Indicadores específicos de las condiciones de vida: educación, transporte, idioma,

Keystroke dynamics is a non-intrusive method for user authentication because it only uses the behavioural data that users convey during regular typing tasks. In addition, it is inexpensive; the only hardware that is required is the standard keyboard. However, a very important benefit of free-text keystroke systems, specifically, is that the typing patterns can still be used for authenticating users even after the authentication phase is over. This is done by extracting the keystrokes for authentication during the course of using the system without intruding into the user’s experience. Furthermore, free-text authentication provides a valuable balance between security and usability, as it does not involve any memorization of pre-defined text, which is very desirable by the end user.

This research examined the effectiveness of using an original method, based on the keyboard key-layout, for free-text keystroke dynamics authentication to achieve a relaxed training requirement. This method involved the employment of specific key-pairs from which five timing features are extracted. The main reason for using key-pairs was to reduce the amount of training data the user is required to provide because the need for huge training data is a critical drawback in keystroke systems.

The initial experimentation using the original key-pairing method has produced reasonable results considering the fact that it used merely one short sample of free-text for

authentication, which provided a good balance between the system’s security and the user’s comfort. Using individual features produced undesired high FAR. However, better FAR was obtained using a combination of more than one feature, yet the FRR was higher using the combined features.

The extended key-pairing method expanded the original key-pairing algorithm used in the original method in order to include a sense of hand positioning. A larger number of features were deployed to find the features that best represented the human typing patterns without losing the advantage of the reduced training requirement of the key-pairing method. ACO and MANOVA were used for the features subset selection. SVMs (both one-vs-one and one-vs- rest multiclass classification) was chosen to be the classifier in this study. The features selected by ACO and MANOVA were dominated by duration times. This corresponds to the duration time having a higher impact on the system performance compared with latency times. The extended method produced lower error rates, more specifically using the features subset extracted using ACO. Nonetheless, the FRR was still higher than desired.

It is hardly surprising that the authentication performance is not perfect, given the nature of this experiment and the fact that its priority is the user’s comfort at the enrolment phase. However, this study, which used only a few short training samples, resulted in an FAR that was quite close to most studies found in literature which required much more training. Nevertheless, the FRR results were not as promising, and more work is needed to improve it.

Moreover, non-conventional features were explored. These features include semi-timing features along with editing features. They were extracted from the users’ typing stream as an attempt to understand the patterns a user follows when typing a whole piece of text. Both DTs and SVMs were used for classification, with the DTs producing less error rates. The non-conventional features succeeded in reducing the FAR and FRR of the timing features which leads to believing that non-conventional features are slightly more superior compared with the conventional timing ones.

Whilst the timing features and non-conventional features produced encouraging yet not perfect results, the next step in the research was to fuse these two features. This was done in order to combine the two sets of features to achieve a better understanding of the user’s typing behaviour. Both feature-level and decision level fusions were implemented. Feature- level fusion saw reduced error rates, yet decision-level fusion succeeded in achieving zero

error rates. Figure 7.1 illustrates the results produced by all experiments performed in this research on English text.

Figure 7.1: Results produced by all experiments performed on English text.

As the key-pairing method was language-independent, this had inspired the investigation of how it can be applied to text in languages other than English. Arabic input was chosen for this test due to the vast differences between the Arabic and English languages. SVMs and DTs were also used in the Arabic input experiment. Similar to English, FAR produced better rates compared with FRR. Arabic and English inputs produced similar results despite the massive differences between the two languages which reveals the ability of the key-pairing method to employ text from different languages.

Moreover, experimenting with these two languages proved that the user’s familiarity with a certain language has a noticeable influence on the user’s typing patterns in that language, which significantly affects the performance of the authentication system.

In this research, the compromise between the user comfort and the system performance was considerably reduced by using key-pairs that worked to increase the number of di-graphs used for comparing samples in the course of authenticating users. In addition, non- conventional features were also gathered to boost the amount of information the system retains about the users typing behaviour. Therefore, this research is on the right track for creating a simple yet practical system for authenticating users while producing the lowest possible amount of irritation in the training phase.

