JOURNALOFCOMPUTING,VOLUME3,ISSUE6,JUNE2011,ISSN21519617 HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/ WWW.JOURNALOFCOMPUTING.

ORG

125

Password Authentication Method Using Keystroke Biometric

Dr. Manish Shrivastava
Department of Computer Science & Engineering Institute of Technology, Guru Ghasidas University, Bilaspur CG India

Abstract Authentication is the service that can be used to ensure that individuals accessing the system or network are authorized in other word the assurance that the communicating entity is the one that claim to be. On most system, the identification and authentication mechanism is a scheme that combines a user ID with password. Using key logger anyone know your password so we have to add some extra security measure for authentication I am proposing Keystroke Dynamics to enhance the security. Keystroke Dynamics is a particular instance of behavioural bio metrics that captures the typing style of a user. The dynamics of a users interaction with a keyboard input device yields quantitative information with respect to dwell time (how long a key is pressed) and time-of-flight (the time taken to enter successive keys). By collecting the dynamic aspects acquired even during the login process, one can develop a model that captures potentially unique characteristics that can be used for the identification of user. 1. INTRODUCTION Keystroke Dynamics is an emerging technology that promises an effective solution to our security needs. It can accurately identify or verify individuals based upon their unique behavioural characteristics. It is a key that can be customized to an individuals access needs, opening doors for one while keeping others out. We can use a biometric to access our home, our account, or to invoke a customized setting for any secure area or application.

In this paper, evidence is presented that indicates keystroke dynamics is a viable biometric-providing security on par with other methodologies. In addition, this security is afforded in a very low-profile manner that is acceptable by the majority of users virtually everyone is used to entering authentication details such as a login id and password. Keystroke dynamics captures typing characteristics such as keystroke durationtermed dwell time in the literature, and digraphs times-the latency between striking successive keys. These attributes are used to build a model of how a user types-stored as a reference profile. These models are then used by a variety of machine learning algorithms to determine whether or not the extracted details associated with a login attempt is similar enough to the reference profile for that user account. The deployment of keystroke dynamics based user authentication is no longer a novel concept. Keystroke dynamics is a particular instance of behavioural bio metrics that captures the typing style of a user. The dynamics of a users interaction with a keyboard input device yields quantitative information with respect to dwell time (how long a key is pressed) and time-of-flight (the time taken to enter successive keys). By collecting the dynamic aspects acquired even during the login process, one can develop a model that captures potentially unique characteristics that can be used for the identification of an individual. To facilitate the development of the model of how the user enters their details, an enrollment phase is required, when the user is asked to enter his/her login id/password until a steady value is obtained (usually limited to 10-15 trials-but this is implementation dependent).

JOURNALOFCOMPUTING,VOLUME3,ISSUE6,JUNE2011,ISSN21519617 HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/ WWW.JOURNALOFCOMPUTING.ORG

126

Once this data has been collected, a reference signature is generated for this user. The reference signature is then used to authenticate the user account on subsequent login attempts. The user with that particular login id/password combination has their keystroke dynamics extracted and then compared with the stored reference signature. If they are within a prescribed tolerance limitthe user is authenticated. If not-then the system or take some other suitable action. Keystroke Dynamics monitors , analyses and recognizes all keyboard behaviour performed by the user during his /her access in order to validate and verify the user s identity , and is one of the most unusual and innovative biometric technologies in use today . This technology examines such dynamics as speed, pressure, total time taken to type particular words , and the time elapsed between hitting certain keys . 2.EXISTING SYSTEM Identification require that the user be know by the system or network, usually based on assigned user ID. However, unless the user is authenticated, the system or network cannot trust the validity of users claim of identity, the use of authenticated by supplying something possessed only by the user(such as token), something only user knowns such as password, or finger print which make user unique. On most system, the identification and authentication mechanism is a scheme that combines a user ID with password. Authentication that relies on password often fails to provide adequate protection for system for a number of reasons first users can create password that are easy to remember and hence easy to guess. On the other hand, password generated from random character are difficult to guess but also difficult to remember. As result, user may write down such password it is possible one can find them and use them to gain access to the system or network.

3.PROPOSED SYSTEM A keystroke dynamics authentication system collects measurements as a user types a phrase on a keyboard . A first set of derived data values are computed based on the collected measurements , and then a second set of derived data values are computed based on the first set o f derived values . The first and second sets of derived values are used to construct a template for identifying the user based on his typing , and the generated template was stored on a database .

The proposed method involves collecting data that represents the biometric pattern of a user and converting this biometric data into a form that can be mathematically manipulated . This is followed by application of statistical methods to find an expression that defines the user s biometric traits , against which ( s ) he can then be authenticated in future . The algorithm aims to develop a system that has low False Acceptance and False Rejection Rates. Concepts regarding template formation involve the following

Keystroke Latencies Successive key presses and releases give rise to four types of key press latencies P - P (Press - Press ): It is the time interval between successive key presses . Physically it represents how fast the person type.

JOURNALOFCOMPUTING,VOLUME3,ISSUE6,JUNE2011,ISSN21519617 HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/ WWW.JOURNALOFCOMPUTING.ORG

127

P - R (Press - Release ): It is the time interval between the pressing of a key and releasing the same key . This is analogous to how hard one types , i.e. how much pressure is applied during typing.

Clustering Score Evaluation Authentication 4.STATISTICAL ANALYSIS

R- P (Release - Press ): It is the time interval between the release of a key and the pressing of the next key.

BIO - Passwords It is important to recognize that keystroke dynamics, when layered on user ID and password, incorporates the statistical probability of password access control. Using a statistical formula, we can represent the probability of a security breach with the use of passwords alone. Selecting a password randomly from 100 possible PC keyboard characters (upper and lower case) that is unknown to an unauthorized user, the probability of a successful password occurrence is P=(1/100)n Where "n" denotes the character length of the password. If the probability of selecting a proper password is independent of the probability of a security breach, then this will result in the probability of success as (1 - (1 (1 / 100)n)t) where t = the number of tries. The mathematical formula 1 - (1 / 100)n will essentially equate to zero, implying that without knowledge of the password, there is little or no chance of a security Unfortunately in the real world this is not the case. Users share their passwords; write them down, select easily guessed passwords and users seldom change them unless they are forced to do so. The vast majority of passwords can be determined far too easily by intruders especially if written on a post-it-note stuck to the computer. Keystroke Dynamics This technology provides a unique level of security for logon and passwords. Bio Password technology measures in milliseconds, the timing between keystrokes

R- R (Release - Release ): It is the time interval between the releases of two successive keys.

These four latencies collectively form a mathematical representation of the typing rhythm of a user . For the same user typing the same word , they are expected to have consistent patterns and not vary out of pre determined proportions . There are two primary functions offered by any biometric system. One is Identification, a one - to - many ( 1 : M ) matching process wherein a biometric sample is compared to a set of stored samples in a database. The other is Authentication , a one - to - one ( 1 : 1 ) matching process in which the biometric system compares an individuals biometric sample to previously enrolled data for that user The process of verification narrows the biometric database search by including other identifiers such as names or IDs. The algorithm developed for the proposed software was to incorporate biometric information into user authentication by utilizing the login/password authentication procedure for identifying users, the biometric information about the typing characteristics of the user have been also incorporated. For successful authentication it is not sufficient if only the passwords match, but in addition the typing rhythm of the user trying to log in must cope with those of the actual user. The testing technique has been made up of the following distinct stagesTemplate Formation

JOURNALOFCOMPUTING,VOLUME3,ISSUE6,JUNE2011,ISSN21519617 HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/ WWW.JOURNALOFCOMPUTING.ORG

