User Authentication using Combination of Behavioral Biometrics over the Touchpad acting like Touch screen of Mobile Device



Similar documents
User Authentication Methods for Mobile Systems Dr Steven Furnell

Deployment of Keystroke Analysis on a Smartphone

International Journal of Innovative Research in Computer and Communication Engineering

Personal Identification Techniques Based on Operational Habit of Cellular Phone

Biometrics is the use of physiological and/or behavioral characteristics to recognize or verify the identity of individuals through automated means.

Cyberspace Security Use Keystroke Dynamics. Alaa Darabseh, B.S. and M.S. A Doctoral Dissertation In Computer Science

The Development of a Pressure-based Typing Biometrics User Authentication System

BehavioSec participation in the DARPA AA Phase 2

Assignment 1 Biometric authentication

Multimodal Biometric Recognition Security System

Establishing the Uniqueness of the Human Voice for Security Applications

The Implementation of Face Security for Authentication Implemented on Mobile Phone

Identity Theft, Computers and Behavioral Biometrics

Biometric Authentication using Online Signatures

A Behavioral Biometric Approach Based on Standardized Resolution in Mouse Dynamics

Continuous Biometric User Authentication in Online Examinations

Internet and Computing Core Certification Guide Module A Computing Fundamentals

Multi-Factor Biometrics: An Overview

Measuring Performance in a Biometrics Based Multi-Factor Authentication Dialog. A Nuance Education Paper

Mathematical Model Based Total Security System with Qualitative and Quantitative Data of Human

KEYSTROKE DYNAMIC BIOMETRIC AUTHENTICATION FOR WEB PORTALS

A Novel Identification/Verification Model Using Smartphone s Sensors and User Behavior

Biometric Authentication using Online Signature

Multimedia Document Authentication using On-line Signatures as Watermarks

Progressive Authentication on Mobile Devices. They are typically restricted to a single security signal in the form of a PIN, password, or unlock

Robust Security System for Critical Computers

Support Vector Machines for Dynamic Biometric Handwriting Classification

Method of Combining the Degrees of Similarity in Handwritten Signature Authentication Using Neural Networks

Consumers Awareness of, Attitudes Towards and Adoption of Mobile Phone Security

Application-Specific Biometric Templates

Keywords image processing, signature verification, false acceptance rate, false rejection rate, forgeries, feature vectors, support vector machines.

How To Understand How To Authenticate On A Mobile Device

Physical Security: A Biometric Approach Preeti, Rajni M.Tech (Network Security),BPSMV preetytushir@gmail.com, ratri451@gmail.com

Voice Authentication for ATM Security

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 10 Authentication and Account Management

Automatic Biometric Student Attendance System: A Case Study Christian Service University College

This method looks at the patterns found on a fingertip. Patterns are made by the lines on the tip of the finger.

Biometrics in Secure e-transaction

HANDS-FREE PC CONTROL CONTROLLING OF MOUSE CURSOR USING EYE MOVEMENT

Authentication Solutions Through Keystroke Dynamics

Enhanced Password Based Security System Based on User Behavior using Neural Networks

DESIGN OF DIGITAL SIGNATURE VERIFICATION ALGORITHM USING RELATIVE SLOPE METHOD

Efficient on-line Signature Verification System

A Model to Secure Mobile Devices Using Keystroke Dynamics through Soft Computing Techniques

Comparative Analysis of Handwritten, Biometric and Digital Signature

Evaluation of Sensors as Input Devices for Computer Music Interfaces

22 nd NISS Conference

Biometrics in Physical Access Control Issues, Status and Trends White Paper

MULTIMEDIA CONTENT PROTECTION VIA BIOMETRICS-BASED ENCRYPTION. Umut Uludag and Anil K. Jain

Detecting Credit Card Fraud

May For other information please contact:

Software Only Biometrics to Authenticate Student ID

A New Non-Intrusive Authentication Method based on the Orientation Sensor for Smartphone Users

A Comparative Study on ATM Security with Multimodal Biometric System

Analysis of Multimodal Biometric Fusion Based Authentication Techniques for Network Security

ENHANCING ATM SECURITY USING FINGERPRINT AND GSM TECHNOLOGY

BIOMETRICS AUTHENTICATION TECHNIQUE FOR INTRUSION DETECTION SYSTEMS USING FINGERPRINT RECOGNITION

Development of Academic Attendence Monitoring System Using Fingerprint Identification

Biometric Authentication Platform for a Safe, Secure, and Convenient Society

Digital Fingerprinting Based on Keystroke Dynamics

Discriminative Multimodal Biometric. Authentication Based on Quality Measures

Biometric Security: Client-Server Systems. Mira LaCous VP Technology & Development BIO-key International, Inc Mira.LaCous@bio-key.

