Keystroke Biometric Test-Taker Setup

Background

For general background information see Overview of Biometric Projects.

We have been exploring keystroke biometric applications. Keystroke biometric systems measure typing characteristics believed to be unique to an individual and difficult to duplicate. There are two commercial products currently used for hardening passwords (short input) in existing computer security schemes. The keystroke biometric is one of the less-studied biometrics; researchers tend to collect their own data and no known studies have compared identification techniques on a common database. Nevertheless, the published literature is optimistic about the potential of keystroke dynamics to benefit computer system security and usability.

The keystroke biometric has several possible applications. One application is an authentication process (binary accept/reject response, yes you are the person you claim to be or no you are not). For example, password entry could be "hardened" by adding as a keystroke authentication process as a second stage following password matching before allowing user entry. Thus, if the password is not entered in the normal keystroke pattern, the system could ask the user to reenter it. For example, a user on a particular occasion might be drinking a cup of coffee and be entering the password uncharacteristically with one hand. The system, then, could reject the password, sending the user a message like, "Please reenter your password in your normal manner," and after, say, three tries, possibly rejecting the user entirely. The user upon receiving the message would likely put down the coffee cup and enter the password in his/her normal fashion in order to be accepted. Another use of such an authentication process is to authenticate students taking online tests by their keystroke patterns.

A second application is to identify an individual from his/her keystroke pattern (one-of-n response). Suppose, for example, there has been a problem with the circulation of offensive emails from easily accessible desktops in a work environment. The security department wants to reduce this problem by collecting keystroke biometric data from all employees and developing a keystroke biometric identification system.

Over the last five years, we have developed in CSIS at Pace University keystroke biometric systems for identification (one-of-n response) and for authentication (accept/reject response). We have presented experimental results at several internal conferences, at three external conferences, and have recently had a book chapter accepted for publication. The next paragraph contains the abstract of the book chapter; for the full paper and related slides see Keystroke Book Chapter and Slides.

ABSTRACT: A novel keystroke biometric system for long-text input was developed and evaluated for user identification and authentication applications. The system consists of a Java applet to collect raw keystroke data over the internet, a feature extractor, and pattern classifiers to make identification or authentication decisions. Experiments on over 100 subjects investigated two input modes - copy and free-text input - and two keyboard types - desktop and laptop keyboards. The system can accurately identify or authenticate individuals if the same type of keyboard is used to produce the enrollment and questioned input samples. Longitudinal experiments quantified performance degradation over intervals of several weeks and over an interval of two years. Additional experiments investigated the system's hierarchical model, parameter settings, assumptions, and sufficiency of enrollment samples and input-text length. Although evaluated on input texts up to 650 keystrokes, we found that input of 300 keystrokes, roughly four lines of text, is sufficient for the important applications described.

Project

This semester we will continue to develop a test-taker authentication application that uses the authentication system recently developed and being extended by Team 3, see references.

This application is designed to verify the identity of students taking online quizzes or tests, which is an application becoming more important with the student population of online classes increasing and instructors becoming concerned about evaluation security and academic integrity.

Your primary tasks on this project are as follows:

References

  1. Keystroke Book Chapter
  2. Keystroke Book Chapter Slides
  3. Last semester's technical paper