typing pattern authentication techniques 3 rd quarter luke knepper
TRANSCRIPT
Typing Pattern Authentication Techniques
3rd Quarter
Luke Knepper
Agenda
Background Final Process Experimentation Current Results Goals
The Dilemma
Passwords can sometimes be suboptimal Advanced biometrics are expensive Need an alternative
A Solution
• Authenticate people by how they type
• Typing patterns differ by person
• Studies show that people can be authenticated by their typing patterns
• Cheap and flexible to implement
A Problem
• Usually will measure the user's keystrokes when typing in username & passwords
• Commercial packages available (ex. Psylock)
• However, uses static text (username & password) → easy to hack
• Need an improvement
The Fix
• Generate random text and record keystrokes while the user types it
• Not a static text segment → Makes it considerably harder to hack
Another Advantage
• What if another person jumps on the computer while you are logged in?
• Can continuously monitor the user's typing patterns during program use
• If a change is detected, system suspects an intruder and locks the user out
Background
Measures users' typing patterns, compares to a previous standard
Technique first used in WWII Works with ~90% Accuracy Usually implemented in a neural network
structure
Background
Process (front-end)
On account set-up, user will type large amounts of dynamic text
On subsequent log-ins, user will type smaller amount of dynamic text
User will still need to use username, password, etc.
Process (back-end)
Set-up data will be used to breed (i.e. train) a neural network
The optimal weight vector can be generated efficiently via back-propagation, genetic algorithms, parallel processing
Log-in data will be fed through neural network: result either meets threshold (admitted) or does not meet (rejected)
Continuous Authentication
• Uses same general process as log-in time authentication
• Measures the user's typing patterns while the system is in use
• Runs the typing data through the neural network at regular intervals
• Raise the warning level if a change is detected, lock out after critical point
Experimentation
Goals: Develop and test the accuracy of
different types of neural networks for this purpose
Develop and test log-in authentication application
Develop and test continuous authentication application
Experimentation
Neural Network Optimization:
1. Develop online data collection applet
2. Collect massive amounts of data
3. Use data to train multiple neural network types
4. Test different network types to determine accuracy of each type
Experimentation
Neural Network Optimization:
Will train a neural network for each data file collected
Sample data will be sent through the neural network
Success vs. Failure ratio will be measured and compared between different network types
Experimentation
Accuracy Testing:
1. Collect large number of test subjects
2. Subjects set up dummy accounts
3. Subjects attempt to log into their accounts and accounts of others on subsequent sittings (spaced out by 1 week and 1 month)
4. Measure final accuracy
Current Results
Proof-of-concept program Determines the mystery typer between two
known users Uses simple single-layer neural network Correct 18 / 20 = 90%
Current Results
Data collection Flash applet Shows user segment of dynamic text, asks
them to type it in a box below Records their keystroke times Sends keystroke data to server to be
stored in separate files Collected over 1,500 samples
Current Results
Keystroke data file format:
– For each keystroke, records the following:
Key-# / up-or-down / time-in-millis
Example: “65 U 22424”– Flexible format allows for different
characteristics to be measured (e.g. time between strokes or time of depression)
Current Results
Working on an automated testing system First will train neural networks of each type
for every data file as noted before Then will record the results of each neural
network through automated tested Finally will compute statistics for the
accuracy of the different types
Current Results
• Developped continuous authentication simulation program
• Simulates an instant-messaging session with an automated chat bot
• Asks the user questions and measures typing data for each response
• Locks the user out if a significant change is detected
Goals
Final program interface will be: Easily implementable Difficult to crack Accurate above 90% Will be combined with password security
to make inexpensive and secure system
Fin
Questions and wrap-up