Search results

1 – 10 of 128
Article
Publication date: 26 May 2022

Ioannis Stylios, Andreas Skalkos, Spyros Kokolakis and Maria Karyda

This research aims to build a system that will continuously. This paper is an extended version of SECPRE 2021 paper and presents a research on the development and validation of a…

Abstract

Purpose

This research aims to build a system that will continuously. This paper is an extended version of SECPRE 2021 paper and presents a research on the development and validation of a behavioral biometrics continuous authentication (BBCA) system that is based on users keystroke dynamics and touch gestures on mobile devices. This paper aims to build a system that will continuously authenticate the user of a smartphone.

Design/methodology/approach

Session authentication schemes establish the identity of the user only at the beginning of the session, so they are vulnerable to attacks that tamper with communications after the establishment of the authenticated session. Moreover, smartphones themselves are used as authentication means, especially in two-factor authentication schemes, which are often required by several services. Whether the smartphone is in the hands of the legitimate user constitutes a great concern and correspondingly whether the legitimate user is the one who uses the services. In response to these concerns, BBCA technologies have been proposed on a large corpus of literature. This paper presents a research on the development and validation of a BBCA system (named BioPrivacy), which is based on the user’s keystroke dynamics and touch gestures, using a multi-layer perceptron (MLP). Also, this paper introduces a new BB collection tool and proposes a methodology for the selection of an appropriate set of BB.

Findings

The system achieved the best results for keystroke dynamics which are 97.18% accuracy, 0.02% equal error rate, 97.2% true acceptance rate and 0.02% false acceptance rate.

Originality/value

This paper develops a new BB collection tool, named BioPrivacy, by which behavioral data of users on mobile devices can be collected. This paper proposes a methodology for the selection of an appropriate set of BB. This paper presents the development of a BBCA system based on MLP.

Details

Information & Computer Security, vol. 30 no. 5
Type: Research Article
ISSN: 2056-4961

Keywords

Article
Publication date: 11 April 2019

Suliman A. Alsuhibany, Muna Almushyti, Noorah Alghasham and Fatimah Alkhudhayr

Nowadays, there is a high demand for online services and applications. However, there is a challenge to keep these applications secured by applying different methods rather than…

Abstract

Purpose

Nowadays, there is a high demand for online services and applications. However, there is a challenge to keep these applications secured by applying different methods rather than using the traditional approaches such as passwords and usernames. Keystroke dynamics is one of the alternative authentication methods that provide high level of security in which the used keyboard plays an important role in the recognition accuracy. To guarantee the robustness of a system in different practical situations, there is a need to examine how much the performance of the system is affected by changing the keyboard layout. This paper aims to investigate the impact of using different keyboards on the recognition accuracy for Arabic free-text typing.

Design/methodology/approach

To evaluate how much the performance of the system is affected by changing the keyboard layout, an experimental study is conducted by using two different keyboards which are a Mac’s keyboard and an HP’s keyboard.

Findings

By using the Mac’s keyboard, the results showed that the false rejection rate (FRR) was 0.20, whilst the false acceptance rate (FAR) was 0.44. However, these values have changed when using the HP’s keyboard where the FRR was equal to 0.08 and the FAR was equal to 0.60.

Research limitations/implications

The number of participants in the experiment, as the authors were targeting much more participants.

Originality/value

These results showed for the first time the impact of the keyboards on the system’s performance regarding the recognition accuracy when using Arabic free-text.

Details

Information & Computer Security, vol. 27 no. 2
Type: Research Article
ISSN: 2056-4961

Keywords

Article
Publication date: 7 December 2021

Ioannis Stylios, Spyros Kokolakis, Andreas Skalkos and Sotirios Chatzis

The purpose of this paper is to present a new paradigm, named BioGames, for the extraction of behavioral biometrics (BB) conveniently and entertainingly. To apply the BioGames…

Abstract

Purpose

The purpose of this paper is to present a new paradigm, named BioGames, for the extraction of behavioral biometrics (BB) conveniently and entertainingly. To apply the BioGames paradigm, the authors developed a BB collection tool for mobile devices named BioGames App. The BioGames App collects keystroke dynamics, touch gestures, and motion modalities and is available on GitHub. Interested researchers and practitioners may use it to create their datasets for research purposes.

