A novel approach to design of user re-authentication systems

Abstract

In the internet age, security is a major concern as identity thefts often cause detrimental effects. Masquerading is an important factor for identity theft and current authentication systems using traditional methods woefully lack mechanisms to detect and prevent it. This paper presents an application independent, continual, non-intrusive, fast and easily deployable user re-authentication system based on behavioral biometrics. These behavioral attributes are extracted from the keyboard and mouse operations of the user. They are used to identify and non-intrusively authenticate the user periodically. To extract suitable user attributes, we propose a novel heuristic that uses the percentage of mouse-to-keyboard interaction ratio and interaction quotient (IQ). In the re-authentication process, every time, the current behavior of the user is compared with the stored “expected” behavior. All deviations are noted and after a certain deviation threshold is reached, the system logs the user out of the current session. The underlying heuristic prevents imposters from misusing the system. Experimental results show that the proposed heuristic can greatly improve the accuracy of application-based and application independent systems to 96.4% and 82.2% respectively.