Secure, Usable and Privacy-Friendly User Authentication from Keystroke Dynamics

Kimmo Halunen, Visa Vallivaara

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

    2 Citations (Scopus)

    Abstract

    User authentication is a key technology in human machine interaction. The need to establish the legitimacy of transactions and possibly the actors behind them is crucial for trustworthy operation of services over the internet. A good authentication method offers security, usability and privacy protections for the users and the service providers. However, achieving all three properties with a single method is a difficult task and such methods are not in wide use today. We combine methods from biometrics, secure key exchange algorithms and privacy-protecting authentication to build an authentication system that achieves these three properties. Our system uses keystroke dynamics to authenticate the user and cryptographic methods to protect the privacy of the templates and samples and to extend the authentication to key exchange. The results show that the system can be used for user authentication, but more work is needed to protect against impersonation in some cases. Our work is extensible to many other biometrics that can be measured and compared in a similar manner as keystroke dynamics and with further research to larger classes of authentication methods.
    Original languageEnglish
    Title of host publicationSecure IT Systems
    Subtitle of host publication21st Nordic Conference, NordSec 2016, Oulu, Finland, November 2-4, 2016. Proceedings
    EditorsBilly Bob Brumley, Juha Röning
    PublisherSpringer
    Pages256-268
    ISBN (Electronic)978-3-319-47560-8
    ISBN (Print)978-3-319-47559-2
    DOIs
    Publication statusPublished - 9 Oct 2016
    MoE publication typeA4 Article in a conference publication
    Event21st Nordic Conference on Secure IT Systems - University of Oulu, Oulu, Finland
    Duration: 2 Nov 20164 Nov 2016

    Publication series

    SeriesLecture Notes in Computer Science
    Volume10014
    ISSN0302-9743

    Conference

    Conference21st Nordic Conference on Secure IT Systems
    Abbreviated titleNordSec 2016
    CountryFinland
    CityOulu
    Period2/11/164/11/16

    Fingerprint

    Authentication
    Biometrics
    Internet

    Keywords

    • user authentication
    • keystroke dynamics
    • privacy
    • biometrics

    Cite this

    Halunen, K., & Vallivaara, V. (2016). Secure, Usable and Privacy-Friendly User Authentication from Keystroke Dynamics. In B. B. Brumley, & J. Röning (Eds.), Secure IT Systems: 21st Nordic Conference, NordSec 2016, Oulu, Finland, November 2-4, 2016. Proceedings (pp. 256-268). Springer. Lecture Notes in Computer Science, Vol.. 10014 https://doi.org/10.1007/978-3-319-47560-8_16
    Halunen, Kimmo ; Vallivaara, Visa. / Secure, Usable and Privacy-Friendly User Authentication from Keystroke Dynamics. Secure IT Systems: 21st Nordic Conference, NordSec 2016, Oulu, Finland, November 2-4, 2016. Proceedings. editor / Billy Bob Brumley ; Juha Röning. Springer, 2016. pp. 256-268 (Lecture Notes in Computer Science, Vol. 10014).
    @inproceedings{787088a521d44b80bb70c78b76cc833a,
    title = "Secure, Usable and Privacy-Friendly User Authentication from Keystroke Dynamics",
    abstract = "User authentication is a key technology in human machine interaction. The need to establish the legitimacy of transactions and possibly the actors behind them is crucial for trustworthy operation of services over the internet. A good authentication method offers security, usability and privacy protections for the users and the service providers. However, achieving all three properties with a single method is a difficult task and such methods are not in wide use today. We combine methods from biometrics, secure key exchange algorithms and privacy-protecting authentication to build an authentication system that achieves these three properties. Our system uses keystroke dynamics to authenticate the user and cryptographic methods to protect the privacy of the templates and samples and to extend the authentication to key exchange. The results show that the system can be used for user authentication, but more work is needed to protect against impersonation in some cases. Our work is extensible to many other biometrics that can be measured and compared in a similar manner as keystroke dynamics and with further research to larger classes of authentication methods.",
    keywords = "user authentication, keystroke dynamics, privacy, biometrics",
    author = "Kimmo Halunen and Visa Vallivaara",
    note = "SDA: SHP: Pro-Io-T",
    year = "2016",
    month = "10",
    day = "9",
    doi = "10.1007/978-3-319-47560-8_16",
    language = "English",
    isbn = "978-3-319-47559-2",
    series = "Lecture Notes in Computer Science",
    publisher = "Springer",
    pages = "256--268",
    editor = "Brumley, {Billy Bob } and Juha R{\"o}ning",
    booktitle = "Secure IT Systems",
    address = "Germany",