Design/methodology/approach

One major challenge for BB and continuous authentication (CA) research is the lack of actual BB datasets for research purposes. The compilation and refinement of an appropriate set of BB data constitute a challenge and an open problem. The issue is aggravated by the fact that most users are reluctant to participate in long demanding procedures entailed in the collection of research biometric data. As a result, they do not complete the data collection procedure, or they do not complete it correctly. Therefore, the authors propose a new paradigm and introduce a BB collection tool, which they call BioGames, for the extraction of biometric features in a convenient way. The BioGames paradigm proposes a methodology where users play games without participating in an experimental painstaking process. The BioGames App collects keystroke dynamics, touch gestures, and motion modalities.

Findings

The authors proposed a new paradigm for the collection of BB on mobile devices and created the BioGames application. The BioGames App is an Android application that collects BB data on mobile devices and sends them to a database. The database design allows multiple users to store their sensor data at any time. Thus, there is no concern about data separation and synchronization. BioGames App is General Data Protection Regulation (GDPR) compliant as it collects and processes only anonymous data.

Originality/value

The BioGames App is a publicly available tool that combines the keystroke dynamics, touch gestures, and motion modalities. In addition, it uses a methodology where users play games without participating in an experimental painstaking process.

Details

Information & Computer Security, vol. 30 no. 2
Type: Research Article
ISSN: 2056-4961

Keywords

Article
Publication date: 13 July 2015

Ioannis Tsimperidis, Vasilios Katos and Nathan Clarke

– The purpose of this paper is to investigate the feasibility of identifying the gender of an author by measuring the keystroke duration when typing a message.

Abstract

Purpose

The purpose of this paper is to investigate the feasibility of identifying the gender of an author by measuring the keystroke duration when typing a message.

Design/methodology/approach

Three classifiers were constructed and tested. The authors empirically evaluated the effectiveness of the classifiers by using empirical data. The authors used primary data as well as a publicly available dataset containing keystrokes from a different language to validate the language independence assumption.

Findings

The results of this paper indicate that it is possible to identify the gender of an author by analyzing keystroke durations with a probability of success in the region of 70 per cent.

Research limitations/implications

The proposed approach was validated with a limited number of participants and languages, yet the statistical tests show the significance of the results. However, this approach will be further tested with other languages.

Practical implications

Having the ability to identify the gender of an author of a certain piece of text has value in digital forensics, as the proposed method will be a source of circumstantial evidence for “putting fingers on keyboard” and for arbitrating cases where the true origin of a message needs to be identified.

Social implications

If the proposed method is included as part of a text-composing system (such as e-mail, and instant messaging applications), it could increase trust toward the applications that use it and may also work as a deterrent for crimes involving forgery.

Originality/value

The proposed approach combines and adapts techniques from the domains of biometric authentication and data classification.

Details

Information & Computer Security, vol. 23 no. 3
Type: Research Article
ISSN: 2056-4961

Keywords

Article
Publication date: 3 October 2016

Agata Kolakowska, Agnieszka Landowska, Pawel Jarmolkowicz, Michal Jarmolkowicz and Krzysztof Sobota

The purpose of this paper is to answer the question whether it is possible to recognise the gender of a web browser user on the basis of keystroke dynamics and mouse movements.

Abstract

Purpose

The purpose of this paper is to answer the question whether it is possible to recognise the gender of a web browser user on the basis of keystroke dynamics and mouse movements.

Design/methodology/approach

An experiment was organised in order to track mouse and keyboard usage using a special web browser plug-in. After collecting the data, a number of parameters describing the users’ keystrokes, mouse movements and clicks were calculated for each data sample. Then several machine learning methods were used to verify the stated research question.

Findings

The experiment showed that it is possible to recognise males and females on the basis of behavioural characteristics with an accuracy exceeding 70 per cent. The best results were obtained while using Bayesian networks.

Research limitations/implications

The first limitation of the study was the restricted contextual information, i.e. neither the type of web page browsed nor the user activity was taken into account. Another is the narrow scope of the respondent group. Future work should focus on gathering data from more users covering a wider age range and should consider the context.

Practical implications

Automatic gender recognition could be used in profiling a user to create personalised websites or as an additional feature in automatic identification for security reasons. It might be also considered as a confirmation of declared gender in web-based surveys.

