Keystroke Dynamics Jarmo Ilonen. Structure of presentation Introduction Keystroke dynamics for Verification Identification Commercial system: BioPassword.

Slides:

Advertisements

Similar presentations

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Advertisements

CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.

ATTACKING AUTHENTICATION The Web Application Hacker’s Handbook, Ch. 6 Presenter: Jie Huang 10/31/2012.

Software Certification and Attestation Rajat Moona Director General, C-DAC.

Non-Text Passwords CRyptography Applications Bistro Jessica Greer February 12, 2004.

Detecting Computer Intrusions Using Behavioral Biometrics Ahmed Awad E. A, and Issa Traore University of Victoria PST’05 Oct 13,2005.

Secure Shell – SSH Tam Ngo Steve Licking cs265. Overview Introduction Brief History and Background of SSH Differences between SSH-1 and SSH- 2 Brief Overview.

95752:3-1 Access Control :3-2 Access Control Two methods of information control: –control access –control use or comprehension Access Control Methods.

1 Authentication CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 11, 2004.

PALM VEIN TECHNOLOGY.

Chapter 11 Integration Information Instructor: Prof. G. Bebis Represented by Reza Fall 2005.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Authentication for Humans Rachna Dhamija SIMS, UC Berkeley DIMACS Workshop on Usable Privacy and Security Software July 7, 2004.

1 Securing Passwords Against Dictionary Attacks Base on an article by Benny Pinkas & Tomas Sander 2002 Presented by Tomer Conforti.

Marjie Rodrigues

Biometric Authentication Presenter: Yaoyu, Zhang Presenter: Yaoyu, Zhang.

Key-Stroke Timing and Timing Attack on SSH Yonit Shabtai and Michael Lustig supervisor: Yoram Yihyie Technion - Israel Institute of Technology Computer.

Biometrics: Ear Recognition

SSH Secure Login Connections over the Internet

Dr. John P. Abraham Professor UTPA.  Particularly attacks university computers  Primarily originating from Korea, China, India, Japan, Iran and Taiwan.

Karthiknathan Srinivasan Sanchit Aggarwal

Zachary Olson and Yukari Hagio CIS 4360 Computer Security November 19, 2008.

Biometrics. Outline What is Biometrics? Why Biometrics? Physiological Behavioral Applications Concerns / Issues 2.

Authentication Approaches over Internet Jia Li

Mitigating DoS Attacks against Broadcast Authentication in Wireless Sensor Networks Peng Ning, An Liu North Carolina State University and Wenliang Du Syracuse.

Online Chinese Character Handwriting Recognition for Linux

Enforcing Concurrent Logon Policies with UserLock.

Chapter-2 Identification & Authentication. Introduction  To secure a network the first step is to avoid unauthorized access to the network.  This can.

Keystroke Dynamics Etem DENİZ, Buğra KOCATÜRK, Gülşah YILDIZOĞLU, Ömer UZUN Boğaziçi University, CMPE, May 2010.

By: Navid Bahrani, Niloufar Azmi, Majid Mafi

Access Control Identification and Authentication.

User Authentication Using Keystroke Dynamics Jeff Hieb & Kunal Pharas ECE 614 Spring 2005 University of Louisville.

1 Lecture 8: Authentication of People what you know (password schemes) what you have (keys, smart cards, etc.) what you are (voice recognition, fingerprints,

Password security Dr.Patrick A.H. Bours. 2 Password: Kinds of passwords Password A string of characters: PIN-code A string.

Selim Akyokus AIA /2/ AIA 2007 ENHANCED PASSWORD AUTENTICATION THROUGH KEYSTROKE TYPING CHARACTERISTICS Ozlem Guven(1), Selim Akyokus(1),

G53SEC 1 Authentication and Identification Who? What? Where?

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

Biometrics Authentication Technology

Peeping Tom in the Neighborhood Keystroke Eavesdropping on Multi-User Systems USENIX 2009 Kehuan Zhang, Indiana University, Bloomington XiaoFeng Wang,

I can be You: Questioning the use of Keystroke Dynamics as Biometrics —Paper by Tey Chee Meng, Payas Gupta, Debin Gao Presented by: Kai Li Department of.

