The increasing use of automated information systems together with our pervasive use of computers has greatly simplified our lives, while making us overwhelmingly dependent on computers and digital networks. Technological achievements over the past decade have resulted in improved network services, particularly in the areas of performance, reliability, and availability, and have significantly reduced operating costs due to the more efficient utilization of these advancements. We argue that the use of keystroke rhythm is a natural choice for computer security. This argument stems from observations that similar neuro-physiological factors that make written signatures unique are also exhibited in a user’s typing pattern.
Introduction of Keystroke dynamics
Keystroke dynamics or typing dynamics refers to the automated method of identifying or confirming the identity of an individual based on the manner and the rhythm of typing on a keyboard. Keystroke dynamics is a behavioral biometric, this means that the biometric factor is ‘something you do’. These days each household has at least one computer keyboard, making keystroke dynamics the easiest biometric solution to implement in terms of hardware.
With keystroke dynamics the biometric template used to identify an individual is based on the typing pattern, the rhythm and the speed of typing on a keyboard. The raw measurements used for keystroke dynamics are dwell time and flight time.
- Dwell time is the time duration that a key is pressed
- Flight time is the time duration in between releasing a key and pressing the next key
The candidates differ in the way they type on the keyboard as the time they take to find the right key, the flight time, and the dwelling time. Their speed and rhythm of typing also varies according to their level of comfort with the keyboard. Keystroke recognition system monitors the keyboard inputs thousands of times per second in a single attempt to identify users based on their habits of typing.
Definition of Keystroke dynamics
Keystroke dynamics is a biometric based on assumption that different people type in uniquely characteristic manners. Keystroke dynamics is mostly applicable to verification, but also identification is possible. In verification it is known who the user is supposed to be and the biometric system should verify if the user is who he claims to be. In identification, the biometric system should identify the user without any additional knowledge, using only keystroke dynamics. Most applications of keystroke dynamics are in field of verification.
Keystroke dynamics refers to the process of measuring and assessing human’s typing rhythm on digital devices. Such device, to name a few, usually refers to a computer keyboard, mobile phone, or touch screen panel. A form of digital footprint is created upon human interaction with these devices. Keystroke dynamics can use “static text”, where keystroke dynamics of a specific pre-enrolled text, such as a password, is analyzed at a certain time, e.g., during the log on process. For more secure applications, “free text” should be used to continuously authenticate a user.
Keystroke dynamics include:
- Overall speed
- Variations of speed moving between specific keys.
- Common errors.
- The length of time that keys are depressed.
The roots of keystroke dynamics go back to the early days of the telegraph, when individuals developed distinctive patterns that identified them. This pattern was known as a telegraph operator’s “fist.” During World War II, a methodology known as the “fist of the sender” helped to identify the source of Morse code and confirm that a particular message was, in fact, from a valid source.
Application of Keystroke Dynamics
Keystroke dynamics can be used for authentication, and then it is used mostly together with user ID/password credentials as a form of multifactor authentication. Another use is as a very specific form of surveillance. Companies which develop software products applying keystroke dynamics are:
- TypingDNA built and AI engine able to match any two typing patterns with unprecedented accuracy. It’s easy to use keystroke dynamics authentication API is suitable for securing logins, enforcing reset passwords, detecting intruders and online biometric authentication for user behaviour analytics, multifactor authentication, user identification, eLearning and fraud prevention. They also provide a continuous authentication app, for Windows and Mac, also based on keystroke dynamics.
- ID Control is a dutch company developing strong but affordable authentication solutions, some of which use keystroke dynamics. Their software integrates with MS Windows logon, Citrix, VPN and many others.
- BehavioSec is a swedish company specialized in continuous authentication systems, this is software which monitors activity on a computer to make sure that it is the genuine account owner who is using the computer. BehavioSec uses not only keystroke dynamics but also mouse dynamics and the general way in which the user interacts with the computer.
Advantages of Keystroke Dynamics
- Uniqueness: Keystroke event can be measured up to milliseconds precision by software. Thus, it is impractical to replicate one’s keystroke pattern at such high resolution without enormous amounts of effort.
- Low Implementation and Deployment Cost: In contrast to traditional physiological biometric systems such as palm print, iris, and fingerprint recognition that rely on dedicated device and hardware infrastructure, keystroke dynamics recognition is entirely software implementable. The benefit of low dependency on specialized hardware not only can significantly reduce deployment cost but also creates an ideal scenario for implementation in remote authentication environment
- Transparency and Noninvasiveness: One of the significant edge keystroke dynamics biometrics has over other options is the degree of transparency it provides. It requires none or minimal alteration to user behavior since the capture of keystroke pattern is done via backend software implementation
- Increase Password Strength and Lifespan: Password has been the most widely deployed identity authentication methods despite the systems that rely solely on single credential set constitute weakness and vulnerability
- Replication Prevention and Additional Security: Keystroke patterns are harder to be reproduced than written signatures.
Continuous Monitoring and Authentication: Continuous monitoring and authentication have often been sidelined yet they are relatively important.
Disadvantages of Keystroke Dynamics
- Lower Accuracy: Keystroke dynamics biometrics are inferior in terms of authentication accuracy due to the variations in typing rhythm that caused by external factors such as injury, fatigue, or distraction.
- Lower Permanence: Most behavioral biometrics generally experience lower permanency compared to physiological biometrics. Typing pattern of a human may gradually change following the accustomization towards a password, maturing typing proficiency, adaptation to input devices, and other environmental factors
 Monrose, Fabian, and Aviel D. Rubin, “Keystroke dynamics as a biometric for authentication.” Future Generation computer systems 16, no. 4 (2000): pp. 351-359.
 “Keystroke Dynamics”, available online at: http://www.biometric-solutions.com/keystroke-dynamics.html
 Pin Shen The, Andrew Beng Jin Teoh and Shigang Yue, “A Survey of Keystroke Dynamics Biometrics”, Hindawi Publishing Corporation The Scientific World Journal, Volume 2013, 24 pages, 2013
 “keystroke dynamics”, available online at: http://searchsecurity.techtarget.com/definition/keystroke-dynamics