Security and Usability: Designing Secure Systems That People Can Use

11.5. Privacy and Security Issues

If keystroke dynamics gain widespread acceptance, privacy and security issues must be evaluated carefully. Of concern are databases that maintain the keystroke timing patterns of users. With this information, attackers can subvert authentication systems that rely on keystroke biometrics.

If an attacker is able to obtain a particular user's keystroke timing profile, he may be able to guess which keys the user is typing simply by analyzing the timing of keystrokes. Such an attack may succeed against encrypted keystrokes as they are sent over a network, without ever needing to decrypt the data. For example, if it is known that the user spends 800 milliseconds typing the digraph io but usually spends around 1,400 milliseconds typing yr, an attacker can narrow the search space of plausible keystrokes, with the hope of finding an interpretation of the timings that results in a plausible original text. In 2001, researchers proved that this attack could work when they deciphered encrypted passwords sent through version 2 of the SSH protocol (used for remote access to computer terminals). Their technique allowed them to find the password an average of 50 times faster than brute force methods by utilizing a weakness in the protocol that allowed an attacker to determine precise timings for each keystroke and a database of user keystroke profiles.[31] Even when user-specific keystroke profiles are not available, generic keystroke profiles created from any representative population subset have been found to weaken security. In addition, the attacker may be able to employ this tactic with very low-tech meansfor example, by using a tape recorder to listen to the click-clack of a user typing at a keyboard.

[31] D. X. Song, D. Wagner, and X. Tian, "Timing Analysis of Keystrokes and Timing Attacks on SSH," Tenth USENIX Security Symposium (2001); http://www.usenix.org/events/sec01/song.html.

Systems that monitor typing patterns (see the earlier section, "Identification and Monitoring") must also guard against privacy breaches. If the monitoring process produces records, these records must be protected by both a policy regarding their use and a mechanism to prevent unauthorized access to the records. But such safeguards do not protect against covert monitoring and tracking of individuals, wherein a third party might secretly collect a keystroke profile from an unsuspecting user to monitor the user's activities in the future, or to subvert keystroke authentication systems by posing as the legitimate user with the collected biometrics. A governmental agency, for instance, could collect keystroke traces of targeted individuals from computer terminals in public libraries or at other official public kiosks. This data could be used to monitor and track an individual as he moves from one public system to the next. A private entity could do likewise from a private but publicly accessible system, such as an online registration application. Once an entity has a copy of a user's keystroke biometric, its ability to perform identity theft against other keystroke biometrics-enabled systems is greatly enhanced.

INTELLECTUAL PROPERTY AND THE CURRENT MARKET LANDSCAPE

The biometrics security market is expected to grow from $1 million in 2004 to $4.6 billion in 2008. So why have keystroke biometrics not become a booming part of this trend? Either current implementations do not meet performance and usability standards, or other factors, such as broad patent claims, have hindered commercial development of this technology.

For a technology that has made little progress outside the ivory tower, the field of keystroke patterns has a substantial body of patents covering every possible interpretation and incarnation as a product. At worst, these patents negatively impact academic research to improve viability of the biometrics. In 2001, one of the authors of this chapter was asked by one of the holders of these patents to cease and desist from making keystroke collection and classification tools available on the Internet. Undoubtedly, other researchers have encountered similar obstacles.

The first patent that actually defined typing patterns as a method was John D. Garcia's 1986 patent.[a] It describes a general method for verifying whether someone is part of a predetermined group using a similarity measure based on timing vectors. It also describes a "personal identification apparatus," covering possible input devices such as a typewriter keyboard, numerical keypad, or piano keyboard. Garcia describes both a method and an apparatus so that the interpretation of the invention is broad.

The 1989 James R. Young and Robert W. Hammon patent[b] forms the basis for claims protecting BioNet Systems' BioPassword.[c] This patent specifically targets computer keyboards, uses templates to classify users, and includes keystroke pressure measurement as a novel feature addition.

In 1996, the U.S. Patent Office granted Marcus E. Brown and Samuel J. Rogers a patent[d] that describes a number of improvements based on specific classifiers such as neural networks and Euclidean distance measures, and presents a method for purifying training data by discarding outlying input.

The most recent patent to be accepted in the area of typing patterns is the 2002 Zilberman patent.[e] Zilberman's improvements include a keyboard device that dispenses physical tokens as a unique key to access the system, a data matrix for storing timing characteristics, and an embedded microcontroller for authentication.

Whether seen as a device, an apparatus, a process, or a method, keystroke dynamics has clearly been well thought out by inventors positioning themselves for the crossing of this technology into the steadily growing information security market. The success of any commercial offering will either herald the acceptance of typing pattern authentication into the marketplace or signal the need for more research and better implementations.

[a] J. D. Garcia, "Personal identification apparatus," U.S. Patent 4,621,334 (1986).

[b] J. R. Young and R. W. Hammon, "Method and apparatus for verifying an individual's identity," U.S. Patent 4,805,222 (1989).

[c] BioNet Systems, LLC, "BiopasswordQuestions and Answers," Technical Report, 2002; http://www.biopassword.com/home/FAQs/BP_General_FAQs_112502.pdf.

[d] M. E. Brown and S. J. Rogers, "Method and apparatus for verification of a computer user's identification, based on keystroke characteristics." U.S. Patent, Washington, D.C., 1996. Patent Number 5,557,686.

[e] A. G. Zilberman, "Security method and apparatus employing authentication by keystroke dynamics." U.S. Patent, Washington, D.C., 2002. Patent Number 6,442,692.

Related

Категории