During my undergraduate studies I developed a proof-of-concept program that used a neural network to recognize a user's typing style (as the cadence of keystroke timings from the keyboard). In the resulting paper [<http://dx.doi.org/10.1142/S146902680200052X>], I of course acknowledged that this is not intended to be a complete security/identification solution, but merely one option for inclusion in a set of methods. I imagine someone typing in their username and password and, in addition to validating the username and password, it validates the way in which they are typed. Other researchers have developed systems that constantly monitor the keystroke activity of the user while interacting with the system. If at any point the typing behavior changes, the system can react appropriately (going into lock-down mode or just sending an alert to an administrator. My system worked fairly well, usually requiring only one or two attempts at the typing challenge to be recognized and only rarely recognizing a false positive. With tuning, I'm sure it could have been improved. The point is that behaviorally-based biometrics are *slightly* better than physically-based ones in that it's harder to steal them and that they aren't entirely fixed. In the scenario of the keystroke timing recognition technique, the timings could potentially be stolen over the wire and a repeat attack might then gain access. But, combine that with some physical form of ID, like a keyfob, and a memorized passphrase or password and now you're talking. I also imagine the person's typing style changing over time, like their signature. The database of keystroke timings would have to be updated periodically with new samples from the authenticated user, perhaps gradually and automatically through some statistical recognition of a slight but acceptable deviation from the current set. I'm not arguing with the article at all. I am actually in complete agreement that physical attributes should never be treated like secret keys. I just wanted to point out a dichotomy in the realm of biometrics that might be worthy of separate consideration.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds