Typing behavior

from Wikipedia, the free encyclopedia

When typing behavior the behavior of a user typing on a keyboard measured. A user can be identified (recognized) or authenticated on the basis of the measured properties .

Typing behavior is part of dynamic biometrics .

Typing behavior in science

The first scientific paper on typing behavior was published in 1980 by Gaines, Lisowski, Press and Shapiro. It is based on seven test persons who had to type a fixed text.

In 2011, Karnan, Akila and Krishnaraj examined 37 scientific papers on typing behavior. They distinguished between the following methods:

  • statistical methods
  • Neural Networks
  • Pattern recognition
  • hybrid techniques
  • further procedures

A comparison of the approaches is difficult due to the different conditions. Some approaches require a longer recording period than other approaches. Different numbers of test persons are also used in the investigations, which severely affects the performance of the respective methods. In addition, the mathematical methods are calculated using differently set parameters .

Areas of application

There are different areas of application for typing behavior. Each area of ​​application has different requirements or offers different options. The exchange of a field of application is therefore difficult. In the same way, not every process can be used in every application. Basically, the procedures can be divided into different categories, which can be combined in different ways:

  • limited duration
  • unlimited time
  • default text input
  • free text input

Log in

Logins are used to authenticate users using a username and password. The typing behavior of the user can be recorded for authentication. A login by entering the user name in combination with the measurement of the typing behavior is also possible. Logins are of limited duration and can be implemented with a given or free text.

Constant monitoring

The typing behavior of a user is analyzed during a complete session with theoretically unlimited duration. The user can be identified by comparing stored data. The takeover of the computer by another person can be recognized in this way, for example. In the case of constant monitoring, it is a prerequisite for algorithms that they can handle free text input.

reset Password

If a user has forgotten his password, he can be authenticated on the basis of a task of limited duration and given text in which his typing behavior is analyzed and compared and, if successful, reset or regain his password. This means that the user does not have to contact the administrator .

Tracking

A user can be tracked on the Internet by analyzing the typing behavior over several pages . This type of identification is an alternative to the usual comparison of IP addresses or saving cookies . A user can thus be recognized across multiple devices, or multiple users on a shared device. The same applies here as for constant monitoring: the algorithms work indefinitely with free text input.

Measurement of typing behavior

Typing behavior can be recorded by combining N-graphs and one or more measurable properties. N-graphs make it possible to split a text into several parts. Different properties can be measured for these N-graphs, each of which can be saved as an attribute of an N-graph. All N-graphs of an input text with the respective attributes are summarized as a signature.

The comparison of the signatures of two or more independent text entries enables identification (recognition) or authentication. This is successful, for example, if the signatures from two independent text entries are very similar. The greater the difference, the more likely it can be assumed that the two text entries did not come from the same person.

N graphs

An N-graph is a sequence of N keys pressed one after the other. N indicates the size of the N-graphs. A digraph accordingly consists of two keys that are typed one after the other. The N can be chosen arbitrarily. However, the maximum size is usually determined by the length of the text input.

Digraphs or sometimes trigraphs (three consecutive keys) are most commonly used to measure typing behavior. Trigraphs usually give the best results. In comparison, the number of unique trigraphs to digraphs is greater. With even larger N-graphs, the probability of incorrect N-graphs (no possibility to compare) due to typing errors increases. In addition, the stability of the input duration of large N-graphs is reduced.

Measurable properties

In addition to time intervals, special keyboards can also be used to measure other properties, such as key presses. The following list contains a few measurable properties (using the example of digraphs).

  • “Duration” or “dwell” (how long a key is held down).
  • "Latency" (duration between pressing the first key and releasing the second key).
  • "Interval" (duration between releasing the first button and pressing the second button).
  • "Flight time" (time between pressing the first and pressing the second key).
  • "Up to up" (duration between releasing the first and releasing the second key)
  • "Total time" (complete typing time).
  • "Frequency of errors" (frequency of typing errors).
  • "Shift key usage" (behavior of the use of the two shift keys).
  • "Relative key event order" (relative order of pressing and releasing the keys).
  • "Relative keystroke speed" (The speed at which a key is pressed in relation to the other keys).

"Latency" and "duration" are used most frequently.

example

"Auto" is given as an example as the input text. The input text can be divided into three parts using digraphs. In this example, the "latency" is measured for each of the digraphs. S1, S2and S3each contain three independent signatures, consisting of the digraphs and the respective "latency" after the colon.