International Journal of Advanced Information in Arts, Science & Management Vol.2, No.2, December 2014

USING SELF-ORGANIZED MAPS AND ANALYTIC HIERARCHY PROCESS FOR EVALUATING CUSTOMER PREFERENCES IN NETBOOK DESIGNS

addressed. Specifically, a multi-biometric cryptosystem based on the fuzzy commitment scheme, in which a crypto-biometric key is derived from

An Analysis of Keystroke Dynamics Use in User Authentication

NFC & Biometrics. Christophe Rosenberger

FACE RECOGNITION BASED ATTENDANCE MARKING SYSTEM

Two Factor Authentication for VPN Access

Behavioural Biometrics for Multi-Factor Authentication in Biomedicine

ECE 533 Project Report Ashish Dhawan Aditi R. Ganesan

De-duplication The Complexity in the Unique ID context

Mobile Phone Location Tracking by the Combination of GPS, Wi-Fi and Cell Location Technology

Accessing the bank account without card and password in ATM using biometric technology

Development of Attendance Management System using Biometrics.

User Authentication/Identification From Web Browsing Behavior

Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and

A Survey on Untransferable Anonymous Credentials

Smart Card in Biometric Authentication

Spam Detection Using Customized SimHash Function

Fingerprint Based Biometric Attendance System

Two-Factor Authentication or How to Potentially Counterfeit Experimental Results in Biometric Systems

White paper. Biometrics and the mitigation of card-related fraud

Alternative Biometric as Method of Information Security of Healthcare Systems

3D Signature for Efficient Authentication in Multimodal Biometric Security Systems

High Resolution Fingerprint Matching Using Level 3 Features

Cheap and easy PIN entering using eye gaze

Common Biometric Authentication Techniques: Comparative Analysis, Usability and Possible Issues Evaluation

A secure login system using virtual password

A SMART, LOCATION BASED TIME AND ATTENDANCE TRACKING SYSTEM USING ANDROID APPLICATION

Automated Biometric Voice-Based Access Control in Automatic Teller Machine (ATM)

Palmprint Classification

A Students Attendance System Using QR Code

Chapter 5 Understanding Input. Discovering Computers Your Interactive Guide to the Digital World

Classification of Fingerprints. Sarat C. Dass Department of Statistics & Probability

An Overview of Knowledge Discovery Database and Data mining Techniques

Face Recognition in Low-resolution Images by Using Local Zernike Moments

Digital Identity & Authentication Directions Biometric Applications Who is doing what? Academia, Industry, Government

Online Farsi Handwritten Character Recognition Using Hidden Markov Model

Transcription:

2008 International Conference on Computer and Electrical Engineering User Authentication using Combination of Behavioral Biometrics over the Touchpad acting like Touch screen of Mobile Device Hataichanok Saevanee Department of Mathematics, Faculty of Science, Chulalongkorn University, Thailand hataichanok.s@student.chula.ac.th Pattarasinee Bhatarakosol Department of Mathematics, Faculty of Science, Chulalongkorn University, Thailand pattarasinee.b@chula.ac.th Abstract Now mobile devices are developed to serve various functions, storing the sensitive information. In order to protect those information and mobile systems from unauthorized users, the authentication system must be installed unavoidably. Additionally, the development of the mobile system is moving forward to the touch screen system for user friendly and quick access mechanism. In this paper, we proposed behavioral manners of users over the touchpad acting like touch screen that is able to detect the finger pressure. These behaviors are keystroke dynamics and the finger pressure. The finding has shown that, the finger pressure gives the discriminative information more than keystroke dynamics with the k-nn analytical method. Moreover, using only the finger pressure produces high accuracy rate of 99%. 1. Introduction Nowadays, Mobile devices, such as cellular phones and Personal Digital Assistants (PDAs), become widespread in excess over 3 billion users [1]. Most of them are operated by touching a display commonly used because the touch screen interface is easy to use and user-friendly operates. Currently, mobile devices are used to not only make or receive a call, take photos, and play video games, but also give the special assistance in the business, such as providing internet access, directing access to e-mail and cooperating data, transferring money, and managing bank account. As a consequence, the authentication of users for mobile devices has become an important issue. According to [2], the authentication on mobile devices can be classified in three fundamental approaches. The first approach is using a PIN (Personal Identification Number) or a password which is a secrete-knowledge based technique. This technique offers a standard level of protection and provide cheap and quick authentication. Unfortunately, it is not enough to the safeguard mobile device and data access through them because passwords have never been completely protected by the owners; sharing passwords with friends or any other systems are unavoidable problems. Moreover, the result of a survey from [3] has shown that most users agree that using PIN is very inconvenient and they do not have confidence in the protection of the PIN facility provides. The second approach is the token-based technique or SIM (Subscriber Identification Module). In this approach, when users do not want to use the mobile, the mobile s SIM must be removed. However, removing SIM is not recommended due to inconvenient manners. The last approach is applying the biometric technique. This technique is based on a unique characteristic of a person that provides an improvement on the current authentication. Biometrics relevance with the identification and verification of individual based on human characteristics. Biometric approaches are typically subdivided into two categories: physiological and behavioral biometrics. Physiological biometric is based on bodily characteristics, such as fingerprint, facial recognition, and iris scanning. Behavioral biometric is based on the way people do things, such as keystroke dynamics, mouse movement, and speech recognition. Using any kind of mobile phones, people cannot avoid interact with keystroke dynamics. However, each person may have different styles to press the key because the typing style is based on user s experience and individual skill which is difficult to imitate. The purpose of this paper is to investigate the behavioral manner of users when dialing the phone number on touchpad acting like touch screen on the mobile touch screen detected force in the future [4]. Using keystroke dynamics and the finger pressure 978-0-7695-3504-3/08 $25.00 2008 IEEE DOI 10.1109/ICCEE.2008.157 82

