Keystroke Dynamics

Keystroke Dynamics: The Benefits of Behavioral Biometrics

Keystroke dynamics is the detailed timing information which describes when each key was pressed and when it was released. This method is considered to be a “behavioral biometric” that measures an individuals’ manner and rhythm of typing and uses the data to create a template of the unique typing pattern.

The dwell time (amount of time the key is pressed) and the flight time (the time between keys being pressed) are processed by neural algorithms to create a template. The vibration information (the pressure associated with dwell time) can also be measured and used as the basis for authentication.

The techniques used for keystroke dynamics vary widely in power and sophistication, from statistical approaches to AI neural networks. A few of the areas that are measured when creating a keystroke dynamics template include:

1. Raw Speed Uncorrected for Errors
2. Seek-Times and Hold-Times
3. Characteristics of Letter Sequences
4. Characteristics of Common Errors
5. Substitutions, Reversals, and Drop-Outs

Admittedly, those of us that “hunt and peck” with two fingers while having a bite to eat during a phone conversation tend to be a nightmare for this technology.

Behavioral biometrics—which rely on what is referred to as a “confidence measurement”—are considered to be less reliable than physical biometrics which rely on a “pass/fail” measurement. However, there are many benefits to this method. Risk mitigation can be explicitly defined and thresholds adjusted at the level of an individual.

Additionally, keystroke dynamic data points can be collected continuously. Consider the following examples of how this method could be effectively implemented.

Example #01: PHYSICAL COERCION
An executive is forced to access a sensitive system at gunpoint and then steps away so the malicious actor can operate. Although the executive logged in the biometrics would indicate a different actors’ involvement afterward. This would be especially useful for a case in which a laptop was being used to access the network remotely.

Example #02: UNAUTHORIZED ACCESS
An administrator does not sign out of the system when leaving and an unauthorized actor accesses the computer. In another scenario, a privileged user signs on and allows a non-privileged user to access the system. Both scenarios may be considered violations of policy that result in a “teachable moment” or a job vacancy announcement.

Keystroke dynamics does have drawbacks as a persons’ typing varies substantially during the day and between days due to temporal changes, fatigue, emotions, and martinis imbibed at lunch meetings.

However, implemented as part of a multimodal biometric system that augments the measurement of physical characteristics, it can prove to be a very effective low-cost solution.

Michael I. Kaplan is a Corporate Information Security Consultant, certified Cyber Security Instructor, and the Director of Operations for Phase2 Advantage with 21 years of experience in the security industry.

His technical areas of specialization are Digital and Network Forensics, Cyber Threat Intelligence, and Disaster and Incident Response Planning. Michael also possesses a high degree of subject matter expertise regarding conformance to Cyber Security Frameworks (CSF) and provides consulting services for clients regarding the NICE Cybersecurity Workforce Framework.

Leave Comment

Your email address will not be published. Required fields are marked *

eighteen − five =