IJSTE - International Journal of Science Technology & Engineering | Volume 2 | Issue 10 | April 2016

ISSN (online): 2349-784X

Authentication of users by Typing Pattern: A

Review
Ekta Guljari
Department of Information Technology
Pune University

Sujata Lokhande
Department of Information Technology
Pune University

Shraddha Mande
Department of Information Technology
Pune University

Laxmi Reddy
Department of Information Technology
Pune University

Mrs. K. Uma Maheswari

Department of Information Technology
Pune University

Abstract
Current computer systems are depend on authentication methods in order to protect the data which is stored in the systems. Every
user has unique username and password to access their accounts for important data, but these details are misused by an intruder so
there is requirement of additional authentication step. Keystroke biometric is a type of biometrics which is gaining more popularity
because they provide better and reliable means for authentication and verification of user.Keystroke dynamics captures the typing
speed of user verifies the user and provides the access.
Keywords: Keystroke Dynamic, dwell time, flight time, false acceptance rate (FAR), false rejection rate (FRR)
________________________________________________________________________________________________________
I.

INTRODUCTION

The use of the computer system is increasing day by day. The society depends mostly on internet, there is more confidential
information is used by the user over internet. So the traditional system provides username and password security which can be
easily hacked by the hacker. Therefore we need more security and the authentication of the user. So that only authorized user can
only able to access the account. As the login details have been exposed to an unauthorized, then that unauthorized user have
complete access to the authorized users account in a transparent manner and such things may result indirect financial loss and
secured information may leak. Authentication is the process to prevent the unauthorized access on the authorized account of the
user.
Keystroke dynamics is referring to the art and science of recognizing an individual based on an analysis of their typing patterns
which are unique for every human being. Typing pattern of an individual includes many factors such as the length of time it takes
to type the login and password, how long the individual required to depress a key and how long it take to type successive keys
[3].So it is very interesting and important technique. To provide an extra layer of security keystroke dynamics is being used.
User access to the systems is secured through possession of a login ID and password. User authentication is classified in three
classes: knowledge based, object based and biometric based. Diagram1 shows the various user authentication classifications which
are knowledge based, object based and biometric based.
The authentication of the user is done on
1) knowledge based authentication:- In this we check what the person knows, For example, user ID & password, PIN code etc.
2) Object or token based: - In this we check what the user posses, for example, ID-card, token etc.
3) Biometric: - In biometrics we identify humans by their unique characteristics. Biometrics is used in computer science as a
form of identification and access control. Biometric identification is depend on the behavioral and physiological characteristic
of the user i.e. Diagram prints, keystroke dynamics.[2][7]
Currently, there are two major forms of biometrics one is physiological biometric -It is based on physiological attributes i.e. Iris
Detection etc and second is behavioral biometric- it is based on behavioral attributes i.e. signature detection and keystroke
dynamics etc.

All rights reserved by www.ijste.org

1010

Authentication of users by Typing Pattern: A Review

(IJSTE/ Volume 2 / Issue 10 / 182)

Diagram 1: Classification of authentication process

II. RELATED WORK

Keystroke Dynamics:
As mentioned in [1], In simple words keystroke dynamics is not what you type, but how you type. This means whatever you type
that is measured on some scales like the key press time, the difference between two keys press time and speed of typing etc.
The measures that we defined above are changing as per the unique person by person. so its helpful to identify a person by using
the keystroke dynamics method. The keystroke dynamics is the current popular method for the authentication. The keystroke
dynamics requires only keyboard as a hardware requirement for the authentication.
Keystroke verification has two types i.e. static and continuous. Static refers to verification of characteristics only at specific
times, for example, during the login sequence. Continuous verification monitors the users typing pattern throughout the entire
session of interaction. So it provides the better security than static.
The Keystroke dynamics process is used for the
As every process has their advantages with some disadvantages this process is also having some advantages as well as
disadvantages.
Advantages:
a)

Uniqueness:

The typing pattern of every user is unique. So to check uniqueness of the keystroke of the user, it measure up to nanoseconds.
So it is very difficult to copy ones keystroke pattern at such high accuracy.
b)

