Presentation is loading. Please wait.

Presentation is loading. Please wait.

Keystroke Dynamics Jarmo Ilonen. Structure of presentation Introduction Keystroke dynamics for Verification Identification Commercial system: BioPassword.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Keystroke Dynamics Jarmo Ilonen. Structure of presentation Introduction Keystroke dynamics for Verification Identification Commercial system: BioPassword."— Presentation transcript:

1 Keystroke Dynamics Jarmo Ilonen

2 Structure of presentation Introduction Keystroke dynamics for Verification Identification Commercial system: BioPassword Eavesdropping secure communications Conclusions

3 Introduction Keystroke dynamics is a biometric based on assumption that different people type in uniquely characteristic manners Conceptually close to signature recognition History 19 th century telegraph operators Advantages Completely software based Very high user acceptance “Reversing” process possible Snooping secure communications Cracking passwords

4 Features Often used Latency between keystrokes Duration of keystroke, hold-time Seldom used Overall typing speed Frequency of errors Habit of using additional keys (numpad…) Capital letters (order of releasing shift and letter) Force of hitting keys (special keyboard needed) Global or per keystroke/key-pair statistics

5 Example Latencies between keystrokes when writing “password” by three persons

6 Measuring features Measuring easy Key Press and Release events Timing them trivial Challenges Users with widely differing typing skills Affected by alertness (sleepy, drunk, …) Injuries Holding coffee cup or phone at one hand Changing to different keyboard

7 Verification & identification Verification User authenticated at log-in time Keystroke dynamics measured when user writes username and password Identification Used for continuous user authentication A background process watching the user Potentially locks down the computer or alerts the administration

8 Verification Computers with username/password authentication Passwords are often easy to guess or find out Motivation for keystroke dynamics Not enough for attacker to know username and password Expensive to add key-cards or other biometric systems Solution: Use keystroke dynamics

9 Verification Enrollment (new user or changed password) Write username and password several times Create keystroke dynamics profile No user-visible changes for login procedure Password and typing pattern must match Widely studied, differences in used Features Classification method

10 Verification example… “Computer-access security systems using keystroke dynamics” by S. Bleha et al. Using only username, no separate password Username as signature Based on latency between keystrokes Thirty last valid entries used as template Two classification methods used together Minimum distance classifier Bayesian classifier User rejected if both fail

11 … results Attackers had chance to observe valid users Majority of errors caused by minority of users Not used to PC keyboards Inexperienced/slow writers easy to imitate False reject rateFalse accept rate (Type I error)(Type II error) Total attempts539768 Errors4422 % error8.1%2.8%

12 Another verification example… “Verification of computer users using keystroke dynamics” by M. S. Obaidat and B. Sadoun Numerous classification methods tested Tested with features Latencies between keystrokes Durations of keystrokes Both together

13 … results Keystroke durations better than latencies between keystrokes, but both together the best choice Neural methods better than statistical 0% type I and II errors at best

14 Identification Not useful replacement for username/password authentication Background process continuously identifying user Not too sensitive, but still recognize users fast If likelihood of unauthorized user rises to certain point, alert administration or lock system Very few scientific studies Only study found: using only average and standard deviation of latency between keystrokes ⇒ works for 4 tested users

15 BioPassword User authentication system by US company BioNet-systems Better known for NetNanny filtering software Designed to replace default log-in system in Windows NT/2000/XP Installed on server and workstations Enrollment: write username/password 15 times, template stored on the server No user-visible changes to log-in procedure

16 BioPassword patent Very much like systems in scientific studies Uses both latencies between keystrokes and keystroke durations Classification method not revealed Templates stored in format which would make continuous authentication simple But not used in real application (yet?)

17 Reviews of BioPassword Good Did not generate false rejects Unless a high security setting was used Nor false accepts Unless a very low security setting was used On the whole, un-obtrusive and works well Bad Writing username and password 15 times Possible to by-pass with RunAs-service Possibility of losing administrator access in case of injury Usually there are more than one administrator Not suitable for heterogeneous systems (other operating systems)

18 Timing attacks on secure communications Guess what was written based on timings of packets Information on keystroke dynamics needed Collect from a specific user Assume they are same for all touch-typists “Timing Analysis of Keystrokes and Timing Attacks on SSH” by D.X. Song et al. Main interest: cracking passwords

19 Capturing timing information SSH sends packets immediately after keystrokes No responses when writing password Relatively easy to notice

20 Measuring latencies Key-pairs divided to several classes Written with separate hands or fingers Latencies between keys in key-pairs measured Distributions follow Gaussian distribution Gaussian model created for all key-pairs

21

22 Information gain from latency Upper bound for information gained from latency Average 1.2bits/character Entropy 0.6-1.3 bits/character for written English, more for passwords Relation between latencies and character sequence modeled as Hidden Markov Model n-Viterbi algorithm used to solve n most likely states of HMM

