You are here: Home Contents V8 N3 V8N3_Ngugi.html
Personal tools

Biometric Keypad Reliability: Stability of Typing Patterns and Authentication Accuracy



Full text

Journal of Information Systems Security
Volume 8, Number 3 (2012)
Pages 328
ISSN 1551-0123 (Print)
ISSN 1551-0808 (Online)
Benjamin Ngugi — Suffolk University, UK
Dezhi Wu — Southern Utah University, USA
Jonathan Frank — Suffolk University, UK
Information Institute Publishing, Washington DC, USA




For several decades, researchers have been exploring the potential of using biometric typing keypads for user identification and authentication, to improve security within organizational networks. However, there has been a lack of broad and rigorous testing on how the technology performs under various field conditions. We conducted a 3 x 1 factorial experiment over a 30-day period to investigate how variations in individual typing patterns over time affected the accuracy of keystroke authentication in biometric systems. We found that individual typing patterns varied over time, especially in terms of the individual’s typing duration time. This variance in turn affected the accuracy of the biometric keypad. Furthermore, we found no linear correlation between the variation in typing patterns and the resulting deterioration in accuracy. This suggests that the design of automated, self- adjusting algorithms to compensate for change in individual typing patterns is more complex than previously thought. These findings raise doubts on the reliability and hence suitability of typing biometrics especially for critical authentication systems. Rather, we suggest that typing biometrics would be more suitable in niche fields like continuous background authentication, as a secondary authentication layer and for personalization systems.




Biometric Keyboard; Keystroke Dynamics; Defense-in-depth Strategy




Araújo, L. et al. (2005), “User Authentication Through Typing Biometrics Features”, IEEE Transactions on Signal Processing 53(2), 851-855.

Bergadano F. et al. (2002), "User Authentication through Keystrokes Dynamics", ACM Transaction on Information and Systems Security 5(4), 367-397.

Bleha, S., Slivinsky, C. et al. (1990), "Computer-Access Security Systems Using Keystroke Dynamics", IEEE Transactions on Pattern Analysis and Machine Intelligence 12(12), pp. 1217-1222.

Bryan, W.L. and Harter, N. (1899), "Studies in Telegraphic Language: The Acquisition of a Hierarchy of Habits", Psychological Review 6, 345-3.

Chang, C.-C. and Lin, C.-J. (2001), Libsvm : A Library for Support Vector Machines,.

Chuda, D. and Ďurfina, M. (2009), 'Multifactor Authentication Based on Keystroke Dynamics',  Proceedings of the International Conference on Computer Systems and Technologies, Sofia, Bulgaria.

Dahalan, A. et al. (2004), "Intelligent Pressure-Based Typing Biometrics System", Lecture Notes in Computer Science, 3214(294-304)

Duda R, et al. (2000) Pattern Classification. John Wiley & Sons, New York.

Dunstone, T. and Yager, N. (2008), Biometric System and Data Analysis: Design, Evaluation, and Data Planning. Springer.

Federal Trade Commission (2011), Consumer Sentinel Network Data Book for January -December 2010.

Gaines, R. et al. (1980), Authentication by Keystroke Timing: Some Preliminary Results.  Rand Report R-256-Nfs. Rand Corporation, Santa Monica, CA.

Graeventiz,  G.V. (2003), "Biometrics in Access Control", A & S International Automation & Security 50, 102-104.

Hsu, C.W. et al. (2003), A Practical Guide to Support Vector Classification. Department of  Computer Science and Information Engineering, National Taiwan University.

Jain, A. et al. (2000), "Biometric Identification", Communication of the ACM 43(2), 90-98.

Jain, A. et al. (2004), 'Biometrics: A Grand Challenge',  International Conference on Pattern Recognition, pp 935-942, Cambridge, UK.

Jang, S.R. (1993), "ANFIS: Adaptive Network Based Fuzzy Inference Systems", IEEE Transactions on System, Man and Cybernatics 23(3), 665-685.

Joachims, T. (Ed.), (1999), Making Large-Scale Svm Learning Practical. MIT-Press, Cambridge, MA, USA.

Joyce, R. and Gupta, G. (1990), "Identity Authentication Based on Keystroke Latencies", Communications of the ACM 33(2), 168-176.

Kotani, K. and Horii, K. (2005), "Evaluation on a Keystroke Authentication System by  Keying Force Incorporated with Temporal Characteristics of Keystroke Dynamics", Behaviour & Information Technology 24(4), 289 – 302.

Li, Z. et al. (2005), 'Keyboard Acoustic Emanations Revisited', Proceedings of the 12th ACM conference on Computer and communications security, ACM, Alexandria, VA, USA.

Monrose, F. and Rubin, A. (2000), "Keystroke Dynamics as a Biometric for Authentication", Future Generation Computer Systems 16(4), 351-359.

National Center for State Courts (2002), 'Biometrics and the Courts', E-Court Conference Las Vegas, CA, USA.

Ngugi, B. (2005), Electronic Capture and Analysis of Fraudulent Behavioral Patterns: An Application to Identity Fraud. Unpublished Thesis. 

Information Systems Department. New Jersey  Institute of Technology. Newark, NJ. 

Ngugi, B. et al. (2011a), "Typing Biometrics: Impact of Human Learning on Performance Quality", J. Data and Information Quality 2, 2

Ngugi B, et al. (2011b) Biometric Keypads: Improving Accuracy through Optimal Pin Selection. Decision Support Systems 50(4), 769-776.

Ngugi, B. et al. (2012). "Typing Biometric Keypads: Combining Keystroke Time and Pressure Features to Improve Authentication", Journal of Organizational and End User Computing (JOEUC), 24(1), 42-63.

O'Gorman, L. (1998), An Overview of Fingerprint Verification Technologies -Information Security  Technical Report. Elsevier press, Netherlands.

O'Gorman L (2004) Securing Business's Front Door- Passwords, Tokens and Authentication. In Guarding Your Business: A Management Approach to Business (Ghosh S, Malek M and Stohr EA, Eds), pp Pages 119-149, Springer USA.

Ord, T. and Furnell, S.M. (2000), 'User Authentication for Keypad-Based Devices Using Keystroke Analysis', Proceedings of the Second International Network Conference, Plymouth, UK.

Peacock, A. et al. (2005), 'Identifying Users from Their Typing Patterns', Security and Usability: Designing Secure Systems That People Can Use (Cranor LF and Garfinkel S, Eds), pp 199-220, O'Reilly  Media Inc., Sebastopol, CA, USA.

Pfleeger, S.L. (2003), Security in Computing. Prentice Hall.

Prabhakar, S. et al. (2003), "Biometric Recognition: Security and Privacy Concerns", IEEE Computer and Society, pp 33-42.

Shaw, E. et al. (1998), 'The Insider Threat to Information Systems: The Psychology of the Dangerous Insider', Department of  Defense Security Institute, USA.

Sulong, A. et al. (2009), 'Intelligent Keystroke Pressure-Based Typing Biometrics Authentication System Using Radial Basis Function Network', In Signal Processing and Its Applications, pp 151 - 155 IEEE, Kualar Lumpur.

Whitman, M. and Mattord, H. (2005), Principles of Information Security. Course Technology, Boston, Massachusetts, USA.

Villani, M., et al. (2006), 'Keystroke Biometric Recognition Studies on Long-Text Input under Ideal and Application-Oriented Conditions', Proceedings of  the 2006 Conference on Computer Vision and Pattern 

Recognition Workshop, p. 39.

Yu, E. and Cho, S. (2004), "Keystroke Dynamics Identity Verification- Its Problems and Practical Solutions", Computers & Security 23(5), 428-440.