Dynamic Authentication of Typing Patterns 2nd Quarter Luke Knepper

Agenda Background Final Process Experimentation Current Results Goals

The Dilemma Passwords are outdated Advanced biometrics are expensive Need an alternative

A Solution Authenticate people by how they type Typing patterns differ by person Studies show that people can be authenticated by their typing patterns Cheap and flexible to implement

The Problem Usually will measure the user's keystrokes when typing in username & passwords Commercial packages available However, uses static text (username & password) → easy to hack Need an improvement

The Fix Generate random text and record keystrokes while the user types it Not a static text segment → Makes it considerably harder to hack No research found on dynamic text segments

Background Measures users' typing patterns, compares to a previous standard Technique first used in WWII Works with ~90% Accuracy Usually implemented in a neural network structure

Background

Process (front-end) On account set-up, user will type large amounts of dynamic text On subsequent log-ins, user will type smaller amount of dynamic text User will still need to use username, password, etc.

Process (back-end) Set-up data will be used to breed (i.e. train) a neural network The optimal weight vector can be generated efficiently via back-propagation, genetic algorithms, parallel processing Log-in data will be fed through neural network: result either meets threshold (admitted) or does not meet (rejected)

Experimentation Requirements: Must develop optimal neural network and threshold value for back-end Must develop optimal GUI / Corpus size Must determine accuracy

Experimentation Neural Network Optimization: Develop online data collection applet Collect massive amounts of data Use data to train multiple neural network types Test different network types to determine optimal network and threshold

Experimentation Neural Network Optimization: Will train a neural network for each data file collected Sample data will be sent through the neural network Success vs. Failure ratio will be measured and compared between different network types

Experimentation Accuracy Testing: Collect large number of test subjects Subjects set up dummy accounts Subjects attempt to log into their accounts and accounts of others on subsequent sittings (spaced out by 1 week and 1 month) Measure final accuracy

Current Results Proof-of-concept program Determines the mystery typer between two known users Uses simple single-layer neural network Correct 18 / 20 = 90%

Current Results Data collection Flash applet Shows user segment of dynamic text, asks them to type it in a box below Records their keystroke times Sends keystroke data to server to be stored in separate files

Current Results Keystroke data file format: For each keystroke, records the following: Key-# / up-or-down / time-in-millis Example: “65 U 22424” Flexible format allows for different characteristics to be measured (e.g. time between strokes or time of depression)

Current Results Working on an automated testing system First will train neural networks of each type for every data file as noted before Then will record the results of each neural network through automated tested Finally will compute statistics for the accuracy of the different types

Goals Final program interface will be: Easily implementable Difficult to crack Accurate above 90% Will be combined with password security to make inexpensive and secure system

Fin Questions and wrap-up