Psylock

Psylock is a biometric process that verifies users based on their typing behavior on the conventional PC keyboard. It is a pure software solution that authenticates the PC user with a high level of security without additional sensors . The typing and correction behavior on a keyboard contains a lot of person-specific information and is therefore ideally suited as a biometric feature.

Research in the field of typing behavior biometrics started in 1993 under the direction of Dieter Bartmann at the chair for banking informatics at the University of Regensburg . The process was later developed further at the research institute ibi research (institute for banking informatics) at the University of Regensburg and brought to product maturity. In December 2007, Psylock GmbH was founded, which sells biometric IT security products based on the typing behavior .

functionality

The system compares a text to be entered with a previously trained profile of the user. The recognition process is based on a statistical model in connection with a support vector machine . There are numerous patents worldwide. Tests over many years have led to constant improvements and the process to be ready for the market.

When comparing the typing sample with the stored profile, various characteristic features of typing behavior are compared; for example keystroke sequences, speed, rhythm and many others. The biometric system then decides whether the person who is actually typing is who they claim to be. The recognition performance correlates with the text length to be typed. This means that the strength of the method can be set from high to very high, depending on the security requirements. A deliberate transfer of typing behavior is not possible because the characteristic subtleties take place in the millisecond range. This also excludes a forced application in a stressful threat situation.

Basically, Psylock can be used as a replacement or in addition to conventional login procedures ( password , token , smart card ). In addition, this procedure can be used to automatically reset passwords or to sign critical transactions (e.g. transfers that require additional approval).

Pilot project

In October 2006 the product "Psylock Password Reset" was introduced at the University of Regensburg and the University of Applied Sciences Regensburg, in April 2007 at the University of Applied Sciences Landshut. Employees and students have the option of assigning themselves a new password via Psylock in case they have forgotten the old one.

In the meantime, the product has left the research room and is in use at several companies.

criticism

In the past, Psylock was criticized because of the long training phase (more than 30 times typing a sentence | ~ 8 minutes of training). In the meantime, the software has been further developed and improved, so that the number of typing samples to be entered has been reduced (9 × typing a sentence | ~ 2 minutes of training).

Psylock went bankrupt on March 15, 2011. The preliminary insolvency proceedings were opened at AG Regensburg under the file number 4 IN 163/11.

Alleged security hole

Heiko Frenzel from Sicherheit-Online.org managed to hack into someone else's Psylock account by breaking into the victim's computer, spying on his typing behavior and then imitating a slightly modified version. However, this does not represent a security gap in the Psylock system; rather, no authentication method that does not use additional hardware can withstand an attack in which the attacker has gained full control over the victim's computer. The same attack method on the biometric user identification through the typing behavior of a user was also used in the "KeyTrac" system from TM3 Software GmbH and demonstrated by Frenzel in a video.

Web links

Website of Psylock GmbH ( Memento from June 3, 2009 in the Internet Archive ) (no longer available, status August 23, 2011 - Wayback Machine ( Memento from June 3, 2009 in the Internet Archive )
Product demonstrations by Psylock GmbH
Psylock at the University of Regensburg
Psylock at the Landshut University of Applied Sciences

credentials

↑ Sicherheit-Online.org (July 26, 2011) Psylock cracked - biometr. Protection tricked! ( Memento of the original from August 25, 2011 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. Retrieved July 26, 2011 @1@ 2

↑ Heiko-Frenzel.de (April 17, 2015) Video: KeyTrac, Psylock & Co - Biometric user identification Retrieved April 17, 2015

[1] Sicherheit-Online.org (July 26, 2011) Psylock cracked - biometr. Protection tricked! ( Memento of the original from August 25, 2011 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. Retrieved July 26, 2011 @1@ 2

[2] Heiko-Frenzel.de (April 17, 2015) Video: KeyTrac, Psylock & Co - Biometric user identification Retrieved April 17, 2015