This paper proposes the concept of dynamic keystroke analysis as a means of enhancing user authentication in modern information systems. Whilst existing password-based schemes normally rely upon a single authentication judgement, the use of keystroke analysis would allow supervision to occur continuously throughout user sessions. In addition, the concept may be implemented transparently so as not to unnecessarily disrupt user activity. These points make it suitable for application in modern, user-friendly contexts such as multimedia.
The theoretical discussion is supported by the findings of an experimental study mounted within our group using 26 typists and a prototype authentication system. The results demonstrate considerable success, with an impostor detection rate of 85%. However, a number of potential problems identified in the discussion suggest that keystroke analysis would be best implemented alongside other supervision techniques rather than as a standalone system.
Name: Steven Marcus Furnell
Address: Network Research Group, Faculty of Technology, University of Plymouth, Plymouth, Devon. e-mail: stevef@soc.plym.ac.uk
Present Employer: University of Plymouth.
Duties or Job: Postgraduate Research Student.
Currently completing the final year of a PhD research programme entitled "Development of Security guidelines for European Health Applications with Implementation in Existing Systems".
Highlights of present work:
Involvement in the AIM SEISMED (Secure Environment for Information Systems in MEDicine) project involving the development of baseline security guidelines for existing healthcare systems.
Currently involved in the design and development of a real-time intrusion monitoring system, which is at present primarily based upon the concept of keystroke analysis.
Education: BSc. Computing & Informatics with first class honours from the University of Plymouth in 1992.