Search Results (22)

Traditional user authentication mechanisms in information systems, such as passwords and biometrics, remain vulnerable to forgery, theft, and privacy breaches. To address these limitations, this study proposes a two-factor authentication framework that integrates Channel State Information (CSI) with conventional methods to enhance security and reliability. The proposed approach leverages unique CSI variations induced by user-specific keystroke dynamics to extract discriminative biometric features. A robust signal processing pipeline is implemented, combining Hampel filtering, Butterworth low-pass filtering, and wavelet transform threshold denoising to eliminate noise and outliers from raw CSI data. Feature extraction is further optimized through a dual-threshold moving window detection algorithm for precise activity segmentation, a subcarrier selection method to filter redundant or unstable channels, and principal component analysis (PCA) to reduce feature dimensionality while retaining 90% of critical information. For classification, a kernel support vector machine (SVM) model is trained using a randomized hyperparameter search algorithm. The SVM classifies the CSI feature patterns obtained from user-specific keystroke dynamics, which are processed by Hampel filtering, Butterworth low-pass filtering, wavelet transform threshold denoising, a dual-threshold moving window detection algorithm, a subcarrier selection method, and PCA, to achieve optimal performance. The experimental results show that the user recognition accuracy of this algorithm is 2–3% better than current algorithms. Full article

Background: Keystroke dynamics authentication is a behavioral biometric method that verifies user identity by analyzing typing patterns. While traditional machine learning methods (e.g., decision trees, SVM) have shown potential in this field, their performance suffers in real-world scenarios due to data imbalance and limited recognition of certain classes, undermining system security and reliability. Methods: To address these issues, this study combines the Synthetic Minority Over-sampling Technique (SMOTE) with ensemble learning methods to improve classification accuracy. A Django-based platform was developed for standardized keystroke data collection, generating a balanced dataset to evaluate various classifiers. Experiments: Experiments were conducted using both the Django-collected dataset and the CMU benchmark dataset to compare traditional classifiers with SMOTE-enhanced ensemble learning models, such as Random Forest, XGBoost, and Bagging, on metrics like accuracy, recall, G-mean, and F1-score. Conclusions: The results show that SMOTE-enhanced ensemble learning models significantly outperform traditional classifiers, particularly in detecting minority classes. This approach effectively addresses data imbalance, improving model robustness and security, and provides a practical reference for building more reliable keystroke dynamics authentication systems. Full article

Keystroke dynamics is the field of computer science that exploits data derived from the way users type. It has been used in authentication systems, in the identification of user characteristics for forensic or commercial purposes, and to identify the physical and mental state of users for purposes that serve human–computer interaction. Studies of keystroke dynamics have used datasets created from volunteers recording fixed-text typing or free-text typing. Unfortunately, there are not enough keystroke dynamics datasets available on the Internet, especially from the free-text category, because they contain sensitive and personal information from the volunteers. In this work, a free-text dataset is presented, which consists of 533 logfiles, each of which contains data from 3500 keystrokes, coming from 164 volunteers. Specifically, the software developed to record user typing is described, the demographics of the volunteers who participated are given, the structure of the dataset is analyzed, and the experiments performed on the dataset justify its utility. Full article

User-generated passwords often pose a security risk in authentication systems. However, providing a comparative substitute poses a challenge, given the common tradeoff between security and user experience. This paper integrates cryptographic methods (both asymmetric and symmetric), steganography, and a combination of physiological and behavioural biometrics to construct a prototype for a passwordless authentication system. We demonstrate the feasibility of scalable passwordless authentication while maintaining a balance between usability and security. We employ threat modeling techniques to pinpoint the security prerequisites for the system, along with choosing appropriate cryptographic protocols. In addition, a comparative analysis is conducted, examining the security impacts of the proposed system in contrast to that of traditional password-based systems. The results from the prototype indicate that authentication is possible within a timeframe similar to passwords (within 2 s), without imposing additional hardware costs on users to enhance security or compromising usability. Given the scalable nature of the system design and the elimination of shared secrets, the financial and efficiency burdens associated with password resets are alleviated. Furthermore, the risk of breaches is mitigated as there is no longer a need to store passwords and/or their hashes. Differing from prior research, our study presents a pragmatic design and prototype that deserves consideration as a viable alternative for both password-based and passwordless authentication systems. Full article

