An empirical analysis of keystroke dynamics in passwords: A longitudinal study

IF 1.8 4区 计算机科学 Q3 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE
IET Biometrics Pub Date : 2022-06-27 DOI:10.1049/bme2.12087
Simon Parkinson, Saad Khan, Alexandru-Mihai Badea, Andrew Crampton, Na Liu, Qing Xu
{"title":"An empirical analysis of keystroke dynamics in passwords: A longitudinal study","authors":"Simon Parkinson,&nbsp;Saad Khan,&nbsp;Alexandru-Mihai Badea,&nbsp;Andrew Crampton,&nbsp;Na Liu,&nbsp;Qing Xu","doi":"10.1049/bme2.12087","DOIUrl":null,"url":null,"abstract":"<p>The use of keystroke timings as a behavioural biometric in fixed-text authentication mechanisms has been extensively studied. Previous research has investigated in isolation the effect of password length, character substitution, and participant repetition. These studies have used publicly available datasets, containing a small number of passwords with timings acquired from different experiments. Multiple experiments have also used the participant's first and last name as the password; however, this is not realistic of a password system. Not only is the user's name considered a weak password, but their familiarity with typing the phrase minimises variation in acquired samples as they become more familiar with the new password. Furthermore, no study has considered the combined impact of length, substitution, and repetition using the same participant pool. This is explored in this work, where the authors collected timings for 65 participants, when typing 40 passwords with varying characteristics, 4 times per week for 8 weeks. A total of 81,920 timing samples were processed using an instance-based distance and threshold matching approach. Results of this study provide empirical insight into how a password policy should be created to maximise the accuracy of the biometric system when considering substitution type and longitudinal effects.</p>","PeriodicalId":48821,"journal":{"name":"IET Biometrics","volume":"12 1","pages":"25-37"},"PeriodicalIF":1.8000,"publicationDate":"2022-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/bme2.12087","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IET Biometrics","FirstCategoryId":"94","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1049/bme2.12087","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}
引用次数: 2

Abstract

The use of keystroke timings as a behavioural biometric in fixed-text authentication mechanisms has been extensively studied. Previous research has investigated in isolation the effect of password length, character substitution, and participant repetition. These studies have used publicly available datasets, containing a small number of passwords with timings acquired from different experiments. Multiple experiments have also used the participant's first and last name as the password; however, this is not realistic of a password system. Not only is the user's name considered a weak password, but their familiarity with typing the phrase minimises variation in acquired samples as they become more familiar with the new password. Furthermore, no study has considered the combined impact of length, substitution, and repetition using the same participant pool. This is explored in this work, where the authors collected timings for 65 participants, when typing 40 passwords with varying characteristics, 4 times per week for 8 weeks. A total of 81,920 timing samples were processed using an instance-based distance and threshold matching approach. Results of this study provide empirical insight into how a password policy should be created to maximise the accuracy of the biometric system when considering substitution type and longitudinal effects.

Abstract Image

密码击键动力学的实证分析:一项纵向研究
在固定文本认证机制中,击键定时作为一种行为生物特征的使用已经得到了广泛的研究。先前的研究已经单独调查了密码长度、字符替换和参与者重复的影响。这些研究使用了公开的数据集,其中包含从不同实验中获得的少量密码和时间。多个实验还使用参与者的名字和姓氏作为密码;然而,这对于密码系统来说是不现实的。用户的名字不仅被认为是一个弱密码,而且随着他们对新密码的熟悉,他们对键入短语的熟悉程度将获得的样本中的变化降至最低。此外,没有任何研究考虑使用同一参与者库的长度、替代和重复的综合影响。这项工作对这一点进行了探索,作者收集了65名参与者在输入40个不同特征的密码时的时间安排,每周4次,持续8周。使用基于实例的距离和阈值匹配方法总共处理了81920个时序样本。这项研究的结果为在考虑替代类型和纵向影响时如何创建密码策略以最大限度地提高生物识别系统的准确性提供了经验见解。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
IET Biometrics
IET Biometrics COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE-
CiteScore
5.90
自引率
0.00%
发文量
46
审稿时长
33 weeks
期刊介绍: The field of biometric recognition - automated recognition of individuals based on their behavioural and biological characteristics - has now reached a level of maturity where viable practical applications are both possible and increasingly available. The biometrics field is characterised especially by its interdisciplinarity since, while focused primarily around a strong technological base, effective system design and implementation often requires a broad range of skills encompassing, for example, human factors, data security and database technologies, psychological and physiological awareness, and so on. Also, the technology focus itself embraces diversity, since the engineering of effective biometric systems requires integration of image analysis, pattern recognition, sensor technology, database engineering, security design and many other strands of understanding. The scope of the journal is intentionally relatively wide. While focusing on core technological issues, it is recognised that these may be inherently diverse and in many cases may cross traditional disciplinary boundaries. The scope of the journal will therefore include any topics where it can be shown that a paper can increase our understanding of biometric systems, signal future developments and applications for biometrics, or promote greater practical uptake for relevant technologies: Development and enhancement of individual biometric modalities including the established and traditional modalities (e.g. face, fingerprint, iris, signature and handwriting recognition) and also newer or emerging modalities (gait, ear-shape, neurological patterns, etc.) Multibiometrics, theoretical and practical issues, implementation of practical systems, multiclassifier and multimodal approaches Soft biometrics and information fusion for identification, verification and trait prediction Human factors and the human-computer interface issues for biometric systems, exception handling strategies Template construction and template management, ageing factors and their impact on biometric systems Usability and user-oriented design, psychological and physiological principles and system integration Sensors and sensor technologies for biometric processing Database technologies to support biometric systems Implementation of biometric systems, security engineering implications, smartcard and associated technologies in implementation, implementation platforms, system design and performance evaluation Trust and privacy issues, security of biometric systems and supporting technological solutions, biometric template protection Biometric cryptosystems, security and biometrics-linked encryption Links with forensic processing and cross-disciplinary commonalities Core underpinning technologies (e.g. image analysis, pattern recognition, computer vision, signal processing, etc.), where the specific relevance to biometric processing can be demonstrated Applications and application-led considerations Position papers on technology or on the industrial context of biometric system development Adoption and promotion of standards in biometrics, improving technology acceptance, deployment and interoperability, avoiding cross-cultural and cross-sector restrictions Relevant ethical and social issues
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信