IntroductionComputer systems are now used in almost all aspects of business and commerce and many businesses rely heavily on effective operations of their computer systems. With the dramatic increase of interest in computer security over the past few years, there is a high demand on suitable alternatives to the traditional computer user authentication.
Biometrics, the physical traits and behavioural characteristics that make each of us unique, are a natural choice for identity verification. Unlike passwords and PINs biometrics can not be lost, stolen, or overheard. A physiological characteristic is a relatively stable physical feature such as a fingerprint, iris pattern, or retina pattern. A behavioural trait, on the other hand, has some physiological basis, but also reflects a person's emotional state. The most common trait used in identification is a person's signature. Other behaviours used include a person's keyboard typing and speech patterns. Behavioural biometrics work best with regular use.
Because no one system meets all needs, a range of biometric systems is in development or on the market.
The same neurophysiological factors that make a written signature unique are also exhibited in a user's typing patterns-also known as keystroke dynamics. When a person types, the latencies between successive keystrokes, keystroke durations, finger placement and applied pressure on the keys can be used to construct a unique profile for that individual. For well known, regularly typed strings, e.g. a computer user's login string, such profiles can be quite consistent.
Most verification techniques involve a registration phase in which a number of inputs of the user are captured and processed to generate a reference profile. When a user claims to be a particular individual and presents a login string, this test profile is compared with the reference profile for that individual. The difference between the two is then computed. If the difference is above a predefined threshold value the user is rejected otherwise authenticated. Typical matching approaches use neural network architectures or traditional pattern recognition schemes to associate identity with the keystroke dynamics features. Neural networks have a fundamental limitation in that each time a new user is introduced into the database, the network must be retrained. In environments where there is a high turnover of users, the down time assoiated with retraining can be significant.
The advantages of keystroke dynamics in the computer environment are obvious. Neither enrollment nor verification disturbs the regular work flow because the user would be tapping the keys anyway. And unlike other biometrics systems, keystroke dynamics is almost free. The only hardware required is the keyboard.