    }

    Halunen, K & Vallivaara, V 2016, Secure, Usable and Privacy-Friendly User Authentication from Keystroke Dynamics. in BB Brumley & J Röning (eds), Secure IT Systems: 21st Nordic Conference, NordSec 2016, Oulu, Finland, November 2-4, 2016. Proceedings. Springer, Lecture Notes in Computer Science, vol. 10014, pp. 256-268, 21st Nordic Conference on Secure IT Systems, Oulu, Finland, 2/11/16. https://doi.org/10.1007/978-3-319-47560-8_16

    Secure, Usable and Privacy-Friendly User Authentication from Keystroke Dynamics. / Halunen, Kimmo; Vallivaara, Visa.

    Secure IT Systems: 21st Nordic Conference, NordSec 2016, Oulu, Finland, November 2-4, 2016. Proceedings. ed. / Billy Bob Brumley; Juha Röning. Springer, 2016. p. 256-268 (Lecture Notes in Computer Science, Vol. 10014).

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

    TY - GEN

    T1 - Secure, Usable and Privacy-Friendly User Authentication from Keystroke Dynamics

    AU - Halunen, Kimmo

    AU - Vallivaara, Visa

    N1 - SDA: SHP: Pro-Io-T

    PY - 2016/10/9

    Y1 - 2016/10/9

    N2 - User authentication is a key technology in human machine interaction. The need to establish the legitimacy of transactions and possibly the actors behind them is crucial for trustworthy operation of services over the internet. A good authentication method offers security, usability and privacy protections for the users and the service providers. However, achieving all three properties with a single method is a difficult task and such methods are not in wide use today. We combine methods from biometrics, secure key exchange algorithms and privacy-protecting authentication to build an authentication system that achieves these three properties. Our system uses keystroke dynamics to authenticate the user and cryptographic methods to protect the privacy of the templates and samples and to extend the authentication to key exchange. The results show that the system can be used for user authentication, but more work is needed to protect against impersonation in some cases. Our work is extensible to many other biometrics that can be measured and compared in a similar manner as keystroke dynamics and with further research to larger classes of authentication methods.

    AB - User authentication is a key technology in human machine interaction. The need to establish the legitimacy of transactions and possibly the actors behind them is crucial for trustworthy operation of services over the internet. A good authentication method offers security, usability and privacy protections for the users and the service providers. However, achieving all three properties with a single method is a difficult task and such methods are not in wide use today. We combine methods from biometrics, secure key exchange algorithms and privacy-protecting authentication to build an authentication system that achieves these three properties. Our system uses keystroke dynamics to authenticate the user and cryptographic methods to protect the privacy of the templates and samples and to extend the authentication to key exchange. The results show that the system can be used for user authentication, but more work is needed to protect against impersonation in some cases. Our work is extensible to many other biometrics that can be measured and compared in a similar manner as keystroke dynamics and with further research to larger classes of authentication methods.

    KW - user authentication

    KW - keystroke dynamics

    KW - privacy

    KW - biometrics

    U2 - 10.1007/978-3-319-47560-8_16

    DO - 10.1007/978-3-319-47560-8_16

    M3 - Conference article in proceedings

    SN - 978-3-319-47559-2

    T3 - Lecture Notes in Computer Science

    SP - 256

    EP - 268

    BT - Secure IT Systems

    A2 - Brumley, Billy Bob

    A2 - Röning, Juha

    PB - Springer

    ER -

    Halunen K, Vallivaara V. Secure, Usable and Privacy-Friendly User Authentication from Keystroke Dynamics. In Brumley BB, Röning J, editors, Secure IT Systems: 21st Nordic Conference, NordSec 2016, Oulu, Finland, November 2-4, 2016. Proceedings. Springer. 2016. p. 256-268. (Lecture Notes in Computer Science, Vol. 10014). https://doi.org/10.1007/978-3-319-47560-8_16