S1: [Au:125; ut:106; to:111]

S2: [Au:78; ut:90; to:88]

S3: [Au:120; ut:110; to:112]

Signatures S1and S3are very similar. So it is possible that these two inputs come from the same user and S2from a different one. However, from when two signatures are assigned to the same user is different for each algorithm and each method.

General sequence of a typing behavior procedure

The process for authentication is similar to that of a common process for (dynamic) biometrics. The procedure can be split into two phases with almost identical processes.

Phases

There is an enrollment phase and an authentication phase. During the recording phase, the user's biometric data is recorded for the future authentication phases. During the authentication phase, the previously recorded data is compared with the newly received data.

Processes

A phase consists of up to four processes:

  • Data acquisition
  • Property extraction
  • Signature generation
  • Comparison process

A database is also required for storing the signatures.

Regardless of the phase, the first thing to do is to record the events triggered by the user ( data acquisition ). The data required by the algorithm must then be extracted from the recorded data ( extract properties ). Depending on the algorithm, the extracted data is now processed further and a signature is created (create signature ).

In the recording phase, the signatures obtained in this way are saved in the database. In the authentication phase, a comparison process decides whether a user can be successfully authenticated. This is done by comparing the new signature with the already known signatures from the database.

Advantages and disadvantages

advantages

  • Methods that make use of typing behavior are commercially favorable because the hardware component required , namely just a keyboard, is widespread and cheap. In principle, this enables a user to be authenticated from practically all locations where access to computer systems is possible.
  • The keystroke to a user imitate is not as simple as a signature to forge.
  • Authenticating the user based on his typing behavior is inconspicuous and basically an almost everyday behavior for the user.
  • A user's typing behavior cannot simply be lost or stolen.

disadvantage

While keyboards are widely used on all computers, there are noticeable differences, which can significantly change the way users type:

  • The keyboard layout ( QWERTZ or QWERTY ) can differ.
  • The buttons can have different pressure points.
  • Other keyboard parameters can be set differently by the system.
  • Software keyboards, for example in smartphones, differ significantly from larger keyboards.

This variety of keyboards poses a problem for the algorithms as soon as a user wants to be authenticated from several machines or locations. Another problem is the different psychological and physiological states of the user:

  • A user under stress or a tired user types differently than he is actually capable.
  • The speed can also change during the day.
  • The user's environment and situation also play an important role. A procedure is already impaired by whether a user is standing, lying down, sitting or talking on the phone with one hand at the same time.

A third problem is data security. Most algorithms do not consider what has been typed, but this data must be treated discretely and discussed with the user. Other factors could be hand injuries or the automatic filling of input fields by password safe programs.

swell

  1. a b c d e f Fabian Monrose and Aviel Rubin. Authentication via keystroke dynamics . In Proceedings of the 4th ACM Conference on Computer and Communications Security , CCS '97, pp. 48-56, New York, NY, USA, 1997. ACM.
  2. a b c d Fabian Monrose and Aviel D. Rubin. Keystroke dynamics as a biometric for authentication . Pp. 351-359, 2000.
  3. a b c d e f g h i j k l m n o p q r s t u v w x y z aa ab ac R. Moskovitch, C. Feher, A. Messerman, N. Kirschnick, T. Mustafic, A. Camtepe, B. Lohlein, U. Heister, S. Moller, L. Rokach and Y. Elovici. Identity theft, computers and behavioral biometrics . In IEEE International Conference on Intelligence and Security Informatics , 2009. ISI '09, pp. 155-160, June 2009.
  4. a b c d e f g h i j k l m n o p q r s Francesco Bergadano, Daniele Gunetti and Claudia Picardi. User authentication through keystroke dynamics . ACM Trans. Inf. Syst. Secur. , 5 (4): 367-397, Nov. 2002.
  5. a b c d e f g h i j k Edmond Lau, Xia Liu, Chen Xiao and Xiao Yu. Enhanced user authentication through keystroke biometrics . Technical Report, Massachusetts Institute of Technology, September 2004.
  6. a b R. Stockton Gaines, William Lisowski, S. James Press and Norman Shapiro. Authentication by keystroke timing: Some preliminary results . 1980.
  7. a b c d e f g h i j k l m n o p q M. Karnan, M. Akila and N. Krishnaraj. Biometric personal authentication using keystroke dynamics: A review . Applied Soft Computing , 11 (2): 1565-1573, March 2011.
  8. a b J.A. Robinson, VW Liang, JAM Chambers and CL MacKenzie. Computer user verification using login string keystroke dynamics . IEEE Transactions on Systems, Man and Cybernetics, Part A: Systems and Humans , 28 (2): 236-241, March 1998