Evaluating the Reliability of Credential Hardening through Keystroke Dynamics

Most computer systems rely on usernames and passwords as a mechanism for authentication and access control. These credential sets offer weak protection to a broad scope of applications with differing levels of sensitivity. Traditional physiological biometric systems such as fingerprint, face, and iris recognition are not readily deployable in remote authentication schemes. Keystroke dynamics provide the ability to combine the ease of use of username/password schemes with the increased trustworthiness associated with biometrics. Our research extends previous work on keystroke dynamics by incorporating shift-key patterns. The system is capable of operating at various points on a traditional ROC curve depending on application specific security needs. A 1% false accept rate is attainable at a 14% false reject rate. An equal error rate of 5% is suitable for systems requiring a relatively low security. As a username password authentication scheme, our approach decreases the system penetration rate associated with compromised passwords by 95%-99%. Said performance measures can be further improved through optimization of the classification algorithm on a user specific basis