Search results
1 – 10 of 128Ioannis Stylios, Andreas Skalkos, Spyros Kokolakis and Maria Karyda
This research aims to build a system that will continuously. This paper is an extended version of SECPRE 2021 paper and presents a research on the development and validation of a…
Abstract
Purpose
This research aims to build a system that will continuously. This paper is an extended version of SECPRE 2021 paper and presents a research on the development and validation of a behavioral biometrics continuous authentication (BBCA) system that is based on users keystroke dynamics and touch gestures on mobile devices. This paper aims to build a system that will continuously authenticate the user of a smartphone.
Design/methodology/approach
Session authentication schemes establish the identity of the user only at the beginning of the session, so they are vulnerable to attacks that tamper with communications after the establishment of the authenticated session. Moreover, smartphones themselves are used as authentication means, especially in two-factor authentication schemes, which are often required by several services. Whether the smartphone is in the hands of the legitimate user constitutes a great concern and correspondingly whether the legitimate user is the one who uses the services. In response to these concerns, BBCA technologies have been proposed on a large corpus of literature. This paper presents a research on the development and validation of a BBCA system (named BioPrivacy), which is based on the user’s keystroke dynamics and touch gestures, using a multi-layer perceptron (MLP). Also, this paper introduces a new BB collection tool and proposes a methodology for the selection of an appropriate set of BB.
Findings
The system achieved the best results for keystroke dynamics which are 97.18% accuracy, 0.02% equal error rate, 97.2% true acceptance rate and 0.02% false acceptance rate.
Originality/value
This paper develops a new BB collection tool, named BioPrivacy, by which behavioral data of users on mobile devices can be collected. This paper proposes a methodology for the selection of an appropriate set of BB. This paper presents the development of a BBCA system based on MLP.
Details
Keywords
Suliman A. Alsuhibany, Muna Almushyti, Noorah Alghasham and Fatimah Alkhudhayr
Nowadays, there is a high demand for online services and applications. However, there is a challenge to keep these applications secured by applying different methods rather than…
Abstract
Purpose
Nowadays, there is a high demand for online services and applications. However, there is a challenge to keep these applications secured by applying different methods rather than using the traditional approaches such as passwords and usernames. Keystroke dynamics is one of the alternative authentication methods that provide high level of security in which the used keyboard plays an important role in the recognition accuracy. To guarantee the robustness of a system in different practical situations, there is a need to examine how much the performance of the system is affected by changing the keyboard layout. This paper aims to investigate the impact of using different keyboards on the recognition accuracy for Arabic free-text typing.
Design/methodology/approach
To evaluate how much the performance of the system is affected by changing the keyboard layout, an experimental study is conducted by using two different keyboards which are a Mac’s keyboard and an HP’s keyboard.
Findings
By using the Mac’s keyboard, the results showed that the false rejection rate (FRR) was 0.20, whilst the false acceptance rate (FAR) was 0.44. However, these values have changed when using the HP’s keyboard where the FRR was equal to 0.08 and the FAR was equal to 0.60.
Research limitations/implications
The number of participants in the experiment, as the authors were targeting much more participants.
Originality/value
These results showed for the first time the impact of the keyboards on the system’s performance regarding the recognition accuracy when using Arabic free-text.
Details
Keywords
Ioannis Stylios, Spyros Kokolakis, Andreas Skalkos and Sotirios Chatzis
The purpose of this paper is to present a new paradigm, named BioGames, for the extraction of behavioral biometrics (BB) conveniently and entertainingly. To apply the BioGames…
Abstract
Purpose
The purpose of this paper is to present a new paradigm, named BioGames, for the extraction of behavioral biometrics (BB) conveniently and entertainingly. To apply the BioGames paradigm, the authors developed a BB collection tool for mobile devices named BioGames App. The BioGames App collects keystroke dynamics, touch gestures, and motion modalities and is available on GitHub. Interested researchers and practitioners may use it to create their datasets for research purposes.