information are the features to authenticate users to increase the accuracy using the combination of behavioral biometrics. The remaining of this paper is organized in six sections. In the Section II is presented works published in the area. In the Section III, the purpose of methodology is discussed: gathering the data, extracting the features, and data structuring and anglicizing. The results are presented in Section IV and discuss in Section V. Finally, the conclusions and future work are presented in Section VI. 2. Related works A keystroke dynamics is based on the assumption that different people have unique habitual rhythm pattern in the ways they typed. The first study was done in 1980 by Gaines [5] who showed that the keystroke timing is a feasible authentication measure. Researches on user authentication using the keystroke dynamics are still going on and numbers of the researches are increasing. The assessment of keystroke dynamics is based on the traditional statistical analysis or the relatively newer pattern recognition technique. Previous researchers used the pattern recognition approach, such as z-test [5], Bayesian classifiers [6], and neuron network [6], [7]. However, all of these studies focus on the keystroke dynamics input from a standard PC keyboard. A few studies have considered the feasibility of the keystroke dynamics on mobile devices. In 2002, Mantyjarvit et al. [8] has investigated the keystroke recognition for the virtual keyboard that used to interact with the hand held electronic devices, such as PDAs, and Mobile phones. The result showed that the accuracy for keystroke recognition using k-nn classification is nearly 100%. Additionally, Clarke et al. [7] investigated the feasibility of authenticating users based on their typing 4-digits represented PIN number and 11-digits represented telephone number on mobile devices using the neural network method showing the keystroke latency as viable discriminative characteristics for at least some of the participant. Furthermore, they also investigated on the utilization of keystroke analysis as authentication method in device that offers the tactile environment of thumb-based keyboard [9]. The results from both studied showed that from the two traditionally used keystroke characteristics, the interkey gave promising results. According to the research of Grabham [10], the investigation of a biometric based on force and keypress duration of a user entering a PIN on an ATMtype interface coupled with a component-wise verification scheme was determined. The result of this investigation indicated that using force and key press duration can identify users with high accuracy and low error rate. 3. Experiment Procedure This section described the feasibility study to authenticate a user using combination of force sensitive and keystroke dynamics. The experimental device is a notebook touch pad acting like a mobile touch screen; the measurement of force and value of keystroke dynamics is performed when the user enters 10-digit number on the touch pad. Details of the experiment are elaborated as follows. 3.1 Data Gathering The size of the notebook touchpad, Synaptic Touchpad, is 3.6 7 cm2 dividing to the same size of 1.2 1.5cm2 keys, totally 12 keys. The sensitivity of this pad is approximately 1000 dots per inch. Furthermore, all participants will have time to get used to this touch pad before the measurement process. Referring to the research of [7], 10-digit input value has a longer feature set and made it more difficult for an imposter to duplicate. Thus, the sample size of 10 (n=10; female=6, male=4) entered their cell phone numbers, with 10 digits long, times continuously and repeatedly. The measurement values, the finger pressure and finger position on the touch pad, will be recorded every 20 ms. 3.2. Extracting Features The behavior information on the pad that can be detected consists of keystroke dynamics and the finger pressure. Three features extracted from these behaviors. Two features were extracted during the keystroke dynamics: the inter-key and the hold-time. Another one feature is the finger pressure which is the force applied over the finger position. The inter-key is the duration of interval between two successive keys; the hold-time is the duration of interval between the pressing and releasing of a single key. Figure 1 shows the extracted features: hold-time (H) and inter-key (I) of a volunteer performing one time measurement by typing a 10-digit number. Since there are 10 participants entering times of 10-digit numbers, there are 3,000 values of the holdtime, 2,700 values of the inter-key, and 3,000 values of the finger pressure. These values will be constructed as vectors to be analyzed as described in the next section. 83

