Evaluation Scheme to Analyze Keystroke Dynamics Methods
Anastasia Dimaratos, Daniela Pöhn
TL;DR
This work tackles the vulnerability of password-based authentication by proposing keystroke dynamics as a mobile biometric factor and introducing an evaluation scheme to compare approaches. It methodically defines biometric requirements, data collection, preprocessing, feature handling, and classification, then applies the scheme to three distinct keystroke-dynamics methods, highlighting performance and limitations. The study finds that while keystroke dynamics can serve as an auxiliary authentication method, its security is not robust against stronger adversaries, and comparability across studies benefits from standardized datasets. The authors propose extending evaluation with larger, real-world datasets and exploring additional features (e.g., emojis) to improve accuracy and resilience, aiming for practical deployment as a frictionless authentication option.
Abstract
Password authentication is a weak point for security as passwords are easily stolen and a user may ignore the security by using a simple password. Therefore, services increasingly demand a second factor. While this may enhance security, it comes with a lower level of usability and another factor to be forgotten. A smartphone is an important device in daily life. With the growing number of sensors and features in a smartphone, keystroke dynamics may provide an easy-to-use method. In this paper, we introduce requirements for biometric authentication and keystroke dynamics. This results in an evaluation scheme, which is applied to three selected approaches. Based on the comparison, keystroke dynamics and the evaluation scheme are discussed. The obtained results indicate that keystroke dynamics can be used as another authentication method but can be bypassed by stronger adversaries. For further research, a common data set would improve the comparability.