Furthermore, a trade-off between the FAR and FRR [18] was experienced in all of the studies included in this research. Based on the application of user authentication in real life, there is a huge number of potential impostors that act as a threat to the security of any authentication system [224]. Protecting the system from these risks is very important for applications of a high security nature. This study was successful in achieving that as it protects the system against risk from most imposter’s (low FAR). The high security requirement of the authentication system, unfortunately, has caused more legitimate users to be denied access (higher FRR).

Moreover, the biased results illustrated in the noticeable difference between the FAR and FRR values (produced by all studies) is caused by the imbalance of the dataset [232]. The dataset used is considered imbalanced because the positive samples are much fewer than negative samples.

It was stated earlier that comparing the performance of keystroke dynamics systems and therefore determining the method to follow for achieving the best authentication accuracy is not a straightforward task [4]. The reason goes back to the variation of conditions that might be affecting the study; specifically: the participants, environment and procedures included in each study.

An attempt to compare the results produced in this research with results found in similar studies in the field is carried-out (shown in Table 7.1). Nonetheless, there were a great deal of differences between the manner these methods were executed. First, the FAR and FRR are higher in the study performed using the key-pairing method introduced in this research compared by that that produced by Davoudi and Kabir [117], which does not involve any key-pairs. Additionally, the FAR produced by the key-pairing method achieved in this research is lower than that generated by the key-pairing technique introduced by Zahid et al.

[46] to use keystroke dynamics on smart phones. Nonetheless, the FRR was slightly lower in the Zahid et al. technique [46].

Table 7.1: Comparison with state of the art studies.

Study Participant no.

Characters no.

Features System performance

Convent. Non-convent. Accuracy FAR FRR

Davoudi & Kabir [117]

(doesn’t involve key-pairs) 21 11700- 13500 √ 0.0008 0.188

Zahid et al. [46]

(involve key-pairs) 25 12500 √ 0.292 0.308

Key-pairing method

(developed in this study) 25 7200 √ 0.013 0.384

Hempstalk et al. [80] 10 10800- 30000 √ 0.113 0.331

Non-conventional features method

(developed in this study) 25 7200 √ 0.0104 0.25

Curtin et al. [79] 8 15000 √ √ 0.985

Feature-level fusion method

(developed in this study) 25 7200 √ √ 0.80 0.00896 0.215

Ahmed & Traore [285] 53 11000 √ 0.00052 0.0482

Decision-level fusion method

(developed in this study) 25 7200 √ √ 0.00 0.00

Moreover, the non-conventional features in this research were able to produce lower error rates compared with those produced by the non-conventional features exploited by Hempstalk et al. [80]. In addition, the accuracy produced from fusing the features of the key- pair timing method and the non-conventional features is fairly similar to that delivered by fusing the timing and non-conventional features, in the work conducted by Curtin et al. [79], despite the very low number of participants included in the latter study.

Furthermore, decision-level fusing of the two methods suggested in the study conducted by Ahmed & Traore [258] have produced low error rates, yet the decision-level fusion proposed here succeeded to achieve zero error rates. The number of participants, however, is larger in the Ahmed & Traore study which might contribute to the higher error rate.

It has to be noted, however, that the error rates produced in this research are considered reasonable, despite the requirement for far fewer training data and the much more practical nature of the study. As illustrated in table 7.1, in the studies mentioned for comparison, long

input was collected from users as the system required substantial amounts of data for training. This contradicts with the main goal of this research which is relieving the users from the tedious training input to achieve a user-friendly authentication system. This was achieved as both the key-pairing method and non-conventional features method were developed to perform user authentication using reduced amount of training. Nonetheless, more research is needed to improve the system performance of the key-pairing method and non-conventional methods in order to produce error rates close to that produced by methods that does not involve key-pairs such as the one conducted in [117] whilst satisfying the reduced training requirement.

Finally, keystroke dynamics is faced with a large amount of challenges that have to be overcome in order for it to be an operational biometric for distinguishing between users. Nevertheless, because of its semi-autonomous and cost-effective nature, keystroke dynamics has the potential to develop in the field of information security. Moreover, the idea of using keystroke dynamics is certainly not only restricted to the traditional keyboard; it can be adapted to many other mechanisms, such as ATM machines and cell phones, which provides better everyday protection for the standard user [286].