User Identification Through Keystroke Biometrics
The increasing use of automated information systems together with our pervasive use of computers has greatly simplified our lives, while making us overwhelmingly dependent on computers and digital networks. Technological achievements over the past decade have resulted in improved network services, particularly in the areas of performance, reliability, and availability, and have significantly reduced operating costs due to the more efficient utilization of these advancements.
Some authentication mechanisms recently developed requires users to perform a particular action and then some behavior of that action is examined. The traditional method of signature verification falls in this category. Handwritten signatures are extremely difficult to forge without assistance of some copier.
A number of identification solutions based on verifying some physiological aspect - known as BIOMETRICS - have emerged. Biometrics, the physical traits and behavioral characteristics that make each of us unique, are a natural choice for identity verification. Biometrics is an excellent candidate for identity verification because unlike keys or passwords, biometrics cannot be lost, stolen, or overheard, and in the absence of physical damage they offer a potentially foolproof way of determining someone's identity. Physiological (i.e., static) characteristics, such as fingerprints, are good candidates for verification because they are unique across a large section of the population. Indispensable to all biometric systems is that they recognize a living person and encompass both physiological and behavioral characteristics.
Biometrics is of two kinds. One deals with the physical traits of the user and the other deals with the behavioral traits of the user. Retinal scanning, fingerprint scanning, face recognition, voice recognition and DNA testing comes under the former category, while typing rhythm comes under the later category.
Physiological characteristics such as fingerprints are relatively stable physical features that are unalterable without causing trauma to the individual. Behavioral traits, on the other hand, have some physiological basis, but also react to a person's psychological makeup.
Most systems make use of a personal identification code in order to authentication the user. In these systems, the possibility of a malicious user gaining access to the code cannot be ruled out. However, combing the personal identification code with biometrics provides for a robust user authentication system.
Authentication using the typing rhythm of the user on keyboard or a keypad takes advantage of the fact that each user would have a unique manner of typing the keys. It makes use of the inter-stroke gap that exists between consecutive characters of the user identification code.
While considering any system for authenticity, one needs to consider the false acceptance rate and the false rejection rate. The False Acceptance Rate (FAR) is the percentage of un-authorised users accepted by the system and the False Rejection Rate (FRR) is the percentage of authorised users not accepted by the system. An increase in one of these metrics decreases the other and vice versa. The level of error must be controlled in the authentication system by the use of a suitable threshold such that only the required users are selected and the others who are not authorised are rejected by the system.