Low Implementation and Deployment Cost

In traditional physiological biometric system such as Iris recognizer we need extra hardware and software for implementation.
Where as in keystroke dynamics does not depend on the hardware, only software is required for implementation, it runs at a
backend of the system without any interruptions.
c)

Transparency and simplicity

In many situations the user doesnt know that they are provided with an extra layer of authentication. This simplicity is useful for
the user who is not having the technical knowledge because for using the keystroke one doesnt required any technical knowledge.
d)

Replication Prevention

As the typing of the user differ from user to user. So nobody can easily copy the typing pattern of another user. So it prevents the
replication of the typing pattern.
Disadvantages
a)

Low Accuracy

Keystroke dynamic authenticate the user by the typing rhythm of the user, but if any external injury cause to the user due to which
the typing rhythm of the user dont match then the system will not accept the authenticate user also.
Feature Extraction:
Keystroke dynamics have several different feature:
- Latency of key stroke
- Duration of keystroke
- Hold time
- Overall typing speed
- Frequency of errors
- Force of hitting keys while typing
All rights reserved by www.ijste.org

1011

Authentication of users by Typing Pattern: A Review

(IJSTE/ Volume 2 / Issue 10 / 182)

The most commonly used feature of keystroke dynamics is latency and dwell. Fig2 is showing the latencies and dwell time.
Here we takten the password word as an example for explaining more specifically the latencies and dwell time.

Diagram 2: keystroke latency and duration

Latency or Flight Time:

Latency in keystroke dynamics is calculated with key press (P) and key release(R). The latency or flight time is calculated between
successive keys. There are four types of latencies for keystroke dynamics L1, L2, L3 and L4 where L1 is press press, L2 is releasepress, and L3 is press release andL4 is release.
1) PRESS-PRESS: it is the time between successive key presses i.e. [(time take to press first key) (time take to press another
key)].L1=P1-P2
2) RELEASE-PRESS: it is the time interval between key release and key press i.e. [(time take to release first key) (time
take to press second key)].L2= R1-P2
3) PRESS - RELEASE: it is the time interval of key press and key release i.e. [(time take to press second key) (time take
to release first key)].
L3= P2-R1
4) RELEASE- RELEASE: it is the time interval Between two successive key releases i.e. [(time take to release first key)
(time take to release second key)].
L4= R1-R2
The above are the four latency that is considered by the user while typing, and used to calculate the typing pattern of the
user.[2][8][9]
Duration or Dwell Time:
Dwell time (D1) is the time taken by the user in pressing and releasing of the one key [7]. Diagram 2 shows the key press duration
and latency of key press i.e. (time taken to press key) (time taken to release key). D1=P1-R1
The most commonly used metrics proposal is to evaluate the authentication of the user is on the basis of false acceptance rate
(FAR) and false rejection rate (FRR) [8][9]. The false rejection rate refers to the rate of authorized user access is denied and the
false acceptance rate is denoted as the rate unauthorized user is given access [8].
The main advantage of this method is that we can try more trials to get the perfect result.
III. IMPLEMENTATION
Design:
Keystroke dynamics provides a better way of authentication by measuring the unique typing speed of the particular user. In first
phase i.e Registration we have taken the basic details of new user like username, password, address, email, contact number etc. In
the registration phase we are taking 6 sample passwords of the user. This is the same password which we have to enter while login
and the registration process. After taking the sample password the key press difference between the each key pressed is stored into
the database. The average of every individual sample password is calculated. After accepting all the 6 passwords one average is
determined this resultant average is stored in to the database and this average is matched with the password which user is entering
while the login session. If the entered password is matched with 30% and above 30% the user is authenticated and access is granted
to the system. If the matching criteria is below 30% then user is unauthorised then access is denied for the system. Here also we
are providing the security questions for the user which he/she can use when the user

All rights reserved by www.ijste.org

1012

Authentication of users by Typing Pattern: A Review

(IJSTE/ Volume 2 / Issue 10 / 182)