Social implications

As not all users perceive personalised ads and websites as beneficial, this application requires the analysis of a user perspective to provide value to the consumer without privacy violation.

Originality/value

Behavioural characteristics, such as mouse movements and keystroke dynamics, have already been used for user authentication and emotion recognition, but applying these data to gender recognition is an original idea.

Details

Internet Research, vol. 26 no. 5
Type: Research Article
ISSN: 1066-2243

Keywords

Article
Publication date: 1 October 2003

N.L. Clarke, S.M. Furnell, B.M. Lines and P.L. Reynolds

The ability of third generation telephones to store sensitive information, such as financial records, digital certificates and company records, makes them desirable targets for…

1530

Abstract

The ability of third generation telephones to store sensitive information, such as financial records, digital certificates and company records, makes them desirable targets for impostors. This paper details the feasibility of a non‐intrusive subscriber authentication technique – the use of keystroke dynamics. This feasibility study comprises a number of investigations into the ability of neural networks to authenticate users successfully based on their interactions with a mobile phone keypad. The initial results are promising with network classification performing well, achieving a 9.8 per cent false rejection rate and an 11.0 per cent false acceptance rate.

Details

Information Management & Computer Security, vol. 11 no. 4
Type: Research Article
ISSN: 0968-5227

Keywords

Article
Publication date: 4 April 2016

Pin Shen Teh, Ning Zhang, Andrew Beng Jin Teoh and Ke Chen

The use of mobile devices in handling our daily activities that involve the storage or access of sensitive data (e.g. on-line banking, paperless prescription services, etc.) is…

Abstract

Purpose

The use of mobile devices in handling our daily activities that involve the storage or access of sensitive data (e.g. on-line banking, paperless prescription services, etc.) is becoming very common. These mobile electronic services typically use a knowledge-based authentication method to authenticate a user (claimed identity). However, this authentication method is vulnerable to several security attacks. To counter the attacks and to make the authentication process more secure, this paper aims to investigate the use of touch dynamics biometrics in conjunction with a personal identification number (PIN)-based authentication method, and demonstrate its benefits in terms of strengthening the security of authentication services for mobile devices.

Design/methodology/approach

The investigation has made use of three light-weighted matching functions and a comprehensive reference data set collected from 150 subjects.

Findings

The investigative results show that, with this multi-factor authentication approach, even when the PIN is exposed, as much as nine out of ten impersonation attempts can be successfully identified. It has also been discovered that the accuracy performance can be increased by combining different feature data types and by increasing the input string length.

Originality/value

The novel contributions of this paper are twofold. Firstly, it describes how a comprehensive experiment is set up to collect touch dynamics biometrics data, and the set of collected data is being made publically available, which may facilitate further research in the problem domain. Secondly, the paper demonstrates how the data set may be used to strengthen the protection of resources that are accessible via mobile devices.

Details

International Journal of Pervasive Computing and Communications, vol. 12 no. 1
Type: Research Article
ISSN: 1742-7371

Keywords

Article
Publication date: 8 June 2010

Ting‐Yi Chang, Yu‐Ju Yang and Chun‐Cheng Peng

In keystroke‐based authentication systems, an input device to enter a password is needed. Users are verified by checking the validity of the password and typing characteristics…

1824

Abstract

Purpose

In keystroke‐based authentication systems, an input device to enter a password is needed. Users are verified by checking the validity of the password and typing characteristics. However, some devices have no standard desktop keyboard such as personal digital assistants and mobile phones. With these types of electronics, the system cannot successfully work in the authentication phase while the registration process is implemented based on a computer keyboard. This results in a reduction of system portability. The purpose of this paper is to employ the rhythm clicked by a mouse as another identifiable factor to authenticate a user's identity.

Design/methodology/approach

Mouse click can be replaced by a stylus and fingers on touch screens or numeral buttons on mobile phones. A total of 25 users participated and the click data are based on time instances of pressing and releasing the mouse button, which are captured while the user clicks a rhythm. Three features are calculated using these click data, and a reasonable amount of results with neural networks and other classifiers shows the click characteristics are able to function as another identifiable factor.

Findings

A reasonable amount of results with neural networks and other classifiers shows the click characteristics are able to function as another identifiable factor.