This research article delves into the development of a reinforcement learning (RL)-based continuous authentication system utilizing behavioral biometrics for user identification on computing devices. Keystroke dynamics are employed to capture unique behavioral biometric signatures, while a reward-driven RL model is deployed to authenticate users throughout their sessions. The proposed system augments conventional authentication mechanisms, fortifying them with an additional layer of security to create a robust continuous authentication framework compatible with static authentication systems. The methodology entails training an RL model to discern atypical user typing patterns and identify potentially suspicious activities. Each user’s historical data are utilized to train an agent, which undergoes preprocessing to generate episodes for learning purposes. The environment involves the retrieval of observations, which are intentionally perturbed to facilitate learning of nonlinear behaviors. The observation vector encompasses both ongoing and summarized features. A binary and minimalist reward function is employed, with principal component analysis (PCA) utilized for encoding ongoing features, and the double deep Q-network (DDQN) algorithm implemented through a fully connected neural network serving as the policy net. Evaluation results showcase training accuracy and equal error rate (EER) ranging from 94.7% to 100% and 0 to 0.0126, respectively, while test accuracy and EER fall within the range of approximately 81.06% to 93.5% and 0.0323 to 0.11, respectively, for all users as encoder features increase in number. These outcomes are achieved through RL’s iterative refinement of rewards via trial and error, leading to enhanced accuracy over time as more data are processed and incorporated into the system. Full article

As artificial intelligence has evolved, deep learning models have become important in extracting and interpreting complex patterns from raw multidimensional data. These models produce multidimensional embeddings that, while containing a lot of information, are often not directly understandable. Dimensionality reduction techniques play an important role in transforming multidimensional data into interpretable formats for decision support systems. To address this problem, the paper presents an analysis of dimensionality reduction and visualization techniques that embrace complex data representations and are useful inferences for decision systems. A novel framework is proposed, utilizing a Siamese neural network with a triplet loss function to analyze multidimensional data encoded into images, thus transforming these data into multidimensional embeddings. This approach uses dimensionality reduction techniques to transform these embeddings into a lower-dimensional space. This transformation not only improves interpretability but also maintains the integrity of the complex data structures. The efficacy of this approach is demonstrated using a keystroke dynamics dataset. The results support the integration of these visualization techniques into decision support systems. The visualization process not only simplifies the complexity of the data, but also reveals deep patterns and relationships hidden in the embeddings. Thus, a comprehensive framework for visualizing and interpreting complex keystroke dynamics is described, making a significant contribution to the field of user authentication. Full article

The rapid development of information and communication technologies and the widespread use of the Internet has made it imperative to implement advanced user authentication methods based on the analysis of behavioural biometric data. In contrast to traditional authentication techniques, such as the simple use of passwords, these new methods face the challenge of authenticating users at more complex levels, even after the initial verification. This is particularly important as it helps to address risks such as the possibility of forgery and the disclosure of personal information to unauthorised individuals. In this study, the use of keystroke dynamics has been chosen as a biometric, which is the way a user uses the keyboard. Specifically, a number of Bulgarian-speaking users have been recorded during their daily keyboard use, and then a system has been implemented which, with the help of machine learning models, recognises certain acquired or intrinsic characteristics in order to reveal part of their identity. The results show that users can be categorised using keystroke dynamics, in terms of the age group they belong to and in terms of their educational level, with high accuracy rates, which is a strong indication for the creation of applications to enhance user security and facilitate their use of Internet services. Full article

