Secure, Usable and Privacy-Friendly User Authentication from Keystroke Dynamics

Kimmo Halunen, Visa Vallivaara

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

2 Citations (Scopus)

Abstract

User authentication is a key technology in human machine interaction. The need to establish the legitimacy of transactions and possibly the actors behind them is crucial for trustworthy operation of services over the internet. A good authentication method offers security, usability and privacy protections for the users and the service providers. However, achieving all three properties with a single method is a difficult task and such methods are not in wide use today. We combine methods from biometrics, secure key exchange algorithms and privacy-protecting authentication to build an authentication system that achieves these three properties. Our system uses keystroke dynamics to authenticate the user and cryptographic methods to protect the privacy of the templates and samples and to extend the authentication to key exchange. The results show that the system can be used for user authentication, but more work is needed to protect against impersonation in some cases. Our work is extensible to many other biometrics that can be measured and compared in a similar manner as keystroke dynamics and with further research to larger classes of authentication methods.
Original languageEnglish
Title of host publicationSecure IT Systems
Subtitle of host publication21st Nordic Conference, NordSec 2016, Oulu, Finland, November 2-4, 2016. Proceedings
EditorsBilly Bob Brumley, Juha Röning
PublisherSpringer
Pages256-268
ISBN (Electronic)978-3-319-47560-8
ISBN (Print)978-3-319-47559-2
DOIs
Publication statusPublished - 9 Oct 2016
MoE publication typeA4 Article in a conference publication
Event21st Nordic Conference on Secure IT Systems - University of Oulu, Oulu, Finland
Duration: 2 Nov 20164 Nov 2016

Publication series

NameLecture Notes in Computer Science LNCS
PublisherSpringer
Volume10014
ISSN (Print)0302-9743

Conference

Conference21st Nordic Conference on Secure IT Systems
Abbreviated titleNordSec 2016
CountryFinland
CityOulu
Period2/11/164/11/16

Fingerprint

Authentication
Biometrics
Internet

Keywords

  • user authentication
  • keystroke dynamics
  • privacy
  • biometrics

Cite this

Halunen, K., & Vallivaara, V. (2016). Secure, Usable and Privacy-Friendly User Authentication from Keystroke Dynamics. In B. B. Brumley, & J. Röning (Eds.), Secure IT Systems: 21st Nordic Conference, NordSec 2016, Oulu, Finland, November 2-4, 2016. Proceedings (pp. 256-268). Springer. Lecture Notes in Computer Science, Vol.. 10014 https://doi.org/10.1007/978-3-319-47560-8_16
Halunen, Kimmo ; Vallivaara, Visa. / Secure, Usable and Privacy-Friendly User Authentication from Keystroke Dynamics. Secure IT Systems: 21st Nordic Conference, NordSec 2016, Oulu, Finland, November 2-4, 2016. Proceedings. editor / Billy Bob Brumley ; Juha Röning. Springer, 2016. pp. 256-268 (Lecture Notes in Computer Science, Vol. 10014).
@inproceedings{787088a521d44b80bb70c78b76cc833a,
title = "Secure, Usable and Privacy-Friendly User Authentication from Keystroke Dynamics",
abstract = "User authentication is a key technology in human machine interaction. The need to establish the legitimacy of transactions and possibly the actors behind them is crucial for trustworthy operation of services over the internet. A good authentication method offers security, usability and privacy protections for the users and the service providers. However, achieving all three properties with a single method is a difficult task and such methods are not in wide use today. We combine methods from biometrics, secure key exchange algorithms and privacy-protecting authentication to build an authentication system that achieves these three properties. Our system uses keystroke dynamics to authenticate the user and cryptographic methods to protect the privacy of the templates and samples and to extend the authentication to key exchange. The results show that the system can be used for user authentication, but more work is needed to protect against impersonation in some cases. Our work is extensible to many other biometrics that can be measured and compared in a similar manner as keystroke dynamics and with further research to larger classes of authentication methods.",
keywords = "user authentication, keystroke dynamics, privacy, biometrics",
author = "Kimmo Halunen and Visa Vallivaara",
note = "SDA: SHP: Pro-Io-T",
year = "2016",
month = "10",
day = "9",
doi = "10.1007/978-3-319-47560-8_16",
language = "English",
isbn = "978-3-319-47559-2",
series = "Lecture Notes in Computer Science LNCS",
publisher = "Springer",
pages = "256--268",
editor = "Brumley, {Billy Bob } and Juha R{\"o}ning",
booktitle = "Secure IT Systems",
address = "Germany",

