typing pattern authentication techniques 3 rd quarter luke knepper
TRANSCRIPT
![Page 1: Typing Pattern Authentication Techniques 3 rd Quarter Luke Knepper](https://reader035.vdocuments.net/reader035/viewer/2022062322/5697c0301a28abf838cda73c/html5/thumbnails/1.jpg)
Typing Pattern Authentication Techniques
3rd Quarter
Luke Knepper
![Page 2: Typing Pattern Authentication Techniques 3 rd Quarter Luke Knepper](https://reader035.vdocuments.net/reader035/viewer/2022062322/5697c0301a28abf838cda73c/html5/thumbnails/2.jpg)
Agenda
Background Final Process Experimentation Current Results Goals
![Page 3: Typing Pattern Authentication Techniques 3 rd Quarter Luke Knepper](https://reader035.vdocuments.net/reader035/viewer/2022062322/5697c0301a28abf838cda73c/html5/thumbnails/3.jpg)
The Dilemma
Passwords can sometimes be suboptimal Advanced biometrics are expensive Need an alternative
![Page 4: Typing Pattern Authentication Techniques 3 rd Quarter Luke Knepper](https://reader035.vdocuments.net/reader035/viewer/2022062322/5697c0301a28abf838cda73c/html5/thumbnails/4.jpg)
A Solution
• Authenticate people by how they type
• Typing patterns differ by person
• Studies show that people can be authenticated by their typing patterns
• Cheap and flexible to implement
![Page 5: Typing Pattern Authentication Techniques 3 rd Quarter Luke Knepper](https://reader035.vdocuments.net/reader035/viewer/2022062322/5697c0301a28abf838cda73c/html5/thumbnails/5.jpg)
A Problem
• Usually will measure the user's keystrokes when typing in username & passwords
• Commercial packages available (ex. Psylock)
• However, uses static text (username & password) → easy to hack
• Need an improvement
![Page 6: Typing Pattern Authentication Techniques 3 rd Quarter Luke Knepper](https://reader035.vdocuments.net/reader035/viewer/2022062322/5697c0301a28abf838cda73c/html5/thumbnails/6.jpg)
The Fix
• Generate random text and record keystrokes while the user types it
• Not a static text segment → Makes it considerably harder to hack
![Page 7: Typing Pattern Authentication Techniques 3 rd Quarter Luke Knepper](https://reader035.vdocuments.net/reader035/viewer/2022062322/5697c0301a28abf838cda73c/html5/thumbnails/7.jpg)
Another Advantage
• What if another person jumps on the computer while you are logged in?
• Can continuously monitor the user's typing patterns during program use
• If a change is detected, system suspects an intruder and locks the user out
![Page 8: Typing Pattern Authentication Techniques 3 rd Quarter Luke Knepper](https://reader035.vdocuments.net/reader035/viewer/2022062322/5697c0301a28abf838cda73c/html5/thumbnails/8.jpg)
Background
Measures users' typing patterns, compares to a previous standard
Technique first used in WWII Works with ~90% Accuracy Usually implemented in a neural network
structure
![Page 9: Typing Pattern Authentication Techniques 3 rd Quarter Luke Knepper](https://reader035.vdocuments.net/reader035/viewer/2022062322/5697c0301a28abf838cda73c/html5/thumbnails/9.jpg)
Background
![Page 10: Typing Pattern Authentication Techniques 3 rd Quarter Luke Knepper](https://reader035.vdocuments.net/reader035/viewer/2022062322/5697c0301a28abf838cda73c/html5/thumbnails/10.jpg)
Process (front-end)
On account set-up, user will type large amounts of dynamic text
On subsequent log-ins, user will type smaller amount of dynamic text
User will still need to use username, password, etc.
