Applying Keystroke Dynamics for Personal Authentication

Abstract: With the establishment of the information society, security had become the greatest concern for Institutions transacting business over the Internet. Home banking and on-line brokerage applications currently, use basic software-only security functions for the internet such as server authentications and Secure Sockets layer. Higher levels of protections are being achieved with Smart card based authentication schemes and transaction protocols. Password based security identifies users based on what they know – the password or PIN, which can be guessed, hacked, found or stolen. Smart Cards, tokens and badges identify users based on what they have which can also be lost, loaned or stolen. The objective of the thesis was to design and implement a biometric authentication scheme by means of keystroke dynamics to secure web applications. The scheme illustrates the effect of the template size and the number of biometric features used to improve performance of FAR, FRR and EER. The enrolment process is devoid of spurious outliers that may introduce significant variations to template data. Due to the dependence of the system on the user’s psychological characteristics, the adaptation module introduces dynamism into the template features per changes in the legitimate user’s login template variants. At the quest of attaining a zero bias in statistical variants, an off-line simulator tool was designed to regenerate impostor and genuine data set obtained from live users and set as input to the system. The report includes an architectural description of the system, conceptual models and analysis of field data of over 200 samples.