background on Physical biometric authentication system for finger print and Behavioral biometric authentication for keystrokes. In Section III we give proposed system about multimodal biometric authentication system. We conclude in Section IV. II. EXISTING SYSTEM A.PHYSICAL BIOMETRIC AUTHENTICATION SYSTEM

V.Chandrasekar, IJRIT

68

The increasing demand for reliable human identification system in large- scale government and civil application has boosted interested in the controlled, scientific testing and evaluation of Biometric system. The original finger print must be preprocessed in order to achieve high classification ratio. In the proposed system, original image is binarized, then the image is thinned using Block filter technique, finally set of interest lines, ridge endings and ridge bifurcations from the input finger print images, minutiae are extracted [5,6], and spurious elements in the original image were eliminated. The template has been created based on the feature extracted from the original finger print image. Disadvantages: Moreover, the accuracy of biometric-based systems may be affected by various factors: If a fingerprint is changed by a cut, a burn, or its moisture level, the system may fail to identify that person; the retina may be influenced by health problems, such as glaucoma and high blood pressure, which are known to change the retina in subjects. Additionally, when physical biometrics, such as fingerprints, are stolen, not only can they be used to falsely incriminate the innocent but also the legitimate owner cannot change them to prevent future impersonation attempts, whereas a compromised password can simply be replaced to prevent such attempts. Finally, acquisition of the biometric features may annoy the user since it requires interaction with special hardware [1]. B. BEHAVIORAL BIOMETRIC AUTHENTICATION SYSTEM Behavioral biometric authentication systems (BBASs) provide a cheap and effective security approach that complements password-based authentication methods. Most BBASs use keyboard or mouse behavioral characteristics. In this paper, we focus on keyboard behavioral characteristics. Combining regular password authentication with biometric authentication. Namely, even if a password is stolen by a hacker, the password needs to be typed in the same manner it is typed by its rightful owner. [1]

Fig.2 User enrollment in behavioral biometric user authentication systems. Generally, biometric-based user authentication systems consist of the following modules: 1) Event recording module—captures events generated by user interaction with the input devices, e.g., keyboard and mouse; 2) Feature Extraction module—extracts features from the captured events such as the time each key was pressed and organizes them in a vector; 3) Classifier—during the construction, the classifier is trained according to the feature vectors. During identification, the constructed classifier is used to confirm the identity of the user according to feature vectors extracted from her keystrokes. A wide variety of classifiers may be chosen, e.g., decision trees, artificial neural networks and support vector machines to name a few; 4) Database—contains the behavioral characteristics of the users together with the classifiers.

V.Chandrasekar, IJRIT

69

Fig.3 Keystroke features: (a) Dwell time. (b) Latency. (c) Flight time. And (d) Up to up. Generally parameter of the keystroke parameter is consists of the following: [1] • • • •

Dwell time is the time duration between a key is pressed and released (See Fig 3 (a)) Latency time is the time duration in between releasing a key and pressing the next key(See Fig 3 (b)) Flight time is the time duration in between pressing a key and pressing the next key (See Fig 3 (c)) Up to up time is the time duration in between releasing a key and releasing the next key (See Fig 3 (d))

III PROPOSED SYSTEM. Multi model biometric system are those that utilize more than one physiological or behavioral characteristics for enrollment, verification or identification. This section describes multi modal biometric system of Keystroke based authentication system together with fingerprint authentication. In this paper, we are combining the results of finger print and keystroke authentication to improve system performance. Figure 4 shows a block diagram of the multimodal biometric authentication system based on fingerprint and keystroke.

