In-Class Exercise:
Evaluating a Keystroke Biometric Authentication System

Tools: KeyTrac Authenticator, prepared Excel Spreadsheet

In this exercise we will conduct an experiment using a biometric system found on the internet. Because many biometric systems are available on the internet other similar experiments can easily be designed.

This exercise uses the KeyTrac System that authenticates a person by their typing dynamics. Keytrac is one of the companies that provides an additional layer of security, often referred to as "password hardening," on entering userid/password access information. The system uses the keystroke information from the user's entered userid and password, and the more consistently the user types their userid and password, the better the system performs (higher accuracy). Longer userids and passwords also helps because it gives the system more keystroke input to analyze. For reasonable statistical analysis the exercise works best for a class or group of at least 10 people, preferably 20-30 or more.

Before performing the exercise, the following should be discussed:

This exercise consists of the following steps:

  1. Find a partner to pair up with, preferably one who uses a similar computer keyboard. Each of you will try to be authenticated by the system and will also try to enter the system posing as your partner.
  2. Collecting data: the data required for this exercise consists of authentic and imposter scores obtained from all the participants using the KeyTrac system.
  3. Performing an analysis of the data: the data are entered into the prepared spreadsheet that automatically performs an analysis of the data.
  4. Determining the performance (accuracy) of the biometric system: usually measured by the Equal Error Rate (EER) or the Performance (1-EER) of the system.

Key ingredient of exercise:

Student learning outcomes: