View
272
Download
0
Tags:
Embed Size (px)
Citation preview
Keystroke Dynamics
Jarmo Ilonen
Introduction Keystroke dynamics is a biometric based on
assumption that different people type in uniquely characteristic manners
Conceptually close to signature recognition History
19th century telegraph operators Advantages
Completely software based Very high user acceptance
“Reversing” process possible Snooping secure communications Cracking passwords
Features Often used
Latency between keystrokes Duration of keystroke, hold-time
Seldom used Overall typing speed Frequency of errors Habit of using additional keys (numpad…) Capital letters (order of releasing shift and
letter) Force of hitting keys (special keyboard
needed) Global or per keystroke/key-pair statistics
Example
Latencies between keystrokes when writing “password” by three persons
Measuring features Measuring easy
Key Press and Release events Timing them trivial
Challenges Users with widely differing typing skills Affected by alertness (sleepy, drunk, …) Injuries Holding coffee cup or phone at one hand Changing to different keyboard
Verification & identification Verification
User authenticated at log-in time Keystroke dynamics measured when
user writes username and password Identification
Used for continuous user authentication A background process watching the
user Potentially locks down the computer or
alerts the administration
Verification Computers with username/password
authentication Passwords are often easy to guess or find out
Motivation for keystroke dynamics Not enough for attacker to know username
and password Expensive to add key-cards or other
biometric systems Solution: Use keystroke dynamics
Verification Enrollment (new user or changed password)
Write username and password several times Create keystroke dynamics profile
No user-visible changes for login procedure Password and typing pattern must match
Widely studied, differences in used Features Classification method
Verification example… “Computer-access security systems using
keystroke dynamics” by S. Bleha et al. Using only username, no separate
password Username as signature
Based on latency between keystrokes Thirty last valid entries used as template Two classification methods used together
Minimum distance classifier Bayesian classifier User rejected if both fail
… results
Attackers had chance to observe valid users Majority of errors caused by minority of users
Not used to PC keyboards Inexperienced/slow writers easy to imitate
False reject rate False accept rate
(Type I error) (Type II error)
Total attempts 539 768
Errors 44 22
% error 8.1% 2.8%
Another verification example… “Verification of computer users
using keystroke dynamics” by M. S. Obaidat and B. Sadoun
Numerous classification methods tested
Tested with features Latencies between keystrokes Durations of keystrokes Both together
… results Keystroke durations
better than latencies between keystrokes, but both together the best choice
Neural methods better than statistical
0% type I and II errors at best
Identification Not useful replacement for
username/password authentication Background process continuously
identifying user Not too sensitive, but still recognize users fast If likelihood of unauthorized user rises to
certain point, alert administration or lock system
Very few scientific studies Only study found: using only average and
standard deviation of latency between keystrokes ⇒ works for 4 tested users
BioPassword User authentication system by US
company BioNet-systems Better known for NetNanny filtering software
Designed to replace default log-in system in Windows NT/2000/XP Installed on server and workstations Enrollment: write username/password 15
times, template stored on the server No user-visible changes to log-in procedure
BioPassword patent Very much like systems in scientific
studies Uses both latencies between
keystrokes and keystroke durations Classification method not revealed Templates stored in format which
would make continuous authentication simple But not used in real application (yet?)
Reviews of BioPasswordGood Did not generate false
rejects Unless a high security
setting was used Nor false accepts
Unless a very low security setting was used
On the whole, un-obtrusive and works well
Bad Writing username and
password 15 times Possible to by-pass with
RunAs-service Possibility of losing
administrator access in case of injury
Usually there are more than one administrator
Not suitable for heterogeneous systems (other operating systems)
Timing attacks on secure communications Guess what was written based on timings
of packets Information on keystroke dynamics
needed Collect from a specific user Assume they are same for all touch-typists
“Timing Analysis of Keystrokes and Timing Attacks on SSH” by D.X. Song et al. Main interest: cracking passwords
Capturing timing information
SSH sends packets immediately after keystrokes No responses when writing password Relatively easy to notice
Measuring latencies
Key-pairs divided to several classes Written with separate hands or fingers
Latencies between keys in key-pairs measured
Distributions follow Gaussian distribution Gaussian model created for all key-
pairs
Information gain from latency Upper bound for
information gained from latency
Average 1.2bits/character
Entropy 0.6-1.3 bits/character for written English, more for passwords
Relation between latencies and character sequence modeled as Hidden Markov Model
n-Viterbi algorithm used to solve n most likely states of HMM
Password cracking results Tested with real timing data of writing
8-character passwords Success measured by how large part of
password space tested before finding the password 50% without latency information
Results: average 2.7%, median 1.0% 50-fold decrease in needed time Days instead of months for cracking
Conclusions: Verification
Advantages Cheap, completely software based Works quite well in addition to
username/password Possibly also with PIN-codes
No major changes for users Good user acceptance
Mimicking others apparently not easy
Conclusions…
Disadvantages Not a stable biometric
Affected by almost everything “Learning” own password potentially a
problem Hard to implement in “real” computer
environments Too many different ways to log-in Possible to create a fake keyboard and input a
recorded key-sequence as username/password
Conclusions: Identification
Very few scientific studies Potential uses where un-authorized
persons could access computers in open areas Better to lock computer when not
used and/or use locks in doors
Conclusions: EavesdroppingEavesdropping secure communications Using keystroke dynamics in opposite
direction Potentially much faster password cracking Not a serious threat
Probably much easier ways to gain access Works only against good touch-typists
Measuring timings could be harder Adding random delays to packets Sending additional empty packets
Questions?