Section 11.1. Typing Pattern Biometrics


11.1. Typing Pattern Biometrics

Many current computer systems ask users to enter a username and password pair before granting access. This method of authentication relies on the password's secrecy and, in some cases, the username's secrecy. If secrecy is not compromised, the system asserts that these tokens uniquely identify a valid user.

The problems associated with maintaining the secrecy of passwords are well understood.[1] Passwords that consist of common words, common phrases, or terms associated with a particular user are generally considered to be weak because of the relative ease with which such passwords can be guessed by a third party or found through dictionary attacks. But because users find obscure passwords hard to remember, usability suffers. Not only must users choose obscure passwords, but they also must choose new ones often: many systems require that users periodically choose new passwords as part of security policies designed to deal with account compromises that are undetected. Add to this difficulty the fact that users are frequently encouraged to choose different unique passwords for each system that they access so that one exposed password does not jeopardize all systems. In practice, many individuals find the burden of remembering many unique, obscure, constantly changing passwords too heavy to carry, so they instead shed the weight of complying fully with these policies and recommendations by choosing weak passwords or reusing the same password over and over again.[2] Even if users do follow the best-recommended practices, passwords are still easily transferable from one party to another, whether transferred inadvertently or not; users sometimes write passwords down on paper, store them in accessible text files, accidentally expose them by entering them in the username field, and so on.

[1] M. Kotadia, "Gates Predicts Death of the Password," CNET News.com (Feb. 2004); http://msn-cnet.com/2100-1029_3-5164733.html.

[2] A. Adams and M. A. Sasse, "Users Are Not the Enemy," Communications of the ACM 42 (Dec. 1999), 4046. See also this volume, Chapter 32.

Over the past quarter-century, researchers have developed authentication systems based on the uniqueness of a user's typing pattern. The hope is that these systems will improve the security of traditional password systems while increasing, or at least not decreasing, usability. These systems work by measuring typing characteristics that are believed to be unique to the physiology and behavior of an individual, and thus are hard for impostors to imitate. The exact characteristics that are measured to form these biometrics vary, but almost universally they rely on timings between the press and release of various key combinations.

In the remainder of this chapter, we will outline several applications of this technology, compare results from existing research, discuss the impact of patents, and explore possible attacks on systems built to take advantage of typing patterns.



Security and Usability. Designing Secure Systems that People Can Use
Security and Usability: Designing Secure Systems That People Can Use
ISBN: 0596008279
EAN: 2147483647
Year: 2004
Pages: 295

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net