Typing Pattern Authentication Techniques 3 rd Quarter Luke Knepper.

Slides:

Advertisements

Similar presentations

1 VLDB 2006, Seoul Mapping a Moving Landscape by Mining Mountains of Logs Automated Generation of a Dependency Model for HUG’s Clinical System Mirko Steinle,

Advertisements

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

Password Cracking Lesson 10. Why crack passwords?

CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.

Detecting Computer Intrusions Using Behavioral Biometrics Ahmed Awad E. A, and Issa Traore University of Victoria PST’05 Oct 13,2005.

Copyright 2004 Monash University IMS5401 Web-based Systems Development Topic 2: Elements of the Web (g) Interactivity.

Research Experiment Design Sprint: Keystroke Biometric Intrusion Detection Ned Bakelman Advisor: Dr. Charles Tappert.

Research Experiment Design Sprint: Keystroke Biometric Intrusion Detection Ned Bakelman Advisor: Dr. Charles Tappert.

Secure Shell – SSH Tam Ngo Steve Licking cs265. Overview Introduction Brief History and Background of SSH Differences between SSH-1 and SSH- 2 Brief Overview.

1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.

Mouse Movement Biometrics, Pace University, Fall'20071 Mouse Movement Biometrics Fall 2007 Capstone -Team Members Rafael Diaz Michael Lampe Nkem Ajufor.

CS Team 5 Alex Wong Raheel Khan Rumeiz Hasseem Swati Bharati Biometric Authentication System.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Keystroke Biometrics Test Taker Setup and Data Collection Fall 2009.

Keystroke Biometric Studies Keystroke Biometric Identification and Authentication on Long-Text Input Book chapter in Behavioral Biometrics for Human Identification.

Computer Assisted Audit Techniques

Intrusion detection Anomaly detection models: compare a user’s normal behavior statistically to parameters of the current session, in order to find significant.

1 Security problems of your keyboard –Authentication based on key strokes –Compromising emanations consist of electrical, mechanical, or acoustical –Supply.

System Implementation

Authentication for Humans Rachna Dhamija SIMS, UC Berkeley DIMACS Workshop on Usable Privacy and Security Software July 7, 2004.

Lecture 11 Intrusion Detection (cont)

Scientific Computing Department Faculty of Computer and Information Sciences Ain Shams University Supervised By: Mohammad F. Tolba Mohammad S. Abdel-Wahab.

Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.

Authentication Approaches over Internet Jia Li

IOTA Improved Design and Implementation of a Modular and Extensible Website Framework Andrew Hamilton – TJHSST Computer Systems Lab Abstract.

File Organization Techniques

1 DATABASE TECHNOLOGIES BUS Abdou Illia, Fall 2007 (Week 3, Tuesday 9/4/2007)

Selecting and Combining Tools F. Duveau 02/03/12 F. Duveau 02/03/12 Chapter 14.

University of Zagreb MMVE 2012 workshop1 Towards Reinterpretation of Interaction Complexity for Load Prediction in Cloud-based MMORPGs Mirko Sužnjević,

About Dynamic Sites (Front End / Back End Implementations) by Janssen & Associates Affordable Website Solutions for Individuals and Small Businesses.

IIT Indore © Neminah Hubballi

Project 1 Online multi-user video monitoring system.

Csci5233 Computer Security1 Bishop: Chapter 27 System Security.

Chapter-2 Identification & Authentication. Introduction  To secure a network the first step is to avoid unauthorized access to the network.  This can.

Cristian Urs and Ben Riveira. Introduction The article we chose focuses on improving the performance of Genetic Algorithms by: Use of predictive models.

Rensselaer Polytechnic Institute CSCI-4210 – Operating Systems CSCI-6140 – Computer Operating Systems David Goldschmidt, Ph.D.

Database Application Security Models Database Application Security Models 1.

Keystroke Biometric System Client: Dr. Mary Villani Instructor: Dr. Charles Tappert Team 4 Members: Michael Wuench ; Mingfei Bi ; Evelin Urbaez ; Shaji.

User Authentication Using Keystroke Dynamics Jeff Hieb & Kunal Pharas ECE 614 Spring 2005 University of Louisville.

NEURAL NETWORKS FOR DATA MINING

I Information Systems Technology Ross Malaga 4 "Part I Understanding Information Systems Technology" Copyright © 2005 Prentice Hall, Inc. 4-1 DATABASE.

1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.

Chapter 4 – Protection in General-Purpose Operating Systems Section 4.5 User Authentication.

Introduction to dCache Zhenping (Jane) Liu ATLAS Computing Facility, Physics Department Brookhaven National Lab 09/12 – 09/13, 2005 USATLAS Tier-1 & Tier-2.

Time Series Analysis and Forecasting

Design and Implementation of a Dynamic Data MLP to Predict Motion Picture Revenue David A. Gerasimow.

Ins and Outs of Authenticating Users Requests to IIS 6.0 and ASP.NET Chris Adams Program Manager IIS Product Unit Microsoft Corporation.

14.1/21 Part 5: protection and security Protection mechanisms control access to a system by limiting the types of file access permitted to users. In addition,

File Processing - Hash File Considerations MVNC1 Hash File Considerations.

