Biometric Authentication and Identification using Keystroke Dynamics with Alert Levels


Publication date



Høgskolen i Oslo. Avdeling for ingeniørutdanning

Document type


Master i nettverks- og systemadministrasjon


Proper authentication is needed to avoid theft and destruction of data by unauthorized parties. This research proposes to add software biometrics to the authentication and verification process, using keystroke dynamics. The goal is to grant or revoke users privileges by distinguishing one user’s typing pattern from another. Login samples were recorded by monitoring keystroke parameters such as KeyDown time and KeyWait time, in an 8 character password. A system to generate user profiles, with the ability to accommodate continuous growth, was developed. By using appropriate Alert Levels, a 2.25% False Acceptance Rate and 4.17% False Rejection Rate was achieved. A method to recognize and identify users, based on one login sample, was able to trace 65% of the samples back to the original user. The work in this thesis was unable to find an applicable method for statistical pattern recognition. It concludes that by enabling a biometric keystroke dynamic authentication system, 97.75% of all false login attempts, with stolen but valid credentials, can be prevented, although with a potential downside of increasing the number of falsely rejected logins by 4.17%. However, as users grow accustomed to their password, the false rejection rate will go down and the system will increase in reliability. Password DoS attacks as well as automated dictionary attacks will be prevented, but a potential increase in administration cost is probable because of altered user behavior due to physical or environmental changes.


Permanent URL (for citation purposes)