SECURI�G MOBLIE AUTHE�TICATIO� THROUGH

KEYSTROKES DY�AMICS

�itin Singh (07BIT138)

Prithumit Deb (07BIT157)

Aim To develop a security system for mobile devices that eliminates the vulnerability of PIN

(4-digit) security and which reduces the high end configuration and memory space

requirements of biometrics security.

Objective The issues that we will be handling in the project work is the vulnerability of PIN

security in mobile devices and providing an extra layer of security through Key Strokes

Dynamics based authentication system.

Also the problem of authentication error rates while using natural user keystroke pattern

will be worked upon. And a better mechanism which uses an artificial keystroke rhythm

with cues will be worked upon.

Method- Keystroke Dynamics based Authentication Security system for Mobile Devices

using Artificial typing rhythm and cues.

Principle- Making use of the behavioral pattern of the user rather than any physical

pattern or biometrics.

Motivation Now a days mobile device are widely used in financial applications such as banking,

ticket booking, m-commerence, stock trading etc. So data security and a proper user

authentication are very important for mobile devices. The draw backs of the existing

security mechanism are unlike computers, in mobile devices PIN (Personal Identification

Number) has been used as the only security mechanism for decades. PIN is only a 4-digit

(0000-9999) combination of numbers. The limited length of the PIN and the limitation in

digit combinations (only 10000) increases the chances of trial and error attacks and

shoulder surfing.

Often it is easy to guess the PIN of the user if the imposter knows some personal details

regarding the user (like date of birth, favorite number, and vehicle number etc. Recently

the use of biometrics has proved to improve the security of cell phones (finger print

recognition, facial recognition, voice recognition, iris scanning etc). But implementing

biometric authentication needs a lot of resources, configuration and memory which are

generally limited in small devices like cell phones. So a much simpler but efficient

authentication mechanism is required which improves the security of mobile devices.

Related Works

Existing works in order

Paper Title with Authors,

and year

Keystroke dynamics-

based authentication

for mobile devices.

(Seong-seob Hwang,

Sungzoon Cho,

Sunghoon Park)- 2008

Keystroke Dynamics as

a Biometric for

Authentication

(Fabian Monrose, Aviel

D. Rubin)- 1999

Specific problems/issues

discussed

Keystroke dynamics

based authentication

for mobile devices.

Security threats to a

computer and using

biometrics to increase

the level of security

Problem statement Data security through

keystrokes dynamics

based authentication

Result on the

Authentication based

on Keystrokes

dynamics and

comparison of the

experiment results with

the prior works

Assumptions User acquaintance with

typing in mobile

keypad

Users are familiar with

computers and

passwords

Constraints Limited user group for

the experiment

Limitation of user

group for data

collection

Process or operation or

functional description

Keystrokes Dynamics

based Authentication

Claimed advantages Less configuration and

memory space required

Claimed disadvantages Difficult to implement

for a larger and diverse

set of users with

varying typing pattern

The problem with

keystroke recognition is

that unlike other non-

static bio-metrics there

are no known features

or feature

transformations which

are dedicated solely to

carrying discriminating

information.

Algorithms used

Tools used 3G synchronized IMT-

2000 cellular system

(CDMA2000 1xEV-

MATLAB, C++, GNU

plot

DO)

Tables and fields Choice of Passwords

and use of typing

hands, Equal Error

rates, factors affecting

error rates

Domain tested Domain of 25 users

with average age 25.3

yrs

Data was collected

from 63 users

Metrics used with formula Euclidean Distance

measure, Non weighted

and weighted

probability

Performance graphs Cumulative

distribution of enroll,

login and imposter

distances

Future work proposed Applying the same

theory to a more

diverse user group

Recognition based on

free-text typing pattern

during the identification

process

System Design with Modules The idea described here will be useful for people who do their vital commercial activities

like banking, shopping and stock trading through their mobile devices in which the

security of personal data is vital.

Enrollment Process

Authentication Process

Store in the database

1. Username & PIN in encrypted form.

2. Keystroke Pattern of the user.

DATABASE 3. Threshold Value for the user.

4. Login Attempts made by user.

Generate

keystroke

pattern

graph from

the 5 inputs

Determine

suitable

Threshold

Value

4 digits PIN with

Artificial Typing

Rhythm using cues

(audio or visual)

Input 5 times for

enrollment

Username &

4 digits PIN

Authenticate

Valid

Input username &

PIN from the user

Retrieve the PIN

from database

Decryption

Check PIN validation

KDA Authentication

Retrieve keystroke

pattern & threshold

value from database

Check if the login

pattern is lies within

the threshold value

found during the

enrollment process. If Invalid

Implementation Procedure

Proposed Algorithm:

1. Start

2. Enroll the keystroke pattern of the user

3. The Enrollment process is done 5 times to minimize the error rates and to determine a

suitable threshold values.

4. Artificial Keystroke rhythm will be used and cues (audio) will be provided to help the

user make a consistent and unique pattern

5. The threshold limit for the user’s keystroke pattern is determined.

6. The users PIN in encrypted format, enrollment pattern, and threshold limit and login

attempts are stored in a database

7. Next during Authentication the PIN is validated first after decrypting the PIN from the

database. If found valid then it proceeds to the next step of KDA or else the user will be

asked for the PIN again

8. In the KDA the user again types the PIN in the artificial rhythm (with cues) in which

he has enrolled.

9. The keystroke pattern is generated again and checked if it’s between the threshold

values. If it’s found in the suitable threshold range then the user is authenticated or else

authentication is rejected.

10. Stop

Database and Software

1. Database containing the user’s enrolment and login information and his keystroke

pattern

2. Platform- J2ME

3. Hardware- Multimedia Cell Phones supporting MIDP 2.0

4. Software-Emulator- Sun JAVA Wireless Toolkit 2.5.2

References

1. “Keystrokes dynamics-based authentication for mobile devices”, Seong-seob Hwang,

Sungzoon Cho, Sunghoon Park

Journal homepage: www.elsevier.com/locate/cose

2. “Keystroke Dynamics as a Biometric for Authentication”, Fabian Monrose, Aviel D.

Rubin.

3. “Keystroke Dynamics”, P018 - term project, 2001, Petre Svenda, Masyark University

MINI PROJECT PROPOSALMINI PROJECT PROPOSALMINI PROJECT PROPOSALMINI PROJECT PROPOSAL

Submitted by:-

�itin Singh (07BIT138)

Prithumit Deb (07BIT157)

B-Tech Information Technology (C-Batch)

Project Guide: - J. Gitanjali (Assistant Professor)

Submitted on- 17.08.09

VIT University