Using the Keystrokes Dynamic for Systems of Personal Security

Access to computer systems is usually controlled by user accounts with usernames and passwords.  Such scheme has little security (Hu. J et al. (2008), Pavaday. N and Soyjaudah. K.M.S (2007)) if the information falls to wrong hands. Key cards or biometric systems (Adrian Kapczynski et al. ( 2006), Gláucya C. Boechat et al. (2007), Anil Jain et al. (2003), Duane Blackburn et al. (2007)), for example fingerprints (Lin Hong and Anil Jain, (1998)) is being used nowadays to improve the security. Biometric methods measure biological and physiological characteristics to uniquely identify individuals. The main drawback of most biometric methods is that they are expensive to implement, because most of them require specialized hardware to strengthen security. On the other hand keystroke dynamics (Fabian Monrose and Aviel D. Rubin (2000), Jarmo Ilonen, (2003)) consist of many advantages like (i) It can be used without any additional hardware (ii) Hardening the existing security.

Keystroke analysis (Christopher S. Leberknight et al. (2008)) is of two kinds Static and Dynamic. Static keystroke analysis essentially means that the analysis is performed on typing samples produced using the same predetermined text for all the individuals under observation. Dynamic keystroke analysis implies a continuous or periodic monitoring of issued keystrokes and is intended to be performed during a log-in session, after the authentication phase has passed.

One area where the use of a static approach to keystroke dynamics may be particularly interesting is in restricting source level access to the master server hosting a Kerberos (Gabriel. L. F. B. G. Azevedo et al. (2007)) key database. Any user accessing the server is prompted to type a few words or a pass phrase in conjunction with his/her username and password. Access is granted if his/her typing pattern matches within a reasonable threshold of the claimed identity. This safeguard is effective as there is usually no remote access allowed to the server, and the only entry point is via console login. Alternatively, dynamic or continuous monitoring of the interaction of users while accessing highly restricted documents or executing tasks in environments where the user must be alert at all times (for example air traffic control), is a ideal scenario for the application of a keystroke authentication system. Keystroke dynamics may be used to detect uncharacteristic typing rhythm (brought on by drowsiness, fatigue etc.) in the user and notify third parties.