Number-Pad Keystroke Biometric System


This project will investigate the accuracy of keystroke biometrics when operating on passwords consisting only of digits. All-digit passwords are used, for example, on automated teller machines, mobile phones, and digital security keypads. If reasonably accurate, keystroke biometrics could provide an additional layer of security in these applications.

Project (no programming)

The focus will be on numeric entry on a number keypad and will essentially replicate the experiment described in [1], and the experiment will be conducted carefully as described in [2].

The experiments will involve collecting 200 ERROR FREE samples of a 10-digit string followed by the ENTER key (11 key presses), "9141937761 ENTER", from 50 people. No more than 50 samples can be collected per session per person per day. This means it will take a minimum of 4 days to collect all 200 samples for a single person. Collecting the data samples will be a huge task.

To learn the experimental procedure, preliminary experiments can be conducted once data from roughly 5 people has been obtained. Final experiments will be run on the full data set. All experiments will be run using the Pace University Keystroke Biometrics System (PKBS) to obtain results. This includes the following steps:

  1. Install the Fimbel Keylogger on machines to collect the data samples.
  2. Convert the Fimbel Keylogger Sample files into PKBS format.
  3. Prepare training and testing files for input to the PKBS. This involves running the Feature Extractor program to produce a feature file and then separating that into a training and testing file.
  4. Run the training and testing files through the PKBS to obtain an output file.
  5. Run the PKBS output file through the BAS Calculator program to obtain FAR, FRR, and overall performance.
  6. Run the BAS Calculator output through the ROC Curve Data Generator program to obtain Receiver Operating Characteristic (ROC) curves.

Code and Instructions

All code and instructions will be provided by customer Ned Bakelman and/or Vinnie Monnaco.

Time Permitting - Project Extension - Keylogger Implementation (programming)

According to Wikipedia, "Keystroke logging (often called keylogging) is the action of tracking (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored." Parents often install keylogger software on the home computer so they can track what their kids do on the computer and particularly what websites they visit.

Some keylogger software will not only record the sequence of keys struck but also their timing information, that is when a key is struck and when it is released. If this timing information is sufficiently accurate, it can be used for biometric purposes.

Over the last seven or so years we have developed the powerful Pace University Keystroke Biometric System (PKBS). Two data capturing systems were used in this work - a Java applet and a freely available keylogger developed by Eric Fimbel. Although these systems record the keystroke timing information in millisecond format, the actual resolution has been estimated to be only about 15 milliseconds [3].

This project extension, time permitting, will develop a more accurate keylogger, possibly with a resolution of 200 microseconds [1]. A Google search on "keylogger c++" will yield some possibilities. As a minimum, a rough estimate of the difficulty of this task should be provided.


  1. Maxion, Roy A. and Killourhy, Kevin S. (2010). Keystroke Biometrics with Number-Pad Input. In IEEE/IFIP International Conference on Dependable Systems & Networks (DSN-10), pp. 201-210, Chicago, Illinois, 28 June to 01 July 2010. IEEE Computer Society Press, Los Alamitos, California, 2010.
  2. Maxion, Roy A. (2011). Making Experiments Dependable. The Next Wave / NSA Magazine, Vol. 19, No. 1, pp. 13-22, March 2012, National Security Agency, Ft. Meade, Maryland. Reprinted from Dependable and Historic Computing , LNCS 6875, pp. 344-357, Springer, Berlin, 2011.
  3. Killourhy, Kevin S. and Maxion, Roy A. (2011). The Effect of Clock Resolution on Keystroke Dynamics. In 11th International Symposium on Recent Advances in Intrusion Detection (RAID-08), 15-17 September 2008, Cambridge, Massachusetts, R. Lippmann, E. Kirda and A. Trachtenberg (Eds.), Lecture Notes in Computer Science (LNCS), Vol. 5230, pp. 331-350, Springer-Verlag, Berlin, Heidelberg.