Keystroke dynamics is a biometric method that uses a subject’s typing patterns for authentication or identification. In this paper we investigate typing language as a factor influencing an individual’s keystroke dynamics. Specifically, we discern whether keystroke dynamics is contingent on the spatial arrangement of letters on the keyboard, or alternatively, whether it is influenced by the linguistic characteristics inherent to the language being used. For this purpose, we construct a new dataset called the Bilingual Keystroke Dynamics Dataset in two languages: English and Arabic. The results show that the authentication system is not contingent on the spatial arrangement of the letters, and is primarily influenced by the language being used, and a system that is used by bilingual users must take into account that each user should have two profiles created, one for each language. An average equal error rate of 0.486% was achieved when enrolling in English and testing on Arabic, and 0.475% when enrolling in Arabic and testing on English. Full article

Keystroke authentication is a well-established biometric technique that has gained significant attention due to its non-intrusive and continuous characteristics. The method analyzes the unique typing patterns of individuals to verify their identity while interacting with the keyboard, both virtual and hardware. Current deep-learning approaches like TypeNet and TypeFormer focus on generating biometric signatures as embeddings for the entire typing sequence. The authentication process is defined using the Euclidean distances between the new typing embedding and the saved biometric signatures. This paper introduces a novel approach called DoubleStrokeNet for authenticating users through keystroke analysis using bigram embeddings. Unlike conventional methods, our model targets the temporal features of bigrams to generate user embeddings. This is achieved using a Transformer-based neural network that distinguishes between different bigrams. Furthermore, we employ self-supervised learning techniques to compute embeddings for both bigrams and users. By harnessing the power of the Transformer’s attention mechanism, the DoubleStrokeNet approach represents a significant departure from existing methods. It allows for a more precise and accurate assessment of user authenticity, specifically emphasizing the temporal characteristics and latent representations of bigrams in deriving user embeddings. Our experiments were conducted using the Aalto University keystrokes datasets, which include 136 million keystrokes from 168,000 subjects using physical keyboards and 63 million keystrokes acquired on mobile devices from 60,000 subjects. The DoubleStrokeNet outperforms the TypeNet-based authentication system using 10 enrollment typing sequences, achieving Equal Error Rate (EER) values of 0.75% and 2.35% for physical and touchscreen keyboards, respectively. Full article

Smartphones have emerged as a ubiquitous personal gadget that serve as a repository for individuals’ significant personal data. Consequently, both physiological and behavioral traits, which are classified as biometric technologies, are used in authentication systems in order to safeguard data saved on smartphones from unauthorized access. Numerous authentication techniques have been developed; however, several authentication variables exhibit instability in the face of external influences or physical impairments. The potential failure of the authentication system might be attributed to several unpredictable circumstances. This research suggests that the use of distinctive and consistent elements over an individual’s lifespan may be employed to develop an authentication classification model. This model would be based on prevalent personal behavioral biometrics and could be readily implemented in security authentication systems. The biological biometrics acquired from an individual’s typing abilities during data entry include their name, surname, email, and phone number. Therefore, it is possible to establish and use a biometrics-based security system that can be sustained and employed during an individual’s lifetime without the explicit dependance on the functionality of the smartphone devices. The experimental findings demonstrate that the use of a mobile touchscreen as the foundation for the proposed verification mechanism has promise as a high-precision authentication solution. Full article

The paper addresses issues concerning secure authentication in computer systems. We focus on multi-factor authentication methods using two or more independent mechanisms to identify a user. User-specific behavioral biometrics is widely used to increase login security. The usage of behavioral biometrics can support verification without bothering the user with a requirement of an additional interaction. Our research aimed to check whether using information about how partial passwords are typed is possible to strengthen user authentication security. The partial password is a query of a subset of characters from a full password. The use of partial passwords makes it difficult for attackers who can observe password entry to acquire sensitive information. In this paper, we use a Siamese neural network and n-shot classification using past recent logins to verify user identity based on keystroke dynamics obtained from the static text. The experimental results on real data demonstrate that keystroke dynamics authentication can be successfully used for partial password typing patterns. Our method can support the basic authentication process and increase users’ confidence. Full article