Design/methodology/approach
One major challenge for BB and continuous authentication (CA) research is the lack of actual BB datasets for research purposes. The compilation and refinement of an appropriate set of BB data constitute a challenge and an open problem. The issue is aggravated by the fact that most users are reluctant to participate in long demanding procedures entailed in the collection of research biometric data. As a result, they do not complete the data collection procedure, or they do not complete it correctly. Therefore, the authors propose a new paradigm and introduce a BB collection tool, which they call BioGames, for the extraction of biometric features in a convenient way. The BioGames paradigm proposes a methodology where users play games without participating in an experimental painstaking process. The BioGames App collects keystroke dynamics, touch gestures, and motion modalities.
Findings
The authors proposed a new paradigm for the collection of BB on mobile devices and created the BioGames application. The BioGames App is an Android application that collects BB data on mobile devices and sends them to a database. The database design allows multiple users to store their sensor data at any time. Thus, there is no concern about data separation and synchronization. BioGames App is General Data Protection Regulation (GDPR) compliant as it collects and processes only anonymous data.
Originality/value
The BioGames App is a publicly available tool that combines the keystroke dynamics, touch gestures, and motion modalities. In addition, it uses a methodology where users play games without participating in an experimental painstaking process.
Details
Keywords
Ioannis Tsimperidis, Vasilios Katos and Nathan Clarke
– The purpose of this paper is to investigate the feasibility of identifying the gender of an author by measuring the keystroke duration when typing a message.
Abstract
Purpose
The purpose of this paper is to investigate the feasibility of identifying the gender of an author by measuring the keystroke duration when typing a message.
Design/methodology/approach
Three classifiers were constructed and tested. The authors empirically evaluated the effectiveness of the classifiers by using empirical data. The authors used primary data as well as a publicly available dataset containing keystrokes from a different language to validate the language independence assumption.
Findings
The results of this paper indicate that it is possible to identify the gender of an author by analyzing keystroke durations with a probability of success in the region of 70 per cent.
Research limitations/implications
The proposed approach was validated with a limited number of participants and languages, yet the statistical tests show the significance of the results. However, this approach will be further tested with other languages.
Practical implications
Having the ability to identify the gender of an author of a certain piece of text has value in digital forensics, as the proposed method will be a source of circumstantial evidence for “putting fingers on keyboard” and for arbitrating cases where the true origin of a message needs to be identified.
Social implications
If the proposed method is included as part of a text-composing system (such as e-mail, and instant messaging applications), it could increase trust toward the applications that use it and may also work as a deterrent for crimes involving forgery.
Originality/value
The proposed approach combines and adapts techniques from the domains of biometric authentication and data classification.
Details
Keywords
Agata Kolakowska, Agnieszka Landowska, Pawel Jarmolkowicz, Michal Jarmolkowicz and Krzysztof Sobota
The purpose of this paper is to answer the question whether it is possible to recognise the gender of a web browser user on the basis of keystroke dynamics and mouse movements.
Abstract
Purpose
The purpose of this paper is to answer the question whether it is possible to recognise the gender of a web browser user on the basis of keystroke dynamics and mouse movements.
Design/methodology/approach
An experiment was organised in order to track mouse and keyboard usage using a special web browser plug-in. After collecting the data, a number of parameters describing the users’ keystrokes, mouse movements and clicks were calculated for each data sample. Then several machine learning methods were used to verify the stated research question.
Findings
The experiment showed that it is possible to recognise males and females on the basis of behavioural characteristics with an accuracy exceeding 70 per cent. The best results were obtained while using Bayesian networks.
Research limitations/implications
The first limitation of the study was the restricted contextual information, i.e. neither the type of web page browsed nor the user activity was taken into account. Another is the narrow scope of the respondent group. Future work should focus on gathering data from more users covering a wider age range and should consider the context.