Diagram 3: Implementation Flow

forgots the password by answering this question user can get his/her password on his email address. When user is completed
with the registration phase he/she can proceed to login phase.
In login phase user have to enter username and passwords and the user is logged in to the system. In the login phase user can
retrieve the password by clicking on forgot password option also user can reset the password. In reset password user can change
the existing password.by clicking on reset password the registered user can get the verification code on his registered email address.
user have to enter that verification code and the user is redirected to the registration phase where user can change his/her new
password. After the login phase user is on his account where user can update the details.
IV. CONCLUSION
This paper proposes to provide better security to the users account. Only authenticated user can access the account on the basis of
their typing pattern. Authorized user can easily access their account. Keystroke dynamic is replacing the knowledge based and
token based authentication system. However the keystroke dynamic is more reliable, having low cost for implementation,
transparent, the user doesnt recognize the process which is happening in background. The user who is not of technical background
can easily access because it doesnt required any technical knowledge. And also there is no need of any extra hardware for the
authentication process it uses keyboard only as a hardware to authorize the user.
As keystroke dynamics doesnt always give the positive results. We are trying to reducing the false acceptance rate and false
rejection rate. And till date we have tried some techniques which can also be used for authenticate the user by using keystroke
dynamics.
ACKNOWLEDGMENT
We are thankful to our HOD Mr. S.M.Bhagat and our guide Mrs. K. Uma Maheswari for their exemplary guidance and
encouragement throughout this paper work. Hereby, we truly appreciate the blessings, help and guidance given by our professors.
The opportunity taken by us shall carry us to the long way in journey of life on which we are about to embark.
REFERENCES
[1]
[2]
[3]
[4]
[5]

F. Monrose and A. Rubin, Authentication via Keystroke Dynamics, in the Fourth ACM Conference on Computer and Communication Security, 1997.
Pin Shen, Andrew Beng Jin Teoh and higang Yue, A Survey of Keystroke Dynamic Biometrics, The Scientific World Journal Volume 2013, Article ID
408280,24
Mudhafar M. Al-Jarrah, An Anomaly etector For Keystroke Dynamics Based On Median Vector Proximity, Journal Of merging Trends In Computing And
Information Sciences VOL3, NO. 6 June 2012
D. Umphress and G. William, Identity Verification through Keyboard Characteristics lntI J. Man-Machine Studies, vol.23,no. 3,1985,pp.263-273.
S. Bleha, C. Slivinsky, and B. Hussein, Computer-Access Security Systems using Keystroke Dynamics, IEEE Trans. Pattern Analysis and Machine
Intelligence, vol. 12, no. 12, 1990, pp. 1211222.

All rights reserved by www.ijste.org

1013

Authentication of users by Typing Pattern: A Review

(IJSTE/ Volume 2 / Issue 10 / 182)
V. Kacholia and S. Pandit, Biometric Authentication using Random Distributions (BioART), Proc. 15th Canadian IT Security Symp.(CITSS), Government
of Canada, 2003; www.csecst.gc.ca/en/symposium/symposium.html.
[7] D. Shanmugapriya, DR. G. Padmavathi, Virtual KeyForce- A New Feature For Keystroke, International JournalOf Engineering Science And
Technology(IJEST) Vol.3,No.10 October 2012
[8] Sally Dafaallah Abualgasim, Izzeldin Osman, An Application of the Keystroke Dynamic Biometric for Securing PINs and Passwords, World of Computer
Science and Information Technology Journal(WCSIT) Vol 1, No 9,398-404, 2011
[9] Pin Shen The, Shigang Yue, Andrew B.J.Teoh, FeatureFusion Approach On Keystroke Dynamics Efficiently Enhancement, International Journal Of CyberSecurity And Digital Forensic(IJCSDF) 1(1):20-31, 2012
[10] S. Haider, A. Abbas, and A.K. Zaidi, A Multitechnique Approach for User Identification through Keystroke Dynamics, IEEE Intl Conf.Systems, Man,
and Cybernetics, IEEE CS Press, vol. 2, 2000, pp.13361341.
[11] J.A. Robinson et al., Computer User Verification Using Login String Keystroke Dynamics, IEEE Trans. Systems, Man and Cybernetics, Part A, vol. 28,
Mar. 1998, pp. 236241.
[6]

All rights reserved by www.ijste.org

1014