G53SEC 1 Authentication and Identification Who? What? Where?

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

Securing Passwords Against Dictionary Attacks Presented By Chad Frommeyer.

Identification Authentication. 2 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose.

Biometric for Network Security. Finger Biometrics.

1 Figure 2-8: Access Cards Magnetic Stripe Cards Smart Cards  Have a microprocessor and RAM  More sophisticated than mag stripe cards  Release only.

Authentication What you know? What you have? What you are?

Typing Pattern Authentication Techniques 3 rd Quarter Luke Knepper.

INTRODUCTION TO BIOMATRICS ACCESS CONTROL SYSTEM Prepared by: Jagruti Shrimali Guided by : Prof. Chirag Patel.

L. F. Coppenrath & Associates PASSWORD BIOPASSWORD ® Biometric Keystroke Dynamics Technology Overview.

By Diana Liwanag. Overview The problem What are biometrics? –What are the different types? Short video of a system with a fingerprinting device. Identifying.

I can be You: Questioning the use of Keystroke Dynamics as Biometrics Tey Chee Meng, Payas Gupta, Debin Gao Ke Chen.

Presentation for CDA6938 Network Security, Spring 2006 Timing Analysis of Keystrokes and Timing Attacks on SSH Authors: Dawn Xiaodong Song, David Wagner,

Keystroke Dynamics By Hafez Barghouthi.

Approaches to Intrusion Detection statistical anomaly detection – threshold – profile based rule-based detection – anomaly – penetration identification.

LINUX Presented By Parvathy Subramanian. April 23, 2008LINUX, By Parvathy Subramanian2 Agenda ► Introduction ► Standard design for security systems ►

Managing Secure Biometric Systems Meghan Armes IA Management April 24, 2007.

By Kyle Bickel. Road Map Biometric Authentication Biometric Factors User Authentication Factors Biometric Techniques Conclusion.

Understanding Security Policies Lesson 3. Objectives.

An Introduction to Biometrics

Access control Presented by: Pius T. S. : Christian C. : Gabes K. : Ismael I. H. : Paulus N.

7/10/20161 Computer Security Protection in general purpose Operating Systems.

Understanding Security Policies

Authentication Schemes for Session Passwords using Color and Images

A Seminar Report On Face Recognition Technology

Biometrics Reg: AMP/HNDIT/F/F/E/2013/067.

Timing Analysis of Keystrokes and Timing Attacks on SSH

A SEMINAR REPORT ON BIOMETRICS

Dynamic Authentication of Typing Patterns

Computer Security Protection in general purpose Operating Systems

Presentation transcript:

Keystroke Dynamics Jarmo Ilonen

Structure of presentation Introduction Keystroke dynamics for Verification Identification Commercial system: BioPassword Eavesdropping secure communications Conclusions

Introduction Keystroke dynamics is a biometric based on assumption that different people type in uniquely characteristic manners Conceptually close to signature recognition History 19 th century telegraph operators Advantages Completely software based Very high user acceptance “Reversing” process possible Snooping secure communications Cracking passwords

Features Often used Latency between keystrokes Duration of keystroke, hold-time Seldom used Overall typing speed Frequency of errors Habit of using additional keys (numpad…) Capital letters (order of releasing shift and letter) Force of hitting keys (special keyboard needed) Global or per keystroke/key-pair statistics

Example Latencies between keystrokes when writing “password” by three persons

Measuring features Measuring easy Key Press and Release events Timing them trivial Challenges Users with widely differing typing skills Affected by alertness (sleepy, drunk, …) Injuries Holding coffee cup or phone at one hand Changing to different keyboard

Verification & identification Verification User authenticated at log-in time Keystroke dynamics measured when user writes username and password Identification Used for continuous user authentication A background process watching the user Potentially locks down the computer or alerts the administration

Verification Computers with username/password authentication Passwords are often easy to guess or find out Motivation for keystroke dynamics Not enough for attacker to know username and password Expensive to add key-cards or other biometric systems Solution: Use keystroke dynamics