Practical implications
Automatic gender recognition could be used in profiling a user to create personalised websites or as an additional feature in automatic identification for security reasons. It might be also considered as a confirmation of declared gender in web-based surveys.
Social implications
As not all users perceive personalised ads and websites as beneficial, this application requires the analysis of a user perspective to provide value to the consumer without privacy violation.
Originality/value
Behavioural characteristics, such as mouse movements and keystroke dynamics, have already been used for user authentication and emotion recognition, but applying these data to gender recognition is an original idea.
Details
Keywords
N.L. Clarke, S.M. Furnell, B.M. Lines and P.L. Reynolds
The ability of third generation telephones to store sensitive information, such as financial records, digital certificates and company records, makes them desirable targets for…
Abstract
The ability of third generation telephones to store sensitive information, such as financial records, digital certificates and company records, makes them desirable targets for impostors. This paper details the feasibility of a non‐intrusive subscriber authentication technique – the use of keystroke dynamics. This feasibility study comprises a number of investigations into the ability of neural networks to authenticate users successfully based on their interactions with a mobile phone keypad. The initial results are promising with network classification performing well, achieving a 9.8 per cent false rejection rate and an 11.0 per cent false acceptance rate.
Details
Keywords
Pin Shen Teh, Ning Zhang, Andrew Beng Jin Teoh and Ke Chen
The use of mobile devices in handling our daily activities that involve the storage or access of sensitive data (e.g. on-line banking, paperless prescription services, etc.) is…
Abstract
Purpose
The use of mobile devices in handling our daily activities that involve the storage or access of sensitive data (e.g. on-line banking, paperless prescription services, etc.) is becoming very common. These mobile electronic services typically use a knowledge-based authentication method to authenticate a user (claimed identity). However, this authentication method is vulnerable to several security attacks. To counter the attacks and to make the authentication process more secure, this paper aims to investigate the use of touch dynamics biometrics in conjunction with a personal identification number (PIN)-based authentication method, and demonstrate its benefits in terms of strengthening the security of authentication services for mobile devices.
Design/methodology/approach
The investigation has made use of three light-weighted matching functions and a comprehensive reference data set collected from 150 subjects.
Findings
The investigative results show that, with this multi-factor authentication approach, even when the PIN is exposed, as much as nine out of ten impersonation attempts can be successfully identified. It has also been discovered that the accuracy performance can be increased by combining different feature data types and by increasing the input string length.
Originality/value
The novel contributions of this paper are twofold. Firstly, it describes how a comprehensive experiment is set up to collect touch dynamics biometrics data, and the set of collected data is being made publically available, which may facilitate further research in the problem domain. Secondly, the paper demonstrates how the data set may be used to strengthen the protection of resources that are accessible via mobile devices.
Details
Keywords
Ting‐Yi Chang, Yu‐Ju Yang and Chun‐Cheng Peng
In keystroke‐based authentication systems, an input device to enter a password is needed. Users are verified by checking the validity of the password and typing characteristics…
Abstract
Purpose
In keystroke‐based authentication systems, an input device to enter a password is needed. Users are verified by checking the validity of the password and typing characteristics. However, some devices have no standard desktop keyboard such as personal digital assistants and mobile phones. With these types of electronics, the system cannot successfully work in the authentication phase while the registration process is implemented based on a computer keyboard. This results in a reduction of system portability. The purpose of this paper is to employ the rhythm clicked by a mouse as another identifiable factor to authenticate a user's identity.
Design/methodology/approach
Mouse click can be replaced by a stylus and fingers on touch screens or numeral buttons on mobile phones. A total of 25 users participated and the click data are based on time instances of pressing and releasing the mouse button, which are captured while the user clicks a rhythm. Three features are calculated using these click data, and a reasonable amount of results with neural networks and other classifiers shows the click characteristics are able to function as another identifiable factor.