pressure 60 50 40 20 10 0 0 1000 2000 00 4000 5000 time (ms) H1 H2 H3 H4 H5 H6 H7 H8 H9 H10 I1 I2 I3 I4 I5 I6 I7 I8 I9 Figure 1. Hold-time and Inter-key for a 10-digit number 3.3 Data Structuring Considering the finger pressure value, this value is obtained in different manners from other values mentioned above. Since the pressing area is not a single small point but it consists of multiple points on the pad, therefore, there are multiple pressing values over the pressed pad for each pressed digit. Thus, the average value of these multiple pressing values is used as the representative for one pressing digit, as shown in Figure 2. As same as other vectors, the vector of the finger pressure values is constructed as follows. P i, j FP i = [ Pi, 1, Pi,2,..., Pi, 10] Where denotes the average value of finger pressure values at the round i of digit j. Since this experiment is interested in using both hold-time and inter-key, vectors of each value will be constructed to determine its characteristics before the combination of these two values is determined the action effect of hold-time and inter-key. Considering the hold-time values of each person that presses one time for a 10-digit number, a vector in + + + R R... R (10 terms) when R + is the set of all positive real numbers is created and can be written as follows. p 1 p p 5 p 3 2 p 4 p... p N N N p k k= Pi j = 1, Where digit j. H i, j HT i = [ Hi, 1, H i,2,..., Hi, 10] denotes the hold-time at the round i of As same as the hold-time value, the feature of the inter-key which is the interval duration between the two successive key, will be generated nine values for one time press of 10 digits. Thus, a vector in + + + R R... R (9 terms) when R + is the set of all positive real numbers is created and can be written as follows. Where digit j. I i, j IK i = [ Ii, 1, I i,2,..., Ii, 9 ] denotes the inter-key at the round i of In order to determine the interaction among the hold-time and the inter-key, the concatenation of HT vector i IK and i is performed as follows. Figure 2. Calculation method of the finger pressure value 3.4 Analyzing Features After transforming the data, we investigated the preliminary feasibility of these behavioral biometrics by k-nn classification method that is widely used in data analysis [8] [11]. In k-nn classification the similarity between a validation sample (testing set) vector and reference vectors (training set) are computed using Euclidean distances. The class of feature vector is determined by selecting the class that has majority among the k- nearest neighbors; these are called k-nearest neighbors [8]. Since the total size of a data set is vector values for each person, thus, this set was divided into two groups for in the analytical process; two-third for training set (20 vectors), and one third for testing set (10 vectors). The pattern classification test was performed with one user acting as the valid user, while all others are acting as impostors. ( HT IK) i = [ Hi, 1, H i,2,..., Hi,10, Ii,1, Ii,2,..., Ii, 9] 84