23 Password cracking results Tested with real timing data of writing 8- character passwords Success measured by how large part of password space tested before finding the password 50% without latency information Results: average 2.7%, median 1.0% 50-fold decrease in needed time Days instead of months for cracking

24 Conclusions: Verification Advantages Cheap, completely software based Works quite well in addition to username/password Possibly also with PIN-codes No major changes for users Good user acceptance Mimicking others apparently not easy

25 Conclusions… Disadvantages Not a stable biometric Affected by almost everything “Learning” own password potentially a problem Hard to implement in “real” computer environments Too many different ways to log-in Possible to create a fake keyboard and input a recorded key-sequence as username/password

26 Conclusions: Identification Very few scientific studies Potential uses where un-authorized persons could access computers in open areas Better to lock computer when not used and/or use locks in doors

27 Conclusions: Eavesdropping Eavesdropping secure communications Using keystroke dynamics in opposite direction Potentially much faster password cracking Not a serious threat Probably much easier ways to gain access Works only against good touch-typists Measuring timings could be harder Adding random delays to packets Sending additional empty packets

28 Questions?

Download ppt "Keystroke Dynamics Jarmo Ilonen. Structure of presentation Introduction Keystroke dynamics for Verification Identification Commercial system: BioPassword."

Similar presentations

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.

CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.
ATTACKING AUTHENTICATION The Web Application Hacker’s Handbook, Ch. 6 Presenter: Jie Huang 10/31/2012.

ATTACKING AUTHENTICATION The Web Application Hacker’s Handbook, Ch. 6 Presenter: Jie Huang 10/31/2012.
Software Certification and Attestation Rajat Moona Director General, C-DAC.

Software Certification and Attestation Rajat Moona Director General, C-DAC.
Non-Text Passwords CRyptography Applications Bistro Jessica Greer February 12, 2004.

Non-Text Passwords CRyptography Applications Bistro Jessica Greer February 12, 2004.
Detecting Computer Intrusions Using Behavioral Biometrics Ahmed Awad E. A, and Issa Traore University of Victoria PST’05 Oct 13,2005.

Detecting Computer Intrusions Using Behavioral Biometrics Ahmed Awad E. A, and Issa Traore University of Victoria PST’05 Oct 13,2005.
Secure Shell – SSH Tam Ngo Steve Licking cs265. Overview Introduction Brief History and Background of SSH Differences between SSH-1 and SSH- 2 Brief Overview.

Secure Shell – SSH Tam Ngo Steve Licking cs265. Overview Introduction Brief History and Background of SSH Differences between SSH-1 and SSH- 2 Brief Overview.
95752:3-1 Access Control. 95752:3-2 Access Control Two methods of information control: –control access –control use or comprehension Access Control Methods.

95752:3-1 Access Control :3-2 Access Control Two methods of information control: –control access –control use or comprehension Access Control Methods.
1 Authentication CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 11, 2004.

1 Authentication CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 11, 2004.
PALM VEIN TECHNOLOGY.

PALM VEIN TECHNOLOGY.
Chapter 11 Integration Information Instructor: Prof. G. Bebis Represented by Reza Fall 2005.

Chapter 11 Integration Information Instructor: Prof. G. Bebis Represented by Reza Fall 2005.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Authentication for Humans Rachna Dhamija SIMS, UC Berkeley DIMACS Workshop on Usable Privacy and Security Software July 7, 2004.

Authentication for Humans Rachna Dhamija SIMS, UC Berkeley DIMACS Workshop on Usable Privacy and Security Software July 7, 2004.
1 Securing Passwords Against Dictionary Attacks Base on an article by Benny Pinkas & Tomas Sander 2002 Presented by Tomer Conforti.

1 Securing Passwords Against Dictionary Attacks Base on an article by Benny Pinkas & Tomas Sander 2002 Presented by Tomer Conforti.
Marjie Rodrigues 411154.

Marjie Rodrigues
Biometric Authentication Presenter: Yaoyu, Zhang Presenter: Yaoyu, Zhang.

Biometric Authentication Presenter: Yaoyu, Zhang Presenter: Yaoyu, Zhang.
Key-Stroke Timing and Timing Attack on SSH Yonit Shabtai and Michael Lustig supervisor: Yoram Yihyie Technion - Israel Institute of Technology Computer.

Key-Stroke Timing and Timing Attack on SSH Yonit Shabtai and Michael Lustig supervisor: Yoram Yihyie Technion - Israel Institute of Technology Computer.
Biometrics: Ear Recognition

Biometrics: Ear Recognition
SSH Secure Login Connections over the Internet

SSH Secure Login Connections over the Internet
Dr. John P. Abraham Professor UTPA.  Particularly attacks university computers  Primarily originating from Korea, China, India, Japan, Iran and Taiwan.

Dr. John P. Abraham Professor UTPA.  Particularly attacks university computers  Primarily originating from Korea, China, India, Japan, Iran and Taiwan.

Similar presentations

Ads by Google