Intelligent Database Systems Lab N.Y.U.S.T. I. M. Externally growing self-organizing maps and its application to database visualization and exploration.

ADVANTAGES OF DATA BASE MANAGEMENT SYSTEM. TO BE DICUSSED... Advantages of Database Management System  Controlling Data RedundancyControlling Data Redundancy.

Securing Passwords Against Dictionary Attacks Presented By Chad Frommeyer.

VirtuCo :: Authentication and Billing ::. VirtuCo v©v© Authentication schemes –Public key –Username and password –Combination –Additional possibilities.

Back-Propagation Algorithm AN INTRODUCTION TO LEARNING INTERNAL REPRESENTATIONS BY ERROR PROPAGATION Presented by: Kunal Parmar UHID:

INTRODUCTION TO BIOMATRICS ACCESS CONTROL SYSTEM Prepared by: Jagruti Shrimali Guided by : Prof. Chirag Patel.

Audit COM380 University of Sunderland Harry R. Erwin, PhD.

© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.

Presentation for CDA6938 Network Security, Spring 2006 Timing Analysis of Keystrokes and Timing Attacks on SSH Authors: Dawn Xiaodong Song, David Wagner,

Identifying “Best Bet” Web Search Results by Mining Past User Behavior Author: Eugene Agichtein, Zijian Zheng (Microsoft Research) Source: KDD2006 Reporter:

File Transfer And Access (FTP, TFTP, NFS). Remote File Access, Transfer and Storage Networks For different goals variety of approaches to remote file.

Keystroke Dynamics By Hafez Barghouthi.

VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.

An Introduction to Biometrics

Introduction to Networking

Basic Concepts in Data Management

Dynamic Authentication of Typing Patterns

Dynamic Authentication of Typing Patterns

Modeling IDS using hybrid intelligent systems

Neural Network Typing Authentication

Presentation transcript:

Typing Pattern Authentication Techniques 3 rd Quarter Luke Knepper

Agenda Background Final Process Experimentation Current Results Goals

The Dilemma Passwords can sometimes be suboptimal Advanced biometrics are expensive Need an alternative

A Solution Authenticate people by how they type Typing patterns differ by person Studies show that people can be authenticated by their typing patterns Cheap and flexible to implement

A Problem Usually will measure the user's keystrokes when typing in username & passwords Commercial packages available (ex. Psylock) However, uses static text (username & password) → easy to hack Need an improvement

The Fix Generate random text and record keystrokes while the user types it Not a static text segment → Makes it considerably harder to hack

Another Advantage What if another person jumps on the computer while you are logged in? Can continuously monitor the user's typing patterns during program use If a change is detected, system suspects an intruder and locks the user out

Background Measures users' typing patterns, compares to a previous standard Technique first used in WWII Works with ~90% Accuracy Usually implemented in a neural network structure

Background

Process (front-end) On account set-up, user will type large amounts of dynamic text On subsequent log-ins, user will type smaller amount of dynamic text User will still need to use username, password, etc.

Process (back-end) Set-up data will be used to breed (i.e. train) a neural network The optimal weight vector can be generated efficiently via back-propagation, genetic algorithms, parallel processing Log-in data will be fed through neural network: result either meets threshold (admitted) or does not meet (rejected)

Continuous Authentication Uses same general process as log-in time authentication Measures the user's typing patterns while the system is in use Runs the typing data through the neural network at regular intervals Raise the warning level if a change is detected, lock out after critical point

Experimentation Goals:  Develop and test the accuracy of different types of neural networks for this purpose  Develop and test log-in authentication application  Develop and test continuous authentication application

Experimentation Neural Network Optimization: 1.Develop online data collection applet 2.Collect massive amounts of data 3.Use data to train multiple neural network types 4.Test different network types to determine accuracy of each type

Experimentation Neural Network Optimization: Will train a neural network for each data file collected Sample data will be sent through the neural network Success vs. Failure ratio will be measured and compared between different network types

Experimentation Accuracy Testing: 1.Collect large number of test subjects 2.Subjects set up dummy accounts 3.Subjects attempt to log into their accounts and accounts of others on subsequent sittings (spaced out by 1 week and 1 month) 4.Measure final accuracy

Current Results Proof-of-concept program Determines the mystery typer between two known users Uses simple single-layer neural network Correct 18 / 20 = 90%

Current Results Data collection Flash applet Shows user segment of dynamic text, asks them to type it in a box below Records their keystroke times Sends keystroke data to server to be stored in separate files Collected over 1,500 samples

Current Results Keystroke data file format: – For each keystroke, records the following: Key-# / up-or-down / time-in-millis Example: “65 U 22424” – Flexible format allows for different characteristics to be measured (e.g. time between strokes or time of depression)

Current Results Working on an automated testing system First will train neural networks of each type for every data file as noted before Then will record the results of each neural network through automated tested Finally will compute statistics for the accuracy of the different types

Current Results Developped continuous authentication simulation program Simulates an instant-messaging session with an automated chat bot Asks the user questions and measures typing data for each response Locks the user out if a significant change is detected

Goals Final program interface will be:  Easily implementable  Difficult to crack  Accurate above 90%  Will be combined with password security to make inexpensive and secure system

Fin Questions and wrap-up