V.Chandrasekar, IJRIT

70

Fig. 4 Multimodal Biometric authentication system using fingerprint and keystroke dynamics There is two stage. 1. Enrollment period (Training period), 2. Verification period. In the first stage (enrollment period), First step is the users who we need to provide the authentication is to scan there fingerprints though finger print scanner, then the finger print image of the users are stored in database, In the training period the same users are need to type there Username and Password for 10 times, The keystroke features are extracted from these typed password and stored it into the database. In the second stage (verification period), the user who we need to provide the authentication is to scan his fingerprint through the fingerprint scanner from that the fingerprint image is captured and features are extracted (For feature extraction we can use the SURF algorithm), this is compared with the already stored template. If it is not matches we simply reject the user, if it is matches then the user will go to the next phase, i.e. they will type his user name and password based on the login credential we will check the username and password if it is matches we will proceed further, from the typed password the keystroke features (Dwell time and Latency time) are extracted and compared with the already stored template. If it is matches then we can accept those users (We can call them as authenticated user) otherwise we will reject those users. By use of k-means algorithm we can cluster the data, based on Euclidean distance find similarity between the keystroke dynamics of their corresponding password entry. A wide variety of classifiers may be chosen, example decision trees [3], artificial neural networks and support vector machine [7]. A. KEYSTROKE FEATUTRE EXTRACTION The keystroke is captured based on the user’s typing the password in number of times. In our experiment we have taken 10 times the user is typing their passwords and also dwell time and latency time for keystroke feature. The keystroke information is stored in milliseconds. By calculating mean and standard deviation we can extract the feature. The values are calculated in the following equation, Mean (µ i ) = (1/N) ∑ X[i], where i = 1 to N, Standard deviation (σi) = [(1/N-1) ∑ (X[i] - µ i)2]1/2 Where i = 1 to N. (no. of words typed), X[i] is each dwell time or latency time, µ i is mean value.

IV SIMULATION RESULT Simulation result is taken from the bench mark dataset. In our experiment the result is taken for 100 users. To ensure the comparability of the typing pattern of the different users we have instructed to try with common password and the result shown for the password of “try-mbs”. It is shown in the following table 1.

V.Chandrasekar, IJRIT

71

Table. 1 Calculation of Mean and Standard deviation value of Latency time for single user Table. 1 value shows the Calculation of mean and standard deviation values for single user of latency time. Example, µ i = (94+234+532+687+375+422+47) /7 = 341.5714 Likewise we can calculate the standard deviation also. For feature subset selection there are some of the algorithms are used they are Ant Colony Optimization (ACO), Genetic algorithm (GA). We can see the result for GA algorithm. In this method we are selecting optimized feature from ‘N’ number of feature, why we are doing this is during the verification phase, it takes more time to verify all the feature, in order to minimize the time complexity .

Table. 2 Result for GA pattern Table. 2 shows that the best results achieved was population composed of 90 individual. The classification error was 2.87% with an FRR of 2.50% and an FAR of 0.37%. Table 2 shows as population size increases the classification error rate dimishes until stabilizing at a population size of 90 and again it was increases. So the classification error will not increase or decrease based on the population size.

V.Chandrasekar, IJRIT

72

IV.CONCLUSION Thus the novel approach for authentication of the user based on fingerprint, login credential based on password and login according to the biometric characteristics based on keystrokes of the password entry was created. There are three phases and two stages are used to design the user authentication model based on keystroke and fingerprints. The phases are Finger prints, Login credential based on username and password and. Keystroke dynamics of the password entry and also two stages are enrollment period (Training period) and Verification period. Based on multi model biometric approach there is additional level security is provided. By implementing three way securities in the proposed work, the security will be more accurate than the existing system. Based on the finger print and keystroke dynamics, Biometric authentication process comes in reality. V. REFERENCES: [1] AlonSchclar, LiorRokach, Adi Abramson, and Yuval Elovici, “User Authentication Based on Representative Users”, IEEE transactions on systems, man, and cybernetics—part c: applications and reviews, vol. 42, no. 6, November 2012 1669. [2] Ahmed Awad E. Ahmed, and IssaTraore, “Anomaly Intrusion Detection based on Biometrics”, Proceedings of the IEEE, 2005. [3] Anil K. Jain, Arun Ross and Salil Prabhakar2, “An Introduction to Biometric Recognition”, IEEE Transactions on Circuits and Systems for Video Technology, Special Issue on Image- and Video-Based Biometrics, Vol. 14, No. 1, January 2004. [4] Lawrence O’Gorman, “Comparing Passwords, Tokens, and Biometrics for User Authentication”, Proceedings of the IEEE, Vol. 91, No. 12, Dec, pp. 2019-2040, 2003. [5] De-Song Wang, Jian-Ping Li, “A New Fingerprint -Based Remote User Authentication Scheme Using Mobile Devices , Apperceiving Computing And Intelligence Analysis”, 2009. ICACIA 2009. Page(S): 65 – 68 , Chengdu, China. [6] Jea.T.Y and Govindaraju V, “A minutia-based partial fingerprint recognition system”, Pattern Recognition, vol.38, pp. 1672-1684, 2005. [7] V. N. Vapnik, “The Nature Of Statistical Learning Theory”, NewYork:Springer-Verlag, 2000. [8] Ahmed, A. and Traore, I. (2013) ‘Biometric Recognition Based on Free-Text Keystroke Dynamics’, IEEE Transactions on Cybernetics. [9] Chang, J.M., Kelly, N. (2013) ‘Capturing Cognitive Fingerprints from Keystroke Dynamics’, IEEE IT Professional , vol. 15, pp.24-28. [10] Deutschmann, I., Nordstrom, P. and Nilsson, L. (2013)‘Continuous Authentication Using Behavioral Biometrics’, IEEE IT Professional, Vol.15, pp.12-15. [11] Gunett,i. D. and Picardi, C. (2005) ‘Keystroke Analysis of Free Text’, ACM Trans. Information and Syst., Sec., Vol.8, No.3, pp.312-347. [12] Hosseinzadeh, D. and Krishnan, S. (2008) ‘Gaussian mixture modeling of keystroke patterns for biometric applications’,IEEE Trans. Syst., Man, Cybern. C, Appl. Rev., vol. 38, no. 6, pp. 816–826. [13] Jain, A.K. and Pankanti, S. (2006)‘Biometric authentication systems for credit cards could put identity thieves out of business’, IEEE Spectr., vol. 43, no. 7, pp. 22–27. V.Chandrasekar, IJRIT

