SECURI�G MOBLIE AUTHE�TICATIO� THROUGH
KEYSTROKES DY�AMICS
�itin Singh (07BIT138)
Prithumit Deb (07BIT157)
Aim To develop a security system for mobile devices that eliminates the vulnerability of PIN
(4-digit) security and which reduces the high end configuration and memory space
requirements of biometrics security.
Objective The issues that we will be handling in the project work is the vulnerability of PIN
security in mobile devices and providing an extra layer of security through Key Strokes
Dynamics based authentication system.
Also the problem of authentication error rates while using natural user keystroke pattern
will be worked upon. And a better mechanism which uses an artificial keystroke rhythm
with cues will be worked upon.
Method- Keystroke Dynamics based Authentication Security system for Mobile Devices
using Artificial typing rhythm and cues.
Principle- Making use of the behavioral pattern of the user rather than any physical
pattern or biometrics.
Motivation Now a days mobile device are widely used in financial applications such as banking,
ticket booking, m-commerence, stock trading etc. So data security and a proper user
authentication are very important for mobile devices. The draw backs of the existing
security mechanism are unlike computers, in mobile devices PIN (Personal Identification
Number) has been used as the only security mechanism for decades. PIN is only a 4-digit
(0000-9999) combination of numbers. The limited length of the PIN and the limitation in
digit combinations (only 10000) increases the chances of trial and error attacks and
shoulder surfing.
Often it is easy to guess the PIN of the user if the imposter knows some personal details
regarding the user (like date of birth, favorite number, and vehicle number etc. Recently
the use of biometrics has proved to improve the security of cell phones (finger print
recognition, facial recognition, voice recognition, iris scanning etc). But implementing
biometric authentication needs a lot of resources, configuration and memory which are
generally limited in small devices like cell phones. So a much simpler but efficient
authentication mechanism is required which improves the security of mobile devices.
Related Works
Existing works in order
Paper Title with Authors,
and year
Keystroke dynamics-
based authentication
for mobile devices.
(Seong-seob Hwang,
Sungzoon Cho,
Sunghoon Park)- 2008
Keystroke Dynamics as
a Biometric for
Authentication
(Fabian Monrose, Aviel
D. Rubin)- 1999
Specific problems/issues
discussed
Keystroke dynamics
based authentication
for mobile devices.
Security threats to a
computer and using
biometrics to increase
the level of security
Problem statement Data security through
keystrokes dynamics
based authentication
Result on the
Authentication based
on Keystrokes
dynamics and
comparison of the
experiment results with
the prior works
Assumptions User acquaintance with
typing in mobile
keypad
Users are familiar with
computers and
passwords
Constraints Limited user group for
the experiment
Limitation of user
group for data
collection
Process or operation or
functional description
Keystrokes Dynamics
based Authentication
Claimed advantages Less configuration and
memory space required
Claimed disadvantages Difficult to implement
for a larger and diverse
set of users with
varying typing pattern
The problem with
keystroke recognition is
that unlike other non-
static bio-metrics there
are no known features
or feature
transformations which
are dedicated solely to
carrying discriminating
information.
Algorithms used
Tools used 3G synchronized IMT-
2000 cellular system
(CDMA2000 1xEV-
MATLAB, C++, GNU
plot
DO)
Tables and fields Choice of Passwords
and use of typing
hands, Equal Error
rates, factors affecting
error rates
Domain tested Domain of 25 users
with average age 25.3
yrs
Data was collected
from 63 users
Metrics used with formula Euclidean Distance
measure, Non weighted
and weighted
probability
Performance graphs Cumulative
distribution of enroll,
login and imposter
distances
Future work proposed Applying the same
theory to a more
diverse user group
Recognition based on
free-text typing pattern
during the identification
process
System Design with Modules The idea described here will be useful for people who do their vital commercial activities
like banking, shopping and stock trading through their mobile devices in which the
security of personal data is vital.
Enrollment Process
Authentication Process
Store in the database
1. Username & PIN in encrypted form.
2. Keystroke Pattern of the user.
DATABASE 3. Threshold Value for the user.
4. Login Attempts made by user.
Generate
keystroke
pattern
graph from
the 5 inputs
Determine
suitable
Threshold
Value
4 digits PIN with
Artificial Typing
Rhythm using cues
(audio or visual)
Input 5 times for
enrollment
Username &
4 digits PIN
Authenticate
Valid
Input username &
PIN from the user
Retrieve the PIN
from database
Decryption
Check PIN validation
KDA Authentication
Retrieve keystroke
pattern & threshold
value from database
Check if the login
pattern is lies within
the threshold value
found during the
enrollment process. If Invalid
Implementation Procedure
Proposed Algorithm:
1. Start
2. Enroll the keystroke pattern of the user
3. The Enrollment process is done 5 times to minimize the error rates and to determine a
suitable threshold values.
4. Artificial Keystroke rhythm will be used and cues (audio) will be provided to help the
user make a consistent and unique pattern
5. The threshold limit for the user’s keystroke pattern is determined.
6. The users PIN in encrypted format, enrollment pattern, and threshold limit and login
attempts are stored in a database
7. Next during Authentication the PIN is validated first after decrypting the PIN from the
database. If found valid then it proceeds to the next step of KDA or else the user will be
asked for the PIN again
8. In the KDA the user again types the PIN in the artificial rhythm (with cues) in which
he has enrolled.
9. The keystroke pattern is generated again and checked if it’s between the threshold
values. If it’s found in the suitable threshold range then the user is authenticated or else
authentication is rejected.
10. Stop
Database and Software
1. Database containing the user’s enrolment and login information and his keystroke
pattern
2. Platform- J2ME
3. Hardware- Multimedia Cell Phones supporting MIDP 2.0
4. Software-Emulator- Sun JAVA Wireless Toolkit 2.5.2
References
1. “Keystrokes dynamics-based authentication for mobile devices”, Seong-seob Hwang,
Sungzoon Cho, Sunghoon Park
Journal homepage: www.elsevier.com/locate/cose
2. “Keystroke Dynamics as a Biometric for Authentication”, Fabian Monrose, Aviel D.
Rubin.
3. “Keystroke Dynamics”, P018 - term project, 2001, Petre Svenda, Masyark University
MINI PROJECT PROPOSALMINI PROJECT PROPOSALMINI PROJECT PROPOSALMINI PROJECT PROPOSAL
Submitted by:-
�itin Singh (07BIT138)
Prithumit Deb (07BIT157)
B-Tech Information Technology (C-Batch)
Project Guide: - J. Gitanjali (Assistant Professor)
Submitted on- 17.08.09
VIT University
Top Related