128

using our proprietary algorithms to generate the biometric signature. If "P" equals .01% or .0001 based on decision criteria mentioned earlier then following table shows the tries vs. probability of a security breach based on binomial distribution of P=.001. . t (tries) 1 3 5 7 9 100 Probability Breach .00001 .00003 .00005 .00007 .00009 .001 of the the the the

successful keystroke dynamics match. This is certainly a deterrent. User ergonomics and environmental created issues, such as user position, hands to keyboard geometry, artificial or enhanced nails, digital dexterity, physical ailments (arthritis, swelling, and injury, as examples,) or protective layers (including bandages, gloves, and keyboard membrane covers) can create influencing variables preventing successful Bio Password logon. Fortunately, the Bio Password administrator has the ability and control to modify the tolerance range of acceptance allowing logon on an individual need basis. 5.CONCLUSION Keystroke Dynamics analyzes the way a user types at a terminal by monitoring the keyboard inputs thousands of times per second, and aims to identify users based on certain habitual typing rhythm patterns. When a person types, the latencies between successive keystrokes, keystroke durations, finger placement and applied pressure on the keys can be used to construct a unique signature for that individual. For well - known, regularly typed strings, such signatures can be quite consistent. The key advantages in applying keyboard dynamics is that the dev ice used in this system, the keyboard, is unobtrusive and does not detract from one s work. Enrollment as well as identification goes undetected by the user. Another inherent benefit to using keystroke dynamics is that it does not involve the development of new hardware (as is required in case of authentication using iris scan or fingerprints ) and hence building the system is inexpensive . 6.REFERENCES 1. N. Roiter, Keystroke Recognition Aids Online Authentication at Credit Union, Information Security Magazine, April 2008. 2 J. Pfost, The Science Behind Keystroke Dynamics: Biometric Technology Today, February, 2007, vol . 15.

Security

When the probability of a security breach, in the above example, is multiplied times factors in the above table, one can see that even with full knowledge of someones password, the security of a system is still within the acceptable limits because of keystroke dynamics. The proper design of a keystroke dynamics security system can provide additional deterrents to an impostor. An example of the effectiveness of a keystroke dynamics device can be assessed using the following assumption: Login Name = Known! Password = Known! Decision point = .01% or False rejection = 3% Tries before lockout = 6 Lock out time 5 mines Every 6 attempts result in a probability of 1 in .0006 of successful access or 6 times in 10,000 tries! The system locks for 5 minutes every sixth try, or must be released by the system administrator, who would notice the attempt. If a 5-minute lockout were implemented, the system would be locked for (10,000/6) x 5 minutes or approximately 140 hours before a

JOURNALOFCOMPUTING,VOLUME3,ISSUE6,JUNE2011,ISSN21519617 HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/ WWW.JOURNALOFCOMPUTING.ORG

129

3. K. Revett, A Bioinformatics Based Approach to Behavioural Biometrics, pp 665670, Frontiers in the Convergence of Bioscience and Information Technologies 2007. 4. Andersen, Biometric Authentication and Identification using Keystroke Dynamics with Alert Levels, M.Sc. thesis, Oslo University College, Oslo, Norway, May 2007. 5. A. Guven and I. Sogukpinar, Understanding Users Keystroke Patterns for Computer Access Security, Research Paper, Dogus University, Istanbul, Turkey, 2003. 6. F. Monrose and A. D. Rubin, Keystroke Dynamics as a Biometric for Authentication, Research Paper, AT&T Lab, Amsterdam, The Netherlands, 2000.

Author Manish Shrivastava Head Department of Computer Science & Engineering, Institute of Technology, Guru Ghasidas University, Bilaspur, obtained his M. Tech. Degree from DAVV, Indore, and Ph. D. From Guru Ghasidas University, Bilaspur. He has about thirteen years of teaching and research experience, he has a number of papers in various national and international journals to his credit. His field of interest is network security, life member, Indian Society for Technical Education.