Data Security

Computer user verification based on keystroke dynamics

The constant growth of information and communication systems has resulted in the increased importance of protecting systems from unauthorized access. However, identifying people has become even more difficult.

Traditional methods of identification are based on the fact that users have knowledge known only to them.  The method used most often has not changed since the start of IT.  A username is used to identify the user and then authenticated by a password. Chipcards are also widely used for identification purposes: when necessary users authenticate themselves with a PIN. The traditional methods of attack in both cases are guessing or spying on the password or PIN. To authenticate the identity of a user, biometric systems analyze the physiological traits and characteristics or the behavior of the user and not what they know or have. These are personal features which can be attributed to the person and cannot be reproduced, lost or stolen. Some of these biometric methods have already been commercialized e.g. fingerprint recognition, IrisScan and RetinScan, whereas others are still in the developmental stages e.g. Keystroke Dynamics. Not all biometric approaches are suitable for all areas of use. The disadvantage of one biometric in a certain scenario can be of advantage in another.  The choice of a biometric system depends on use and expected user acceptance. A disadvantage of biometric systems is that their use often requires expensive additional hardware. A company has to be prepared to pay considerably high costs if it wishes to introduce this system at all levels.

Keystroke Dynamics – the analysis of the way a user types – a behavioral based approach similar to a handwritten signature- can be successfully used as a method of determining identity. The advantage here is that the sensor used is the computer keyboard and no extra hardware is required contrary to other biometric methods.


Prof. Firoz Kaderali Print