Findings
A reasonable amount of results with neural networks and other classifiers shows the click characteristics are able to function as another identifiable factor.
Originality/value
The paper presents a personalized rhythm click‐based authentication system.
Details
Keywords
Weizhi Meng, Duncan S. Wong and Lam-For Kwok
This paper aims to design a compact scheme of behavioural biometric-based user authentication, develop an adaptive mechanism that selects an appropriate classifier in an adaptive…
Abstract
Purpose
This paper aims to design a compact scheme of behavioural biometric-based user authentication, develop an adaptive mechanism that selects an appropriate classifier in an adaptive way and conduct a study to explore the effect of this mechanism.
Design/methodology/approach
As a study, the proposed adaptive mechanism was implemented using a cost-based metric, which enables mobile phones to adopt a less costly classifier in an adaptive way to build the user normal-behaviour model and detect behavioural anomalies.
Findings
The user study with 50 participants indicates that our proposed mechanism can positively affect the authentication performance by maintaining the authentication accuracy at a relatively high and stable level.
Research limitations/implications
The authentication accuracy can be further improved by incorporating other appropriate classifiers (e.g. neural networks) and considering other touch-gesture-related features (e.g. the speed of a touch).
Practical implications
This work explores the effect of adaptive mechanism on behavioural biometric-based user authentication. The results should be of interest for software developers and security specialists in deciding whether to implement such a mechanism for enhancing authentication performance on mobile phones.
Originality/value
The user study with 50 participants indicates that this mechanism can positively affect the authentication performance by maintaining the authentication accuracy at a relatively high and stable level. To the best of our knowledge, our work is an early work discussing the implementation of an adaptive mechanism on a mobile phone.
Details
Keywords
Bhaveer Bhana and Stephen Vincent Flowerday
The average employee spends a total of 18.6 h every two months on password-related activities, including password retries and resets. The problem is caused by the user forgetting…
Abstract
Purpose
The average employee spends a total of 18.6 h every two months on password-related activities, including password retries and resets. The problem is caused by the user forgetting or mistyping the password (usually because of character switching). The source of this issue is that while a password containing combinations of lowercase characters, uppercase characters, digits and special characters (LUDS) offers a reasonable level of security, it is complex to type and/or memorise, which prolongs the user authentication process. This results in much time being spent for no benefit (as perceived by users), as the user authentication process is merely a prerequisite for whatever a user intends to accomplish. This study aims to address this issue, passphrases that exclude the LUDS guidelines are proposed.
Design/methodology/approach
To discover constructs that create security and to investigate usability concerns relating to the memory and typing issues concerning passphrases, this study was guided by three theories as follows: Shannon’s entropy theory was used to assess security, chunking theory to analyse memory issues and the keystroke level model to assess typing issues. These three constructs were then evaluated against passwords and passphrases to determine whether passphrases better address the security and usability issues related to text-based user authentication. A content analysis was performed to identify common password compositions currently used. A login assessment experiment was used to collect data on user authentication and user – system interaction with passwords and passphrases in line with the constructs that have an impact on user authentication issues related to security, memory and typing. User–system interaction data was collected from a purposeful sample size of 112 participants, logging in at least once a day for 10 days. An expert review, which comprised usability and security experts with specific years of industry and/or academic experience, was also used to validate results and conclusions. All the experts were given questions and content to ensure sufficient context was provided and relevant feedback was obtained. A pilot study involving 10 participants (experts in security and/or usability) was performed on the login assessment website and the content was given to the experts beforehand. Both the website and the expert review content was refined after feedback was received from the pilot study.
Findings
It was concluded that, overall, passphrases better support the user during the user authentication process in terms of security, memory issues and typing issues.
Originality/value
This research aims at promoting the use of a specific type of passphrase instead of complex passwords. Three core aspects need to be assessed in conjunction with each other (security, memorisation and typing) to determine whether user-friendly passphrases can support user authentication better than passwords.
Details