Free-Text Keystroke Dynamics Authentication with a Reduced Need for Training and Language Independency
Total Page:16
File Type:pdf, Size:1020Kb
UNIVERSITY OF READING Free-Text Keystroke Dynamics Authentication with a Reduced Need for Training and Language Independency Submitted by: Arwa Alsultan Submitted for the Degree of Doctor of Philosophy Supervisor(s): Prof. Kevin Warwick & Dr. Hong Wei Department of Computer Science School of Mathematical, Physical and Computational Sciences September 2016 To my caring parents - Aljoharah & Fahad - who encouraged me during my educational journey since I was very young. I would not have been able to achieve any of this without their love and prayers. To my loving husband - Rawad - who stood by my side during this journey. He has never stopped believing in me and his love and support is the reason for all my success. i Declaration I confirm that this is my own work and the use of all material from other sources has been properly and fully acknowledged. Arwa Alsultan ii Acknowledgment I would like to express my deep appreciation to my supervisor Prof. Kevin Warwick for all the support he provided me with during my study. Without his guidance and continuous help, this research would not have been possible. I would also like to convey my sincerer gratitude to my supervisor Dr. Hong Wei for her guidance and encouragement throughout my research. She never stopped reassuring me and reinforcing me to achieve my goals. She was there when I needed her the most. I would like to thank Dr. Tristan Fletcher for granting me permission to use one of the figures produced by him in this thesis. I also would like to express my appreciation to Dr. Luis Gonzalo Sánchez Giraldo for his cooperation with the progressive MANOVA algorithm. He was very helpful and provided me with all the information I needed to use this algorithm. I wish to extend my thanks to the participants who were involved in this research for the time they took out of their busy schedules to contribute in this study. Finally, I would like to deeply thank my brothers & sisters, family members and friends for their continuous love and support. iii Abstract This research aims to overcome the drawback of the large amount of training data required for free-text keystroke dynamics authentication. A new key-pairing method, which is based on the keyboard’s key-layout, has been suggested to achieve that. The method extracts several timing features from specific key-pairs. The level of similarity between a user’s profile data and his or her test data is then used to decide whether the test data was provided by the genuine user. The key-pairing technique was developed to use the smallest amount of training data in the best way possible which reduces the requirement for typing long text in the training stage. In addition, non-conventional features were also defined and extracted from the input stream typed by the user in order to understand more of the users typing behaviours. This helps the system to assemble a better idea about the user’s identity from the smallest amount of training data. Non-conventional features compute the average of users performing certain actions when typing a whole piece of text. Results were obtained from the tests conducted on each of the key-pair timing features and the non-conventional features, separately. An FAR of 0.013, 0.0104 and an FRR of 0.384, 0.25 were produced by the timing features and non-conventional features, respectively. Moreover, the fusion of these two feature sets was utilized to enhance the error rates. The feature-level fusion thrived to reduce the error rates to an FAR of 0.00896 and an FRR of 0.215 whilst decision-level fusion succeeded in achieving zero FAR and FRR. In addition, keystroke dynamics research suffers from the fact that almost all text included in the studies is typed in English. Nevertheless, the key-pairing method has the advantage of being language-independent. This allows for it to be applied on text typed in other languages. In this research, the key-pairing method was applied to text in Arabic. The results produced from the test conducted on Arabic text were similar to those produced from English text. This proves the applicability of the key-pairing method on a language other than English even if that language has a completely different alphabet and characteristics. Moreover, experimenting with texts in English and Arabic produced results showing a direct relation between the users’ familiarity with the language and the performance of the authentication system. iv Glossary ACO Ant colony optimisation ANOVA Analysis of variance ATM Automatic teller machines DD Down-down time for a key-pair Di-graph Combination of two keys DSS Decision support systems DTs Decision trees EER Equal error rate FAR False accept rate FRR False reject rate GA Genetic algorithm GUI Graphical user interface H1 Hold time for the first key H2 Hold time for the second key LSA Percentage of left shifts released after letter LSB Percentage of left shifts released before letter MANOVA Multivariate analysis of variance ms Millisecond NegUD Percentage of negative up-down NegUU Percentage of negative up-up N-graph Combination of n keys NN Neural networks PCA Principal component analysis v PDA Personal digital assistants PSO Particle swarm optimization RBF Radial basis kernel ROC Receiver operating characteristic RSA Percentage of right shifts released after letter RSB Percentage of right shifts released before SVMs Support vector machine TAR True accept rate Tri-graph Combination of three keys UD Up-down time for a key-pair UU Up-up time for a key-pair WPM Word-per-minute vi Table of Contents Declaration............................................................................................................................................. ii Acknowledgment .................................................................................................................................. iii Abstract ................................................................................................................................................. iv Glossary ................................................................................................................................................. v Table of Contents ................................................................................................................................ vii List of Figures ...................................................................................................................................... xii List of Tables ...................................................................................................................................... xiv 1 Introduction ........................................................................................................................................ 1 1.1 Introduction ............................................................................................................................. 1 1.2 Overview of User Authentication ........................................................................................... 3 1.2.1 Knowledge-based Authentication ................................................................................... 5 1.2.2 Possession-based Authentication .................................................................................... 6 1.2.3 Biometric-based Authentication ..................................................................................... 6 1.2.4 Other Authentication Methods ........................................................................................ 7 1.2.5 Multi-factor Authentication ............................................................................................ 8 1.3 Problem Statement .................................................................................................................. 9 1.4 Aims and Objectives ............................................................................................................. 11 1.5 Thesis Structure .................................................................................................................... 11 2 Overview of Keystroke Dynamics .................................................................................................. 14 2.1 Introduction ........................................................................................................................... 14 2.2 Biometric Characteristic of Keystroke Dynamics ................................................................. 15 2.3 Phases of Keystroke Dynamics Authentication .................................................................... 16 2.4 Advantages and Limitations .................................................................................................. 17 2.5 Classes of Keystroke Dynamics ............................................................................................ 19 2.6 Keystroke Features ................................................................................................................ 22 2.7 Performance .......................................................................................................................... 25 2.8 State of the Art in the Area of Keystroke Dynamics Recognition ........................................ 29 2.8.1 Fixed-text Keystroke Dynamics .................................................................................... 30 2.8.2 Free-text Keystroke Dynamics ...................................................................................... 38 2.9 Factors Affecting Performance ............................................................................................