}

Halunen, K & Vallivaara, V 2016, Secure, Usable and Privacy-Friendly User Authentication from Keystroke Dynamics. in BB Brumley & J Röning (eds), Secure IT Systems: 21st Nordic Conference, NordSec 2016, Oulu, Finland, November 2-4, 2016. Proceedings. Springer, Lecture Notes in Computer Science, vol. 10014, pp. 256-268, 21st Nordic Conference on Secure IT Systems, Oulu, Finland, 2/11/16. https://doi.org/10.1007/978-3-319-47560-8_16

Secure, Usable and Privacy-Friendly User Authentication from Keystroke Dynamics. / Halunen, Kimmo; Vallivaara, Visa.

Secure IT Systems: 21st Nordic Conference, NordSec 2016, Oulu, Finland, November 2-4, 2016. Proceedings. ed. / Billy Bob Brumley; Juha Röning. Springer, 2016. p. 256-268 (Lecture Notes in Computer Science, Vol. 10014).

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

TY - GEN

T1 - Secure, Usable and Privacy-Friendly User Authentication from Keystroke Dynamics

AU - Halunen, Kimmo

AU - Vallivaara, Visa

N1 - SDA: SHP: Pro-Io-T

PY - 2016/10/9

Y1 - 2016/10/9

N2 - User authentication is a key technology in human machine interaction. The need to establish the legitimacy of transactions and possibly the actors behind them is crucial for trustworthy operation of services over the internet. A good authentication method offers security, usability and privacy protections for the users and the service providers. However, achieving all three properties with a single method is a difficult task and such methods are not in wide use today. We combine methods from biometrics, secure key exchange algorithms and privacy-protecting authentication to build an authentication system that achieves these three properties. Our system uses keystroke dynamics to authenticate the user and cryptographic methods to protect the privacy of the templates and samples and to extend the authentication to key exchange. The results show that the system can be used for user authentication, but more work is needed to protect against impersonation in some cases. Our work is extensible to many other biometrics that can be measured and compared in a similar manner as keystroke dynamics and with further research to larger classes of authentication methods.

AB - User authentication is a key technology in human machine interaction. The need to establish the legitimacy of transactions and possibly the actors behind them is crucial for trustworthy operation of services over the internet. A good authentication method offers security, usability and privacy protections for the users and the service providers. However, achieving all three properties with a single method is a difficult task and such methods are not in wide use today. We combine methods from biometrics, secure key exchange algorithms and privacy-protecting authentication to build an authentication system that achieves these three properties. Our system uses keystroke dynamics to authenticate the user and cryptographic methods to protect the privacy of the templates and samples and to extend the authentication to key exchange. The results show that the system can be used for user authentication, but more work is needed to protect against impersonation in some cases. Our work is extensible to many other biometrics that can be measured and compared in a similar manner as keystroke dynamics and with further research to larger classes of authentication methods.

KW - user authentication

KW - keystroke dynamics

KW - privacy

KW - biometrics

U2 - 10.1007/978-3-319-47560-8_16

DO - 10.1007/978-3-319-47560-8_16

M3 - Conference article in proceedings

SN - 978-3-319-47559-2

T3 - Lecture Notes in Computer Science LNCS

SP - 256

EP - 268

BT - Secure IT Systems

A2 - Brumley, Billy Bob

A2 - Röning, Juha

PB - Springer

ER -

Halunen K, Vallivaara V. Secure, Usable and Privacy-Friendly User Authentication from Keystroke Dynamics. In Brumley BB, Röning J, editors, Secure IT Systems: 21st Nordic Conference, NordSec 2016, Oulu, Finland, November 2-4, 2016. Proceedings. Springer. 2016. p. 256-268. (Lecture Notes in Computer Science, Vol. 10014). https://doi.org/10.1007/978-3-319-47560-8_16