Enhanced usability, resilience, and accuracy in mobile keystroke dynamic biometric authentication

Alshanketi, Faisal

27 September 2018

With the progress achieved to this date in mobile computing technologies, mobile devices are increasingly being used to store sensitive data and perform security-critical transactions and services. However, the protection available on these devices is still lagging behind. The primary and often only protection mechanism in these devices is authentication using a password or a PIN. Passwords are notoriously known to be a weak authentication mechanism, no matter how complex the underlying format is. Mobile authentication can be strengthened by extracting and analyzing keystroke dynamic biometric from supplied passwords. In this thesis, I identified gaps in the literature, and investigated new models and mechanisms to improve accuracy, usability and resilience against statistical forgeries for mobile keystroke dynamic biometric authentication. Accuracy is investigated through cost sensitive learning and sampling, and by comparing the strength of different classifiers. Usability is improved by introducing a new approach for typo handling in the authentication model. Resilience against statistical attacks is achieved by introducing a new multimodal approach combining fixed and variable keystroke dynamic biometric passwords, in which two different fusion models are studied. Experimental evaluation using several datasets, some publicly available and others collected locally, yielded encouraging performance results in terms of accuracy, usability, and resistance against statistical attacks. / Graduate / 2019-09-25

Personal Identification Number

Authentication mechanisms

Biometric template

Multimodal schemes

Assessing the Effectiveness of a Fingerprint Biometric and a Biometric Personal Identification Number (BIO-PIN™) when used as a Multi-Factor Authentication Mechanism

Batie, Robert B.

01 January 2016

The issue of traditional user authentication methods, such as username/passwords, when accessing information systems, the Internet, and Web-based applications still pose significant vulnerabilities. The problem of user authentication including physical and logical access appears to have limited, if any, coverage in research from the perspective of biometric as ‘something the user knows.’ Previous methods of establishing ones’ identity by using a password, or presenting a token or identification (ID) card are vulnerable to circumvention by misplacement or unauthorized sharing. The need for reliable user authentication techniques has increased in the wake of heightened concerns about information security and rapid advancements in networking, communication, and mobility. The main goal of this research study was to examine the role of the authentication method (BIO-PIN™ or username/password) and time, on the effectiveness of authentication, as well as the users’ ability to remember the BIO-PIN™ versus username/password (UN/PW). Moreover, this study compared the BIO-PIN™ with a traditional multi-factor biometric authentication using multiple fingerprints (without sequence) and a numerical PIN sequence (noted as "BIO+PIN"). Additionally, this research study examined the authentication methods when controlled for age, gender, user’s computer experience, and number of accounts. This study used a quasi-experimental multiple baseline design method to evaluate the effectiveness of the BIO-PIN™ authentication method. The independent, dependent, and control variables were addressed using descriptive statistics and Multivariate Analysis of Variance (MANOVA) statistical analysis to compare the BIO-PIN™, the BIO+PIN, and UN/PW authentication methods for research questions (RQs) 1 and 2. Additionally, the Multivariate Analysis of Covariance (MANCOVA) was used to address RQ 3 and RQ4, which seeks to test any differences when controlled by age, gender, user experience, and number of accounts. This research study was conducted over a 10-week period with participant engagement occurring over time including a registration week and in intervals of 2 weeks, 3 weeks, and 5 weeks. This study advances the current research in multi-factor biometric authentication and increases the body of knowledge regarding users’ ability to remember industry standard UN/PWs, the BIO-PIN™ sequence, and traditional BIO+PIN.

Biometric

BIO+PIN

BIO-PIN

Personal Identification Number

Two-Factor Authentication

Computer Sciences