![Page 11: Typing Pattern Authentication Techniques 3 rd Quarter Luke Knepper](https://reader035.vdocuments.net/reader035/viewer/2022062322/5697c0301a28abf838cda73c/html5/thumbnails/11.jpg)
Process (back-end)
Set-up data will be used to breed (i.e. train) a neural network
The optimal weight vector can be generated efficiently via back-propagation, genetic algorithms, parallel processing
Log-in data will be fed through neural network: result either meets threshold (admitted) or does not meet (rejected)
![Page 12: Typing Pattern Authentication Techniques 3 rd Quarter Luke Knepper](https://reader035.vdocuments.net/reader035/viewer/2022062322/5697c0301a28abf838cda73c/html5/thumbnails/12.jpg)
Continuous Authentication
• Uses same general process as log-in time authentication
• Measures the user's typing patterns while the system is in use
• Runs the typing data through the neural network at regular intervals
• Raise the warning level if a change is detected, lock out after critical point
![Page 13: Typing Pattern Authentication Techniques 3 rd Quarter Luke Knepper](https://reader035.vdocuments.net/reader035/viewer/2022062322/5697c0301a28abf838cda73c/html5/thumbnails/13.jpg)
Experimentation
Goals: Develop and test the accuracy of
different types of neural networks for this purpose
Develop and test log-in authentication application
Develop and test continuous authentication application
![Page 14: Typing Pattern Authentication Techniques 3 rd Quarter Luke Knepper](https://reader035.vdocuments.net/reader035/viewer/2022062322/5697c0301a28abf838cda73c/html5/thumbnails/14.jpg)
Experimentation
Neural Network Optimization:
1. Develop online data collection applet
2. Collect massive amounts of data
3. Use data to train multiple neural network types
4. Test different network types to determine accuracy of each type
![Page 15: Typing Pattern Authentication Techniques 3 rd Quarter Luke Knepper](https://reader035.vdocuments.net/reader035/viewer/2022062322/5697c0301a28abf838cda73c/html5/thumbnails/15.jpg)
Experimentation
Neural Network Optimization:
Will train a neural network for each data file collected
Sample data will be sent through the neural network
Success vs. Failure ratio will be measured and compared between different network types
![Page 16: Typing Pattern Authentication Techniques 3 rd Quarter Luke Knepper](https://reader035.vdocuments.net/reader035/viewer/2022062322/5697c0301a28abf838cda73c/html5/thumbnails/16.jpg)
Experimentation
Accuracy Testing:
1. Collect large number of test subjects
2. Subjects set up dummy accounts
3. Subjects attempt to log into their accounts and accounts of others on subsequent sittings (spaced out by 1 week and 1 month)
4. Measure final accuracy
![Page 17: Typing Pattern Authentication Techniques 3 rd Quarter Luke Knepper](https://reader035.vdocuments.net/reader035/viewer/2022062322/5697c0301a28abf838cda73c/html5/thumbnails/17.jpg)
Current Results
Proof-of-concept program Determines the mystery typer between two
known users Uses simple single-layer neural network Correct 18 / 20 = 90%
![Page 18: Typing Pattern Authentication Techniques 3 rd Quarter Luke Knepper](https://reader035.vdocuments.net/reader035/viewer/2022062322/5697c0301a28abf838cda73c/html5/thumbnails/18.jpg)
Current Results
Data collection Flash applet Shows user segment of dynamic text, asks
them to type it in a box below Records their keystroke times Sends keystroke data to server to be
stored in separate files Collected over 1,500 samples
![Page 19: Typing Pattern Authentication Techniques 3 rd Quarter Luke Knepper](https://reader035.vdocuments.net/reader035/viewer/2022062322/5697c0301a28abf838cda73c/html5/thumbnails/19.jpg)
Current Results
Keystroke data file format:
– For each keystroke, records the following:
Key-# / up-or-down / time-in-millis
Example: “65 U 22424”– Flexible format allows for different
characteristics to be measured (e.g. time between strokes or time of depression)
![Page 20: Typing Pattern Authentication Techniques 3 rd Quarter Luke Knepper](https://reader035.vdocuments.net/reader035/viewer/2022062322/5697c0301a28abf838cda73c/html5/thumbnails/20.jpg)
Current Results
Working on an automated testing system First will train neural networks of each type
for every data file as noted before Then will record the results of each neural
network through automated tested Finally will compute statistics for the
accuracy of the different types
![Page 21: Typing Pattern Authentication Techniques 3 rd Quarter Luke Knepper](https://reader035.vdocuments.net/reader035/viewer/2022062322/5697c0301a28abf838cda73c/html5/thumbnails/21.jpg)
Current Results
• Developped continuous authentication simulation program
• Simulates an instant-messaging session with an automated chat bot
• Asks the user questions and measures typing data for each response
• Locks the user out if a significant change is detected
![Page 22: Typing Pattern Authentication Techniques 3 rd Quarter Luke Knepper](https://reader035.vdocuments.net/reader035/viewer/2022062322/5697c0301a28abf838cda73c/html5/thumbnails/22.jpg)
Goals
Final program interface will be: Easily implementable Difficult to crack Accurate above 90% Will be combined with password security
to make inexpensive and secure system
![Page 23: Typing Pattern Authentication Techniques 3 rd Quarter Luke Knepper](https://reader035.vdocuments.net/reader035/viewer/2022062322/5697c0301a28abf838cda73c/html5/thumbnails/23.jpg)
Fin
Questions and wrap-up