Typing Biometric Keypads: Combining Keystroke Time and Pressure Features to Improve Authentication

Typing Biometric Keypads: Combining Keystroke Time and Pressure Features to Improve Authentication

Benjamin Ngugi (Suffolk University, USA), Peter Tarasewich (Northeastern University, USA) and Michael Recce (Jersey Institute of Technology, USA)
Copyright: © 2012 |Pages: 22
DOI: 10.4018/joeuc.2012010103
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

Pervasive online applications are changing the way people perform routine activities. But while providing convenience to individuals and organizations, these applications can pose a significant remote user authentication challenge. Current authentication systems can be strengthened by adding an additional biometric layer to an existing authentication process. This paper addresses implementing such a solution by 1) presenting a novel biometric method that uses key-press pressure and timing patterns from a typed password to determine whether the person typing it is its true owner (even with a compromised PIN); and 2) investigating differences in perceptions of biometric keypads between two user groups, nursing and computing majors. Results reveal that combining pressure and timing patterns leads to better authentication compared with timing patterns alone. Furthermore, nursing majors are more cautious in accepting biometric keypad technology than computing majors, suggesting that care must be taken when introducing such technologies to different groups of people.
Article Preview

Introduction

The advancement of information and communication technologies in support of business and individual applications is changing the way people perform routine activities. For example, it is now common for individuals to shop and conduct financial transactions online from the comfort of their home or through automated teller machines and kiosks (Gefen, Karahanna, & Straub, 2003). Relatively complex queries that previously required human intermediaries (e.g., finding all credit card transactions over the past year with a given merchant) are routinely done by end users. With the US government's recent passage of a new health care bill, which will encourage the automation of electronic medical records (Blumenthal, 2009), patients will eventually be able to access their own health records online as easily as they order a book or pay a bill.

Such ubiquitous access to personal information can provide conveniences to individual users as well as the organizations that manage the systems. But with these changes come increased security concerns. Such applications can pose significant remote user authentication challenges. It can be quite difficult for an online service provider to know with certainty the identity of the remote person they are dealing with. This becomes even more complicated with the increasing number of computer breaches in which personal user data is stolen to construct counterfeit identities used to impersonate genuine users (Identity Theft Resource Center, 2009). Likewise, the fact that medical records will be electronically accessible at all times will increase their risk of inadvertent exposure to unauthorized parties. All of this calls for more reliable authentication. But organizations must also look at ways to protect information access that do not place too much burden on the end users themselves, as this can lead to systems that are difficult to use, and perhaps ultimately not used at all (Albrecht, 2001).

Current authentication in most organizations is done primarily using passwords in conjunction with a user login or other identifier. However, passwords have their innate weaknesses. They can suffer from the good password dilemma; if a password is easy to remember, then it is probably easy to crack (that is, guess or steal). If passwords are difficult to crack, then they are often difficult to remember. If a user cannot remember a needed password, they invariably write it down where it can be stolen. This dilemma explains why about 80% of all network intrusion problems are caused by bad (i.e., weak) passwords (O'Gorman, 2004).

An overall solution to secure information access will have to include a number of measures and countermeasures. One possible measure is to add an additional biometric “layer” to the current authentication systems. This additional layer would be difficult to separate from the genuine password owner since biometrics are more difficult to crack or forge. While there are many biometric options, this paper investigates a method which uses timing patterns made when typing passwords. Benefits of this method include low cost and transparent installation across any organization (Ord & Furnelli, 2000). Furthermore, our research results show that including key-press pressure features in addition to timing features leads to even better authentication accuracy. This will be most beneficial in situations where an organization has greater control over its information technology infrastructure (i.e., has access to keypad pressure data).

Biometric techniques can offer distinct advantages over traditional authentication methods. However, the adoption of biometric technologies has been slower than earlier forecasted (Albrecht et al., 2003). This may be because certain issues need to be addressed before a critical mass of potential users becomes comfortable with the routine use of biometrics. Thus, the proof of concept that an effective key-press authentication system can be built does not mean the technology would be well-received by end users. For example, about fifty percent of information technologies do not get accepted by users and are considered failures; that is, they fall short of meeting the expectations set forth by technology managers (Lippert & Davis, 2006). This suggests that we need to not only demonstrate the technical feasibility of the biometric keypad, but should also go one step further and investigate whether potential users will accept such a technology. This is the goal of the survey part of this research.

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 30: 4 Issues (2018): 1 Released, 3 Forthcoming
Volume 29: 4 Issues (2017)
Volume 28: 4 Issues (2016)
Volume 27: 4 Issues (2015)
Volume 26: 4 Issues (2014)
Volume 25: 4 Issues (2013)
Volume 24: 4 Issues (2012)
Volume 23: 4 Issues (2011)
Volume 22: 4 Issues (2010)
Volume 21: 4 Issues (2009)
Volume 20: 4 Issues (2008)
Volume 19: 4 Issues (2007)
Volume 18: 4 Issues (2006)
Volume 17: 4 Issues (2005)
Volume 16: 4 Issues (2004)
Volume 15: 4 Issues (2003)
Volume 14: 4 Issues (2002)
Volume 13: 4 Issues (2001)
Volume 12: 4 Issues (2000)
Volume 11: 4 Issues (1999)
Volume 10: 4 Issues (1998)
Volume 9: 4 Issues (1997)
Volume 8: 4 Issues (1996)
Volume 7: 4 Issues (1995)
Volume 6: 4 Issues (1994)
Volume 5: 4 Issues (1993)
Volume 4: 4 Issues (1992)
Volume 3: 4 Issues (1991)
Volume 2: 4 Issues (1990)
Volume 1: 3 Issues (1989)
View Complete Journal Contents Listing