Investigation and detection of cybercrimes has been in the spotlight of cybersecurity research for as long as the topic has existed. Modern methods are required to keep up with the pace of the technology and toolset used to facilitate these crimes. Keystroke-injection attacks have been an issue due to the limitations of hardware and software up until recently. This paper presents comprehensive research on keystroke-injection payload generation that proposes the use of deep learning to bypass the security of keystroke-based authentication systems focusing on both fixed-text and free-text scenarios. In addition, it specifies the potential risks associated with keystroke-injection attacks. To ensure the legitimacy of the investigation, a model is proposed and implemented within this context. The results of the implemented implant model inside the keyboard indicate that deep learning can significantly improve the accuracy of keystroke dynamics recognition as well as help to generate effective payload from a locally collected dataset. The results demonstrate favorable accuracy rates, with reported performance of 93–96% for fixed-text scenarios and 75–92% for free-text. Accuracy across different text scenarios was achieved using a small dataset collected with the proposed implant model. This dataset enabled the generation of synthetic keystrokes directly within a low-computation-power device. This approach offers efficient and almost real-time keystroke replication. The results obtained show that the proposed model is sufficient not only to bypass the fixed-text keystroke dynamics system, but also to remotely control the victim’s device at the appropriate time. However, such a method poses high security risks when deploying adaptive keystroke injection with impersonated payload in real-world scenarios. Full article

Can digital technologies provide a passive unobtrusive means to observe and study cognition outside of the laboratory? Previously, cognitive assessments and monitoring were conducted in a laboratory or clinical setting, allowing for a cross-sectional glimpse of cognitive states. In the last decade, researchers have been utilizing technological advances and devices to explore ways of assessing cognition in the real world. We propose that the virtual keyboard of smartphones, an increasingly ubiquitous digital device, can provide the ideal conduit for passive data collection to study cognition. Passive data collection occurs without the active engagement of a participant and allows for near-continuous, objective data collection. Most importantly, this data collection can occur in the real world, capturing authentic datapoints. This method of data collection and its analyses provide a more comprehensive and potentially more suitable insight into cognitive states, as intra-individual cognitive fluctuations over time have shown to be an early manifestation of cognitive decline. We review different ways passive data, centered around keystroke dynamics, collected from smartphones, have been used to assess and evaluate cognition. We also discuss gaps in the literature where future directions of utilizing passive data can continue to provide inferences into cognition and elaborate on the importance of digital data privacy and consent. Full article

The safeguarding of online services and prevention of unauthorized access by hackers rely heavily on user authentication, which is considered a crucial aspect of security. Currently, multi-factor authentication is used by enterprises to enhance security by integrating multiple verification methods rather than relying on a single method of authentication, which is considered less secure. Keystroke dynamics is a behavioral characteristic used to evaluate an individual’s typing patterns to verify their legitimacy. This technique is preferred because the acquisition of such data is a simple process that does not require any additional user effort or equipment during the authentication process. This study proposes an optimized convolutional neural network that is designed to extract improved features by utilizing data synthesization and quantile transformation to maximize results. Additionally, an ensemble learning technique is used as the main algorithm for the training and testing phases. A publicly available benchmark dataset from Carnegie Mellon University (CMU) was utilized to evaluate the proposed method, achieving an average accuracy of 99.95%, an average equal error rate (EER) of 0.65%, and an average area under the curve (AUC) of 99.99%, surpassing recent advancements made on the CMU dataset. Full article

In order to improve user authentication accuracy based on keystroke dynamics and mouse dynamics in hybrid scenes and to consider the user operation changes in different scenes that aggravate user status changes and make it difficult to simulate user behaviors, we present a user authentication method entitled SIURUA. SIURUA uses scene-irrelated features and user-related features for user identification. First, features are extracted based on keystroke data and mouse movement data. Next, scene-irrelated features that have a low correlation with scenes are obtained. Finally, scene-irrelated features are fused with user-related features to ensure the integrity of the features. Experimental results show that the proposed method has the advantage of improving user authentication accuracy in hybrid scenes, with an accuracy of 84% obtained in the experiment. Full article