Keystroke Biometrics Test Taker Keystroke Biometrics Test Taker Setup and Data CollectionSetup and Data Collection

Fall 2009Fall 2009

Team 4 Members

Sarika ChebiyamSarika Chebiyam Kurt DollerKurt Doller Smita RanjanSmita Ranjan Elyse Little-TorresElyse Little-Torres

Keystroke Biometric System: Background

Keystroke biometrics measure typing Keystroke biometrics measure typing characteristics unique to an individualcharacteristics unique to an individual

One application is the use to identify an One application is the use to identify an individual from keystroke patternindividual from keystroke pattern

A second application is to authenticate an A second application is to authenticate an individual shows you are who you say you individual shows you are who you say you areare

Pace exploring subject for 7 yearsPace exploring subject for 7 years

Test-Taker Setup and Data Collection Deliverables

Obtain keystroke data samples over weekly Obtain keystroke data samples over weekly interval using existing data collection interval using existing data collection methodmethod

Develop data collection method in stealth Develop data collection method in stealth modemode

Develop interface for professor to select Develop interface for professor to select course information and questions course information and questions

Project Work Done Redesign data collection tool in stealth modeRedesign data collection tool in stealth mode Designed and Built new Interface for ProfessorDesigned and Built new Interface for Professor Customized the existing test taker systemCustomized the existing test taker system Developed our team web pageDeveloped our team web page Data Collection – Request sample keystrokesData Collection – Request sample keystrokes Become familiar and utilize BAS system to process Become familiar and utilize BAS system to process

results results Enhanced the existing Test Takers InterfaceEnhanced the existing Test Takers Interface http://utopia.csis.pace.edu/cs691/2009-2010/team4/http://utopia.csis.pace.edu/cs691/2009-2010/team4/

team4/index.htmlteam4/index.html

System Overview DiagramSystem Overview Diagram

Professor's Interfacehttp://utopia.csis.pace.edu/cs691/2009-2010/team4/team4/2009/

ProfessorInterface/courseInfo.php

• Database Tables Created

• Course Information

• Student Information

• Test Questions entry

• Question Order Selection

Key Features

MySQL Tables Structure

course_id

students_info

course_questions

Professor's InterfaceCourse Information Screen

Professor Interface Student Information Form

Professor Interface Question Entry Form

Professor Interface Question Order Selection Form

Test Takers Interfacehttp://utopia.csis.pace.edu/cs691/2009-2010/team4/team4/2009/

Key Changes

• Compatible with Netscape and IE browsersCompatible with Netscape and IE browsers

• Checks for test-taker login authentication Checks for test-taker login authentication

• Error messages for Test-taker rejection Error messages for Test-taker rejection

• Test questions displayed one at a time in orderTest questions displayed one at a time in order

• Data capture in Stealth operationData capture in Stealth operation

• Ease of system portability for future workEase of system portability for future work

• Consolidated all Keystroke data file storage Consolidated all Keystroke data file storage

• Overall look and feel of the interfaceOverall look and feel of the interface

Test Taker Interface Welcome Screen

Test Taker InterfaceLogin Screen

Test Taker InterfaceKeyboard Selection

Test Taker AppletKey logging data visible

Test Taker Response Screen Applet in Stealth Mode

Test Taker Response ScreenMinimum Keystrokes Check

Raw Keystroke Data FilesKeystroke Logging Success

Authentication Test

To authenticate the user in an online test two types To authenticate the user in an online test two types of tests were performed.of tests were performed.

1.1. Within-Class TestWithin-Class Test

2.2. Between-Class TestBetween-Class Test

Within-Class Test

• The test file consists of two different feature The test file consists of two different feature vectors from the same individual. vectors from the same individual.

• The training file contains many feature vectors The training file contains many feature vectors from a variety of users but not the user being from a variety of users but not the user being authenticated. authenticated.

• The test resulted in a correct within-class match The test resulted in a correct within-class match (FRR=0/1 or 0% and Performance=1/1 or 100%). (FRR=0/1 or 0% and Performance=1/1 or 100%). And the same result was shown for kNN or 1, 3, And the same result was shown for kNN or 1, 3, 5,7, and 9.5,7, and 9.

Within-Class Free Laptop Test

Within-Class Free Desktop Test

Between-Class Test

• A between-class test is made by taking the A between-class test is made by taking the difference between two feature vectors -- one from difference between two feature vectors -- one from the impostor and one from the person the impostor the impostor and one from the person the impostor claims to be. claims to be.

• The training set consists of difference vectors.The training set consists of difference vectors.

• The test resulted in (FAR=0/1 or 0% and The test resulted in (FAR=0/1 or 0% and Performance=1/1 or 100%). The same result was Performance=1/1 or 100%). The same result was shown for kNN or 1, 3, 5,7, and 9.shown for kNN or 1, 3, 5,7, and 9.

Between-Class Free Laptop Test

Between-Class Free Desktop Test

Results

• For 10 separate within-class tests, we got an For 10 separate within-class tests, we got an average FRR and performance of, 10% and 90%.average FRR and performance of, 10% and 90%.

• For 10 separate between-class tests, we got an For 10 separate between-class tests, we got an average FAR and performance of, 20%average FAR and performance of, 20%and 80%.and 80%.

• We have now shown that the existing software We have now shown that the existing software will perform the one-student-at-a-time testing.will perform the one-student-at-a-time testing.

Future Work Investigate system for possible misuse by Investigate system for possible misuse by

attempting to mimic user keystrokesattempting to mimic user keystrokes Modify system to send keystroke data from Modify system to send keystroke data from

java applet during test for real time resultsjava applet during test for real time results Utilize a Linux server with SSH capability Utilize a Linux server with SSH capability

for a more developer friendly experiencefor a more developer friendly experience Off/On stealth mode from professor's Off/On stealth mode from professor's

interface with java scriptsinterface with java scripts

System Demonstration

• Project Webpage• Professor's Interface• Test Takers Interface

Thank You !

Questions?

Please email to schebiyam@gmail.com