In all biometrics, the measurement values to assess the performance of keystroke dynamics are defined as following: False Acceptance Rate (FAR) refers to the percentage of imposter was accepted by the system. False Rejection Rate (FRR) refers to the percentage of authorized users was rejected from the system. Equal Error Rate (EER) refers to the rate at which both accept and reject errors are equal. Moreover, this value is used to compare the performance of different biometric techniques. 7. Results Equal Error Rate (%) 40 35 25 20 15 10 5 0 35 1 H I P HI HIP HP Features Figure 3. Equal Error Rate of each feature Figure 3 shows the EER values of all biometric measurement: the hold-time (H), the inter-key (I), the finger pressure (P). Additionally, the interactions among these metrics are considered; these are (1) keystroke dynamics which is the interaction between the hold-time and the inter-key (HI), (2) interaction between the hold-time and the finger pressure (HP), and (3) the interaction among three factors (HIP). Consider each main biometric according to Figure 3, the EER value of the hold-time is %, the inter-key is 35%, and the finger pressure has the lowest EER value, 1%. These numbers determine that the accuracy to identify a person can be obtained using the finger pressure value, and the alternative method is to apply the behavior of the hold-time or the inter-key. Referring to Figure 3, the interaction of biometrics is also considered, the results show that the best measurement value is obtained from the interaction between hold-time and finger pressure methods. This method has the EER value as same as the EER value of the finger pressure value, 1%. However, the interaction among three biometrics are also efficient because the EER value is only 9% while using the hold-time and the inter-key behavior does not be a good choice to identify persons since the EER value is 27% 27 9 1 8. Discussion As the fact that the use of mobile devices is rapidly growth and developed, the motivation of stealing is also increased. Therefore, in order to protect the mobile devices, in every type of mobile hardware, the authentication system was implemented. One method to authenticate the mobile users is the use of biometric value, measured from the biometrics methods. The results in this paper that measure the EER values, using k-nn method, from three different behavior measurement values: the hold-time (H), the inter-keys (I), the finger pressure (P) shows that using the finger pressure as the indicator to identify users is the best measurement value although [10] had proposed that the accuracy to identify users can be obtained from the interaction of all three factors (HIP) analyzed by the component-wise verification scheme. Additionally, using the interaction among the hold-time and the finger pressure is also another choice to identify users with high accuracy, in order to protect any forges because the accuracy rate is 99% which is somehow much better than using the keystroke dynamics that analyzed by FF-MLP proposed by [7]. Nevertheless, [8] proposed that the keystroke dynamics can also be applied to identify users with high accuracy, 99%, under the use of the k-nn analytical method. 9. Conclusion Since mobile devices are developed to serve various functions, thus important data may be stored in the mobile memory card. In order to protect those information and mobile system from unauthorized users, the authentication system must be installed unavoidably. Although there are various authenticate methods, using bio data is one of the most interesting area to be applied. Additionally, the development of the mobile system is moving forward to the touch screen system for user friendly and quick access mechanism. Therefore, this paper focuses on the study of implementing the Biometric measurement to identify users. We investigate the potential of each biometrics behavioral by individual and couple, comprise with the hold-time, the inter-key, and the finger pressure. The results have shown that using only the finger pressure with the k-nn analytical method can indicate users with accuracy rate as 99% which is the same as using the combination of the hold-time and the finger pressure. However, the interaction of all three metrics is another alternative method to identify users since the correctness of the identifying mechanism is up to 90%. Therefore, implementing these alternative methods as a 85

part of the authentication system of the mobile devices can assure that the system is well protected and difficult to be broken by any imposters. 10. References [1] GSMWorld.com:WorldCellularSubscribers http://www.gsmworld.com/using/security/advice.shtml [2] S. Nanavati, M. Thieme, and R. Nanavati, Biometrics identity verification in a networked world, John Wiley & Sons, 2002 [3] N.L. Clarke and S.M. Furnell, Authentication of users on mobile telephones A survey of attitudes and practices, Computers & Security, October 2005, Vol.24, pp. 519-527. [4] http://multi-touchscreen.com/iphone.html [5] R. Gaines, W. Lisowski, S. Press and N. Shapiro, Authentication by keystroke timing: some preliminary results. Rand Report R-2560-NSF, Rand Corporation California, 1980. [6] M.S. Obaidat and B. Sadom, Verification of Computer Users Using Keystroke Dynamics, IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics, April 1997, Vol. 27, pp.261-269. [7] N.L. Clarke and S.M. Furnell, Authenticating mobile phone users using keystroke analysis, International Journal of Information Security, Springer-Verlag, Berlin, Heidelberg, December 2006, pp.1-14. [8] J. Mantyiarvi, J. koivumaki and P. Vuori, keystroke recognition for virtual keyboard, Proceeding of international Conference on Multimedia and Expo, November 11, 2002, Vol. 2, pp.429-432. [9] S. Karatzouni and N. Clark, New Approaches for security, Privacy and Trust in Complex Environments, Springer Boston, Vol.32, 2007. [10] N J Grabham and N M White, Use of a Novel Keypad Biometric for Enhanced User Identity Verification, IEEE International Instrumentation and Measurement Technology Conference, Victoria, Vancouver Island, Canada, May 12-15, 2008. [11] S.R. Kulkarni, G. Lugosi, and S. S. Venkatesh, Learning Pattern Classification - Survey, IEEE Transaction on Information Theory, October 1998, Vol.44, pp. 2178-2206. 86

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information