Sérgio Tenreiro de Magalhães

A Survey of User Authentication Based on Mouse Dynamics

This work surveys biometric based authentication systems that deploy mouse movements. Typically, timing and movement direction, along with clicking actions are used to build a profile of a user, which is then used for authentication purposes. Most system relies on a continuous monitoring process, or require the user to interact with a program (such as a game) in order to derive sufficient statistical information regarding their mouse dynamics. In this work, a novel graphical authentication system dubbed Mouse-lock is presented. This system deploys the analogy of a safe, and the password is entered via the mouse in a graphical equivalent of combination lock. The question is whether this approach elicits sufficient discriminatory information from a relatively minimalist degree of interaction from the user. The preliminary results from a study with six subjects indicates, based on FAR/FRR values, that this is a viable approach.

A machine learning approach to keystroke dynamics based user authentication

The majority of computer systems employ a login ID and password as the principal method for access security. In stand-alone situations, this level of security may be adequate, but when computers are connected to the internet, the vulnerability to a security breach is increased. In order to reduce vulnerability to attack, biometric solutions have been employed. In this paper, we investigate the use of a behavioural biometric based on keystroke dynamics. Although there are several implementations of keystroke dynamics available, their effectiveness is variable and dependent on the data sample and its acquisition methodology. The results from this study indicate that the Equal Error Rate (EER) is significantly influenced by the attribute selection process and to a lesser extent on the authentication algorithm employed. Our results also provide evidence that a Probabilistic Neural Network (PNN) can be superior in terms of reduced training time and classification accuracy when compared with a typical MLFN back-propagation trained neural network.

Cognitive Biometrics: Challenges for the Future

Cognitive biometrics is a novel approach to user authentication/identification which utilises a biosignal based approach. Specifically, current implementations rely on the use of the electroencephalogram (EEG), electrocardiogram (ECG), and the electrodermal response (EDR) as inputs into a traditional authentication scheme. The scientific basis for the deployment of biosignals resides principally on their uniqueness -for instance the theta power band in adults presents a phenotypic/genetic correlation of approximately 75%. The numbers are roughly the same for ECG, with an heritability correlation for the peak-to-peak (R-R interval) times of over 77%. For EDR, the results indicate that there is approximately a 50% heritability score (h2). The challenge with respect to cognitive biometrics based on biosignals is to enhance the information content of the acquired data.

On the use of rough sets for user authentication via keystroke dynamics

Keystroke dynamics is a behavioral biometric that is based on how a user enters their login details. In this study, a set of eight attributes were extracted during the course of entering login details. This collection of attributes was used to form a reference signature (a biometrics identification record) for subsequent authentication requests. The algorithm for the authentication step entails transforming the attributes into a discretised form based on the amino acid alphabet. A set of bioinformatics based algorithms are then used to perform the actual authentication test. In addition, the use of rough sets was employed in this study to determine if subsets of attributes were more important in the classification (authentication) than others. Lastly, the results of this study indicate that the error rate is less than 1% in the majority of the cases.

Enhancing login security through the use of keystroke input dynamics

Security is a critical component of most computer systems – especially those used in E-commerce activities over the Internet. Global access to information makes security a critical design issue in these systems. Deployment of sophisticated hardware based authentication systems is prohibitive in all but the most sensitive installations. What is required is a reliable, hardware independent and efficient security system. In this paper, we propose an extension to a keystroke dynamics based security system. We provide evidence that completely software based systems based on keystroke input dynamics can be as effective as expensive and cumbersome hardware based systems. Our system is behavioral based that captures the typing patterns of a user and uses that information, in addition to standard login/password security to provide a system that is user-friendly and very effective at detecting imposters.

The People’s Republic of China – The Emerging Cyberpower

The People’s Republic of China (PRC) has a long tradition on military strategy. In the end of the 20 th century this was one of the first nations to prepare itself for the new emerging concept of war that includes the combat in cyberspace, both with the intention to obtain privileged information (espionage), to reduce the enemy attack and/or military capability or even to create casualties. This paper presents an overview on the known facts on this issue, concluding on an urgent need to improve the security technologies and policies of the digital systems used by the governments, namely in what concerns to authentication processes and the need for occidental countries to prepare personnel with knowledge on the culture, on the language and on the thought of the PRC, so that they can be ready for the next steps of this (re)emerging nation.

Biometric technologies and their perception by the common citizen

This article presents the biometric technology and its perception by the common citizen in Portugal. The results of a systematic inquiry about the perception of the Portuguese on the biometric technology are presented, which involved 606 citizens. Through the article, we present the principal biometrics, subdivided in stealth and collaborative, and the main concepts on its evaluation. Following a simple method consisting in a survey by questionnaire, the most relevant conclusions are presented.

Study of the Perception on the Biometric Technology by the Portuguese Citizens

This article presents the results of a systematic inquiry about the perception of the Portuguese on the biometric technology, which involved 606 citizens. It is presented the principal biometrics and the main concepts on its evaluation. Following a simple method consisting in a survey by questionnaire, the most relevant conclusions are presented.

The Georgia's Cyberwar

The evolution of the technology and the changes in the organization and control of the critical infrastructures of the nations are creating a new combat front. The case studied in this paper refers to the attack to the information systems of the Georgian organizations that occurred at the same time as the conventional military operation executed by the Russian army in the South Ossetia in August 2008. The data collected and presented in this paper showed the existence of a poorly organized network, related to Russian criminal organizations, raising the possibility of this case being an instance of the Maoist concept of the “People’s war”. This paper will also show that, despite the unsophisticated resources used in the attacks and to promote them, the damages in the selected targets were considerable.

User Dynamics in Graphical Authentication Systems

In this paper, a graphical authentication system is presented which is based on a matching scheme. The user is required to match up thumbnail graphical images that belong to a variety of categories – in an order based approach. The number of images in the selection panel was varied to determine how this effects memorability. In addition, timing information was included as a means of enhancing the security level of the system. That is, the user’s mouse clicks were timed and used as part of the authentication process. This is one of the few studies that employ a proper biometric facility, namely mouse dynamics, into a graphical authentication system. Lastly, this study employees the use of the 2-D version of Fitts’ law, the Accot-Zhai streering law, which is used to examine the effect of image size on usability. The results from this study indicate that the combination of biometrics (mouse timing information) into a graphical authentication scheme produces FAR/FRR values that approach textual based authentication schemes.