Originality/value

The paper presents a personalized rhythm click‐based authentication system.

Details

Information Management & Computer Security, vol. 18 no. 2
Type: Research Article
ISSN: 0968-5227

Keywords

Article
Publication date: 3 June 2014

Weizhi Meng, Duncan S. Wong and Lam-For Kwok

This paper aims to design a compact scheme of behavioural biometric-based user authentication, develop an adaptive mechanism that selects an appropriate classifier in an adaptive…

Abstract

Purpose

This paper aims to design a compact scheme of behavioural biometric-based user authentication, develop an adaptive mechanism that selects an appropriate classifier in an adaptive way and conduct a study to explore the effect of this mechanism.

Design/methodology/approach

As a study, the proposed adaptive mechanism was implemented using a cost-based metric, which enables mobile phones to adopt a less costly classifier in an adaptive way to build the user normal-behaviour model and detect behavioural anomalies.

Findings

The user study with 50 participants indicates that our proposed mechanism can positively affect the authentication performance by maintaining the authentication accuracy at a relatively high and stable level.

Research limitations/implications

The authentication accuracy can be further improved by incorporating other appropriate classifiers (e.g. neural networks) and considering other touch-gesture-related features (e.g. the speed of a touch).

Practical implications

This work explores the effect of adaptive mechanism on behavioural biometric-based user authentication. The results should be of interest for software developers and security specialists in deciding whether to implement such a mechanism for enhancing authentication performance on mobile phones.

Originality/value

The user study with 50 participants indicates that this mechanism can positively affect the authentication performance by maintaining the authentication accuracy at a relatively high and stable level. To the best of our knowledge, our work is an early work discussing the implementation of an adaptive mechanism on a mobile phone.

Details

Information Management & Computer Security, vol. 22 no. 2
Type: Research Article
ISSN: 0968-5227

Keywords

Article
Publication date: 30 November 2021

Bhaveer Bhana and Stephen Vincent Flowerday

The average employee spends a total of 18.6 h every two months on password-related activities, including password retries and resets. The problem is caused by the user forgetting…

Abstract

Purpose

The average employee spends a total of 18.6 h every two months on password-related activities, including password retries and resets. The problem is caused by the user forgetting or mistyping the password (usually because of character switching). The source of this issue is that while a password containing combinations of lowercase characters, uppercase characters, digits and special characters (LUDS) offers a reasonable level of security, it is complex to type and/or memorise, which prolongs the user authentication process. This results in much time being spent for no benefit (as perceived by users), as the user authentication process is merely a prerequisite for whatever a user intends to accomplish. This study aims to address this issue, passphrases that exclude the LUDS guidelines are proposed.

Design/methodology/approach

To discover constructs that create security and to investigate usability concerns relating to the memory and typing issues concerning passphrases, this study was guided by three theories as follows: Shannon’s entropy theory was used to assess security, chunking theory to analyse memory issues and the keystroke level model to assess typing issues. These three constructs were then evaluated against passwords and passphrases to determine whether passphrases better address the security and usability issues related to text-based user authentication. A content analysis was performed to identify common password compositions currently used. A login assessment experiment was used to collect data on user authentication and user – system interaction with passwords and passphrases in line with the constructs that have an impact on user authentication issues related to security, memory and typing. User–system interaction data was collected from a purposeful sample size of 112 participants, logging in at least once a day for 10 days. An expert review, which comprised usability and security experts with specific years of industry and/or academic experience, was also used to validate results and conclusions. All the experts were given questions and content to ensure sufficient context was provided and relevant feedback was obtained. A pilot study involving 10 participants (experts in security and/or usability) was performed on the login assessment website and the content was given to the experts beforehand. Both the website and the expert review content was refined after feedback was received from the pilot study.

Findings

It was concluded that, overall, passphrases better support the user during the user authentication process in terms of security, memory issues and typing issues.

Originality/value

This research aims at promoting the use of a specific type of passphrase instead of complex passwords. Three core aspects need to be assessed in conjunction with each other (security, memorisation and typing) to determine whether user-friendly passphrases can support user authentication better than passwords.

Details

Information & Computer Security, vol. 30 no. 2
Type: Research Article
ISSN: 2056-4961

Keywords

1 – 10 of 128