Verification Enrollment (new user or changed password) Write username and password several times Create keystroke dynamics profile No user-visible changes for login procedure Password and typing pattern must match Widely studied, differences in used Features Classification method

Verification example… “Computer-access security systems using keystroke dynamics” by S. Bleha et al. Using only username, no separate password Username as signature Based on latency between keystrokes Thirty last valid entries used as template Two classification methods used together Minimum distance classifier Bayesian classifier User rejected if both fail

… results Attackers had chance to observe valid users Majority of errors caused by minority of users Not used to PC keyboards Inexperienced/slow writers easy to imitate False reject rateFalse accept rate (Type I error)(Type II error) Total attempts Errors4422 % error8.1%2.8%

Another verification example… “Verification of computer users using keystroke dynamics” by M. S. Obaidat and B. Sadoun Numerous classification methods tested Tested with features Latencies between keystrokes Durations of keystrokes Both together

… results Keystroke durations better than latencies between keystrokes, but both together the best choice Neural methods better than statistical 0% type I and II errors at best

Identification Not useful replacement for username/password authentication Background process continuously identifying user Not too sensitive, but still recognize users fast If likelihood of unauthorized user rises to certain point, alert administration or lock system Very few scientific studies Only study found: using only average and standard deviation of latency between keystrokes ⇒ works for 4 tested users

BioPassword User authentication system by US company BioNet-systems Better known for NetNanny filtering software Designed to replace default log-in system in Windows NT/2000/XP Installed on server and workstations Enrollment: write username/password 15 times, template stored on the server No user-visible changes to log-in procedure

BioPassword patent Very much like systems in scientific studies Uses both latencies between keystrokes and keystroke durations Classification method not revealed Templates stored in format which would make continuous authentication simple But not used in real application (yet?)

Reviews of BioPassword Good Did not generate false rejects Unless a high security setting was used Nor false accepts Unless a very low security setting was used On the whole, un-obtrusive and works well Bad Writing username and password 15 times Possible to by-pass with RunAs-service Possibility of losing administrator access in case of injury Usually there are more than one administrator Not suitable for heterogeneous systems (other operating systems)

Timing attacks on secure communications Guess what was written based on timings of packets Information on keystroke dynamics needed Collect from a specific user Assume they are same for all touch-typists “Timing Analysis of Keystrokes and Timing Attacks on SSH” by D.X. Song et al. Main interest: cracking passwords

Capturing timing information SSH sends packets immediately after keystrokes No responses when writing password Relatively easy to notice

Measuring latencies Key-pairs divided to several classes Written with separate hands or fingers Latencies between keys in key-pairs measured Distributions follow Gaussian distribution Gaussian model created for all key-pairs

Information gain from latency Upper bound for information gained from latency Average 1.2bits/character Entropy bits/character for written English, more for passwords Relation between latencies and character sequence modeled as Hidden Markov Model n-Viterbi algorithm used to solve n most likely states of HMM

Password cracking results Tested with real timing data of writing 8- character passwords Success measured by how large part of password space tested before finding the password 50% without latency information Results: average 2.7%, median 1.0% 50-fold decrease in needed time Days instead of months for cracking

Conclusions: Verification Advantages Cheap, completely software based Works quite well in addition to username/password Possibly also with PIN-codes No major changes for users Good user acceptance Mimicking others apparently not easy

Conclusions… Disadvantages Not a stable biometric Affected by almost everything “Learning” own password potentially a problem Hard to implement in “real” computer environments Too many different ways to log-in Possible to create a fake keyboard and input a recorded key-sequence as username/password

Conclusions: Identification Very few scientific studies Potential uses where un-authorized persons could access computers in open areas Better to lock computer when not used and/or use locks in doors

Conclusions: Eavesdropping Eavesdropping secure communications Using keystroke dynamics in opposite direction Potentially much faster password cracking Not a serious threat Probably much easier ways to gain access Works only against good touch-typists Measuring timings could be harder Adding random delays to packets Sending additional empty packets

Questions?