Keystroke Dynamics: The Benefits of Behavioral Biometrics

Biometric Keystroke Dynamics

Keystroke dynamics is the detailed timing information which describes when each key was pressed and when it was released. This method is considered to be a “behavioral biometric” that measures an individuals’ manner and rhythm of typing and uses the data to create a template of the unique typing pattern.

The dwell time (amount of time the key is pressed) and the flight time (the time between keys being pressed) are processed by neural algorithms to create a template. The vibration information (the pressure associated with dwell time) can also be measured and used as the basis for authentication.

The techniques used for keystroke dynamics vary widely in power and sophistication, from statistical approaches to AI neural networks. A few of the areas that are measured when creating a keystroke dynamics template include:

1. Raw Speed Uncorrected for Errors
2. Seek-Times and Hold-Times
3. Characteristics of Letter Sequences
4. Characteristics of Common Errors
5. Substitutions, Reversals, and Drop-Outs

Admittedly, those of us that “hunt and peck” with two fingers while having a bite to eat during a phone conversation tend to be a nightmare for this technology.

Behavioral biometrics—which rely on what is referred to as a “confidence measurement”—are considered to be less reliable than physical biometrics which rely on a “pass/fail” measurement. However, there are many benefits to this method. Risk mitigation can be explicitly defined and thresholds adjusted at the level of an individual.

Additionally, keystroke dynamic data points can be collected continuously. Consider the following examples of how this method could be effectively implemented.

Example #01: PHYSICAL COERCION

An executive is forced to access a sensitive system at gunpoint and then steps away so the malicious actor can operate. Although the executive logged in the biometrics would indicate a different actors’ involvement afterward. This would be especially useful for a case in which a laptop was being used to access the network remotely.

Example #02: UNAUTHORIZED ACCESS

An administrator does not sign out of the system when leaving and an unauthorized actor accesses the computer. In another scenario, a privileged user signs on and allows a non-privileged user to access the system. Both scenarios may be considered violations of policy that result in a “teachable moment” or a job vacancy announcement.

Keystroke dynamics does have drawbacks as a persons’ typing varies substantially during the day and between days due to temporal changes, fatigue, emotions, and martinis imbibed at lunch meetings.

However, implemented as part of a multimodal biometric system that augments the measurement of physical characteristics, it can prove to be a very effective low-cost solution.

Michael I. Kaplan is the founder and CEO of Phase2 Advantage, and currently manages the Defensive Security initiatives of the company. He is a military veteran and a national advocate for the military affiliate community. After attending the U.S. Army’s Intelligence Center of Excellence at Fort Huachuca in Arizona in 1983, he attended the Defense Language Institute, Airborne School, several specialized Schools at FT. Bragg in North Carolina, and was assigned to the 11th Special Forces Group (AGR).

Michael was recruited in 1989 to Special Projects Group and served as an instructor and operator on a Federal International Fugitive Task Force (his FBI letters of reference can be viewed on his LinkedIn profile). He was responsible for supervising and training 325 agents who were responsible for more than 3,000 UFAP apprehensions in seven years. Michael left government service in 1994 to pursue a career in High-Threat Executive Protection as an instructor and operator, then founded Phase2 Advantage in 2014. His numerous Instructor firearm certifications are listed on the Phase2 Advantage website and LinkedIn.

Feel free to contact Michael at michael.kaplan@phase2advantage.com.