73

[14] Killourhy, K.S. and Maxion, R.A. (2009) ‘Comparing anomaly detectors for keystroke dynamics’, in Proc. 39th Annu. Int. Conf. Dependable Syst. Netw., Lisbon, Portugal, pp. 125–134. [15] Lívia, C. F. and Ling, L. L. (2005) ‘User Authentication Through Typing BiometricsFeatures’, IEEE Trans. Signal Processing., vol. 53, no. 2, pp. 851–855. [16] Monrose, F. and Rubin, A. D. (2000) ‘Keystroke dynamics as a biometric for authentication’, Elsevier Future Generation Computer Systems, pp.351-355. [17] Peacock, A., Ke, X. and Wilkerson, M. (2004) ‘Typing patterns: A key to user identification’,IEEE Security Privacy, vol. 2, no. 5, pp. 40–47. [18] Revett, K., Magalhaes, P. S. and Santos, H. M. D. (2005) ‘Developing a keystroke dynamics based agent using rough sets’, presented at the IEEE/WIC/ACM Int. Joint Conf. Web Intell. Intell.Agent Technol., Compiegne University of Technology, Compiegne, France. [19] Senathipathi, K. and Batri, K. (2012) ‘Keystroke Dynamics Based Human Authentication System Genetic Algorithm’, European Journal of Scientific Research, ISSN 1450-216X, Vol.82, No.3 , pp.446-459. [20] Shanmugapriya, D.and Padmavathi, G. (2009) ‘A Survey of Biometric keystroke Dynamics:Approaches, Security and Challenges’, IJCSIS ISSN 1947-5500, Vol. 5, No. 1, pp.115-119. [21] Shanmugapriya, D. andPadmavathi, G. (2011) ‘VirtualKeyforce - A New Feature for Keystroke’,IJESTISSN 0975-5462, Vol. 3, No. 10, pp.7738-7743. [22] Villani, M., Tappert,C. and Ngo, G. (2006) ‘Keystroke Biometric Recognition Studies on Long-Text Input under Ideal and Application-Oriented Conditions’, Proc. Conf. Comp Vision. Pattern Recognition. [23] Wu, X., Zhang, D, and Wang, K. (2006) ‘Palm line extraction and matching for personal authentication’,IEEE Trans. Syst., Man, Cybern. A, Syst. Humans, vol. 36, no. 5, pp. 978–987. [24] Yager, N. and Dunstone, T. (2010) ‘The Biometric Menagerie’, IEEE Trans. Pattern analysis and machine Intl, vol. 32, NO. 2, pp.220-230. [25] Yong, S., Phoha, V. V. and Rovnyak, S. M. (2005) ‘A parallel decision tree-based method for user authentication based on keystroke patterns’, IEEE Trans. Syst., Man, Cybern. B, Cybern., vol. 35, no. 4, pp. 826– 833.

V.Chandrasekar, IJRIT

74