Keystroke dynamics: Biometrics at your fingertips
15 June, 2007
category: Biometrics, Library
By Ryan Kline, Contributing Editor
On May 24, 1844, the message, “What hath God wrought!” was sent by telegraph from Baltimore, Maryland, to our nation’s Capitol in Washington, DC. A new era in long-distance communications had begun. By the 1860s, the telegraph revolution was in full swing, and telegraph operators had become a valuable resource. Each operator developed his own unique signature and could be identified simply by his tapping rhythm.
As late as World War II, the military still relied on Morse code to transmit its messages. Military intelligence identified that many individuals had their own way of keying in a message’s dots and dashes, creating a rhythm that could help distinguish ally from enemy.
Telegraphs and Morse code lead to the earliest examples of keystroke dynamics, a behavioral biometric indicator which can be used to recognize an individual based on a behavioral characteristic rather than the more common physiological measures.
Science of keystroke dynamics
Modern keystroke dynamics utilizes behavioral biometrics in an effort to identify individuals by the manner and rhythm that he or she types characters on a keyboard or keypad. The keystroke rhythms of the user are measured to develop a unique biometric template of the user’s typing pattern for future authentication. Raw measurements available from most every keyboard can be recorded to determine dwell time (the time a key is pressed) and flight time (the time between key down and the next key down and the time between key up and the next key up). After the recording is made, it is processed through a specialized algorithm, which determines a primary pattern for future comparison.
Speed & errors help identify the individual
In the most basic case, simple rules can be used to determine if the correct individual user is attempting to log in to a system. For example, if we know that ‘Bob’ types at a rate at 20 words per minute, and the subject is typing at 70 words per minute, it is almost certain that it is not Bob. This test, called a one-way test, is based simply on raw speed uncorrected for errors. It is always possible for people to type slower than normal, but it is unusual for them to suddenly type twice their normal speed.
One could also assume that the mystery user at the keyboard and Bob both type at 50 words per minute; but Bob never felt comfortable with the location of numbers on the keyboard and always has to slow down an extra half-second to enter a number. If the mystery user does not slow down for numbers, then, again, it is safe to assume the presence of an imposter.
The time to get to and depress a key (seek-time), and the time the key is held down (hold-time) may be very characteristic for each person, regardless of how fast they are typing overall. Most people have specific letters that take them longer to find or get to than their seek-time for most other letters, but the specific letters that take longer can vary dramatically from person to person. Right-handed people often have faster seek-times when using their right hand fingers when compared to their left hand fingers. Index fingers may also be characteristically faster than other fingers to a degree that is consistent for a person day-to-day regardless of his overall speed that day.
Additionally, sequences of letters may have characteristic properties for a person, which are often called rapid-fire sequences. In English, the word “the” would be considered a rapid-fire sequence, along with common endings, such as “ing.” The rapid-fire sequencing will often vary enough to consistently distinguish different users.
Common “errors” may also be characteristic of a person, and there is an entire taxonomy of errors, such as common substitutions, reversals, double-strikes, adjacent letter hits, homonyms, and hold-length-errors (for a shift key held down too short or too long a time). Even without knowing what language a person is working in, by looking at the rest of the text and what letters the person goes back and replaces, these errors can often be detected. These patterns of errors can differentiate two people who tend to make different errors.
Authentication versus identification
Keystroke dynamics identifies patterns that are strictly based on statistics, and are not as reliable as other biometrics that are often used for authentication (e.g. fingerprints, retinal scans). The benefit to keystroke dynamics is that they can be captured continuously during a session triggering an alarm to another system or person if the keystrokes do not match the recorded formula. (Note: Keystroke dynamics are not always implemented for continuous monitoring and often are used only when someone is logging in to a workstation at the start of a session.)
In some cases, a person at gunpoint might be forced to access his computer by entering a password or providing his fingerprint. But once logged in, the authenticated individual could be replaced by someone else at the keyboard. Keystroke dynamics could stop this from happening because the person at gunpoint may not be able to log in to the workstation properly. Even if he could and the intruder took over, the intruder could be detected and locked out via continuous monitoring.
Keystroke dynamics could also protect doctor/patient confidentiality. If a doctor forgets to log out of an electronic medical filing system, keystroke dynamics could identify when someone other than the authenticated user was typing.
Temporal variation
One of the major hurdles that keystroke dynamics has encountered is that a person’s typing varies substantially during a day and between different days. People may become tired or angry, switch computers, reposition their keyboard, or even talk on the phone or otherwise be distracted. These seemingly small shifts could affect the way that the computer interprets a user’s keystroke dynamics. These variations will cause error rates to almost any system, both false positives and false negatives. A valid solution that uses keystroke dynamics must take these elements into account, and strive to decrease false positives and negatives.
Even considering these possible false results, the United States National Bureau of Standards asked SRI International to conduct a study on the use of keystroke dynamics for computer security in the early 1980s. The results of the study demonstrated that a simple security measure, such as a username and password sequence, was sufficient for virtually error-free authentication of users.
Commercial products
There are several home and commercial software products that use keystroke dynamics to authenticate a user.
BioPassword is a patented commercial system that uses keystroke dynamics to restrict access to computers. In 1984, International Bioaccess Systems Corporation acquired all the rights to the keystroke dynamics technology that had been developed by SRI International.
Deepnet Security isdeveloper of a keystroke biometric authentication system, TypeSense. It is claimed that this product employs advanced new algorithms such as auto-correlative training and adaptive learning, and achieves better results than similar products.
iMagic Software makes Trustable Passwords and Trustable Presence. Trustable Passwords is its flagship product delivering authentication via password rhythm recognition across all enterprise access points. Trustable Presence couples Trustable Passwords with RFID Proximity badges and readers.
