The vulnerability of computer systems is rapidly becoming a
serious issue. People have access to more and more systems and this access
leads to a conflict with the security of these systems. The combination of a
username and password is the main authentication method used to control access
to almost all systems. This is where distributed access and security collide,
the security of the system now depends on the integrity of the user.
The successful identification of an individual is a problem
which there is great interest. Being confident that a person is who they claim
is generally achieved using three distinct authentication factors:
Knowledge, what an
Tokens, what an individual
Biometrics, what the individual
These factors can be used separately but are often combined
to increase the confidence of the identification.
The first factor, knowledge, represents a secret that the
individual knows, the most common form of this is passwords. Using knowledge based
authentication has the advantage of not needing any physical objects or special
hardware or software to carry out making it simple to implement. There is one
major downside, this method relies on the human ability to retain and recall
information and this leads a lot of people to write down their secrets so that
they do not forget them. The second factor, tokens, represents physical objects
that the individual has. Keys are the most common type of token as they are
used to get access to buildings and cars. The disadvantage of token based
authentication is the need to carry the tokens and how easy it is for these
tokens to be misplaced. The third factor, biometrics, represents what the
Biometrics are the measurement and analysis of a person’s
characteristics. There are many characteristics that can be processed, however
the characteristic only becomes useful for authentication when it displays a
certain degree of uniqueness. Other qualities, such as consistency and ease of
acquiring measurements are important. Biometrics are commonly split into two
Physical biometrics covers features such as fingerprints,
iris patterns, retina patterns, and DNA. Behavioural biometrics covers features
such as signatures and voice patterns. Any measurable behaviour that a person
exhibits is placed into this category.
Iris recognition systems were used at 4 major English
airports. The initiative was called the Iris Recognition Immigration System it
was launched in 2004 but was shutdown in 2012 due to high operating costs, £4m,
and the high number of users who were falsely rejected by the system.
The performance of a biometric system is typically measured
using FAR and FRR and ERR .
False Acceptance Rate (FAR)
is the percentage of imposter access attempts that were identified as a genuine
False Rejection Rate (FRR)
is the percentage of genuine user attempts that are identified as imposters.
Equal Error Rate (ERR) is
the point where the FAR and FRR are equal
Dynamics Literature Review:
Keystroke Dynamics has gone under the radar compared to
other biometric techniques such as fingerprint and facial recognition. These
have commanded the biometric scene being used in popular mobile phones. As a
consequence of this there is not an abundance of published papers and those
that exist come from common sources.
An authentication method using the keystrokes of a user was
proposed by Gaines et al. . The experiment used 7 secretaries that worked at
the RAND corporation, they were asked to type 3 passages of text on 2
occasions, 4 months apart. Some of the secretaries were not available for the
second session and a complete set of data is not available. The timings
recorded were those between keystrokes (digraph) and it was found that there
was little difference between the digraphs recorded for the 3 passages, so they
merged the data and discarded digraphs that appeared fewer than 10 times. The
result they achieved was a 0% FAR and 4% FRR. This result is promising for
keystroke dynamics. The experiment however has a number of limitations, primarily
the lack of participants meaning the result does not hold as much weight.
Umphress and Williams  proposed that the time intervals
between keystrokes is related to the processes the brain goes through while typing.
They hypothesised that keystrokes occurred after a pause for thought and before
another pause for thought occurs. For this reason, they limited the number of
keystrokes between 6 and 8. No reference or experimentation on how they came to
this conclusion is given therefore it should be explored further.
1. R.S.Gaines, W.Lisowski, S.J.Press, and N.Shapiro.
Authentication by keystroke timing: Some preliminary results. Technical Report
R-2526-NSF, RAND Corporation, May 1980
2. Umphress, D., & Williams, G. (1985). Identity verification through
keyboard characteristics. International Journal of Man-Machine
Studies, 23(3), 263-273.
5. A. Peacock, X. Ke, M. Wilkerson, “Typing patterns: A key to user
identification”, IEEE Security & Privacy,
pp. 40-47, 2004
6. BBC News – Eye scanners at England airports turned off URL:
(visited on 14/12/2017)(p.1)
7. Iris Recognition Immigration System – Wikipedia, The Free
Encyclopedia URL: https://en.wikipedia.org/wiki/Iris_Recognition_Immigration_System#cite_note-Daily-Mail-1
(visited on 14/12/2017)(p.1)