SECURI G MOBLIE AUTHE TICATIO THROUGH KEYSTROKES DY AMICS

itin Singh (07BIT138) Prithumit Deb (07BIT157)

Aim
To develop a security system for mobile devices that eliminates the vulnerability of PIN (4-digit) security and which reduces the high end configuration and memory space requirements of biometrics security.

Objective
The issues that we will be handling in the project work is the vulnerability of PIN security in mobile devices and providing an extra layer of security through Key Strokes Dynamics based authentication system. Also the problem of authentication error rates while using natural user keystroke pattern will be worked upon. And a better mechanism which uses an artificial keystroke rhythm with cues will be worked upon. Method- Keystroke Dynamics based Authentication Security system for Mobile Devices using Artificial typing rhythm and cues. Principle- Making use of the behavioral pattern of the user rather than any physical pattern or biometrics.

Motivation
Now a days mobile device are widely used in financial applications such as banking, ticket booking, m-commerence, stock trading etc. So data security and a proper user authentication are very important for mobile devices. The draw backs of the existing security mechanism are unlike computers, in mobile devices PIN (Personal Identification Number) has been used as the only security mechanism for decades. PIN is only a 4-digit (0000-9999) combination of numbers. The limited length of the PIN and the limitation in digit combinations (only 10000) increases the chances of trial and error attacks and shoulder surfing. Often it is easy to guess the PIN of the user if the imposter knows some personal details regarding the user (like date of birth, favorite number, and vehicle number etc. Recently the use of biometrics has proved to improve the security of cell phones (finger print recognition, facial recognition, voice recognition, iris scanning etc). But implementing biometric authentication needs a lot of resources, configuration and memory which are generally limited in small devices like cell phones. So a much simpler but efficient authentication mechanism is required which improves the security of mobile devices.

Related Works
Existing works in order Paper Title with Authors, Keystroke dynamicsbased authentication and year for mobile devices. (Seong-seob Hwang, Sungzoon Cho, Sunghoon Park)- 2008 dynamics Specific problems/issues Keystroke based authentication discussed for mobile devices. Problem statement Data security through keystrokes dynamics based authentication Keystroke Dynamics as a Biometric for Authentication (Fabian Monrose, Aviel D. Rubin)- 1999 Security threats to a computer and using biometrics to increase the level of security Result on the Authentication based on Keystrokes dynamics and comparison of the experiment results with the prior works Users are familiar with computers and passwords Limitation of user group for data collection

Assumptions

Constraints

User acquaintance with typing in mobile keypad Limited user group for the experiment

Process or operation or Keystrokes Dynamics based Authentication functional description Less configuration and Claimed advantages memory space required Difficult to implement Claimed disadvantages for a larger and diverse set of users with varying typing pattern

The problem with keystroke recognition is that unlike other nonstatic bio-metrics there are no known features or feature transformations which are dedicated solely to carrying discriminating information.

Algorithms used Tools used

3G synchronized IMT- MATLAB, C++, GNU 2000 cellular system plot (CDMA2000 1xEV-

Tables and fields

Domain tested

Metrics used with formula

Performance graphs

Future work proposed

DO) Choice of Passwords and use of typing hands, Equal Error rates, factors affecting error rates Domain of 25 users Data was collected with average age 25.3 from 63 users yrs Euclidean Distance measure, Non weighted and weighted probability Cumulative distribution of enroll, login and imposter distances Applying the same Recognition based on theory to a more free-text typing pattern diverse user group during the identification process

System Design with Modules

The idea described here will be useful for people who do their vital commercial activities like banking, shopping and stock trading through their mobile devices in which the security of personal data is vital.

Enrollment Process 4 digits PIN with Artificial Typing Rhythm using cues (audio or visual) Input 5 times for enrollment Generate keystroke pattern graph from the 5 inputs

Username & 4 digits PIN

Determine suitable Threshold Value

Store in the database 1. Username & PIN in encrypted form. 2. Keystroke Pattern of the user.

DATABASE
3. Threshold Value for the user. 4. Login Attempts made by user. Authentication Process Retrieve the PIN from database Input username & PIN from the user Decryption

KDA Authentication Retrieve keystroke pattern & threshold value from database

If Invalid

Check PIN validation

Check if the login pattern is lies within the threshold value found during the enrollment process.

Valid

Authenticate

Implementation Procedure
Proposed Algorithm: 1. Start 2. Enroll the keystroke pattern of the user 3. The Enrollment process is done 5 times to minimize the error rates and to determine a suitable threshold values. 4. Artificial Keystroke rhythm will be used and cues (audio) will be provided to help the user make a consistent and unique pattern 5. The threshold limit for the users keystroke pattern is determined. 6. The users PIN in encrypted format, enrollment pattern, and threshold limit and login attempts are stored in a database 7. Next during Authentication the PIN is validated first after decrypting the PIN from the database. If found valid then it proceeds to the next step of KDA or else the user will be asked for the PIN again 8. In the KDA the user again types the PIN in the artificial rhythm (with cues) in which he has enrolled. 9. The keystroke pattern is generated again and checked if its between the threshold values. If its found in the suitable threshold range then the user is authenticated or else authentication is rejected. 10. Stop Database and Software 1. Database containing the users enrolment and login information and his keystroke pattern 2. Platform- J2ME 3. Hardware- Multimedia Cell Phones supporting MIDP 2.0 4. Software-Emulator- Sun JAVA Wireless Toolkit 2.5.2

References
1. Keystrokes dynamics-based authentication for mobile devices, Seong-seob Hwang, Sungzoon Cho, Sunghoon Park Journal homepage: www.elsevier.com/locate/cose 2. Keystroke Dynamics as a Biometric for Authentication, Fabian Monrose, Aviel D. Rubin. 3. Keystroke Dynamics, P018 - term project, 2001, Petre Svenda, Masyark University

MINI PROJECT PROPOSAL

Submitted by:-

itin Singh (07BIT138) Prithumit Deb (07BIT157)

B-Tech Information Technology (C-Batch) Project Guide: - J. Gitanjali (Assistant Professor) Submitted on- 17.08.09 VIT University