What is it about?
Account recovery is ubiquitous across web applications and it circumvents the main authentication process. Therefore, it deserves the same level of security as the user authentication process. A common simplistic procedure for account recovery requires that the user enters the same email used during registration, to which the password recovery link or a new username could be sent. An impostor With access to a user’s registration email and other credentials can trigger an account recovery session to take over the user’s account. To prevent such attacks, beyond validating the email or other credentials entered by the user, our proposed recovery method utilizes keystroke dynamics to further secure the account recovery mechanism. Keystroke dynamics is a type of behavioral biometrics that deals with the analysis of typing rhythm which can be used for authentication. We have used a new dataset with over 500,000 keystrokes collected from 44 students and staff of our University when they filled out a web form of seven fields. We evaluated the performance of five scoring algorithms on individual fields as well as feature-level fusion and weighted-score fusion. Our results outperform the state-of-the-art in both fixed-text and free-text keystroke dynamics. We achieved the best EER of 5.47% when using individual fields, 0% for feature-level fusion when five fields are combined, and 0% for weighted-score fusion when seven fields are combined. Previously, researchers have studied the application of short fixed text or long free-text keystroke dynamics for authentication. However, our work is in-between fixed text and free text and we would like to call it “medium-fixed text”.
Featured Image
Photo by Azamat E on Unsplash
Why is it important?
An impostor With access to a user’s registration email and other credentials can trigger an account recovery session to take over the user’s account. To prevent such attacks, beyond validating the email or other credentials entered by the user, our proposed recovery method utilizes keystroke dynamics to further secure the account recovery mechanism.
Perspectives
We have used a new dataset with over 500,000 keystrokes collected from 44 students and staff of our University when they filled out a web form of seven fields. We evaluated the performance of five scoring algorithms on individual fields as well as feature-level fusion and weighted-score fusion. Our results outperform the state-of-the-art in both fixed-text and free-text keystroke dynamics. We achieved the best EER of 5.47% when using individual fields, 0% for feature-level fusion when five fields are combined, and 0% for weighted-score fusion when seven fields are combined.
Ahmed Wahab
Clarkson University
Read the Original
This page is a summary of: Utilizing Keystroke Dynamics as Additional Security Measure to Protect Account Recovery Mechanism, January 2021, Scitepress,
DOI: 10.5220/0010191200330042.
You can read the full text:
Contributors
The following have contributed to this page
