Keystroke Dynamics: The Benefits of Behavioral Biometrics

Biometric Keystroke Dynamics

Keystroke dynamics is the detailed timing information which describes when each key was pressed and when it was released. This method is considered to be a “behavioral biometric” that measures an individuals’ manner and rhythm of typing and uses the data to create a template of the unique typing pattern.

The dwell time (amount of time the key is pressed) and the flight time (the time between keys being pressed) are processed by neural algorithms to create a template. The vibration information (the pressure associated with dwell time) can also be measured and used as the basis for authentication.

The techniques used for keystroke dynamics vary widely in power and sophistication, from statistical approaches to AI neural networks. A few of the areas that are measured when creating a keystroke dynamics template include:

1. Raw Speed Uncorrected for Errors
2. Seek-Times and Hold-Times
3. Characteristics of Letter Sequences
4. Characteristics of Common Errors
5. Substitutions, Reversals, and Drop-Outs

Admittedly, those of us that “hunt and peck” with two fingers while having a bite to eat during a phone conversation tend to be a nightmare for this technology.

Behavioral biometrics—which rely on what is referred to as a “confidence measurement”—are considered to be less reliable than physical biometrics which rely on a “pass/fail” measurement. However, there are many benefits to this method. Risk mitigation can be explicitly defined and thresholds adjusted at the level of an individual.

Additionally, keystroke dynamic data points can be collected continuously. Consider the following examples of how this method could be effectively implemented.

Example #01: PHYSICAL COERCION

An executive is forced to access a sensitive system at gunpoint and then steps away so the malicious actor can operate. Although the executive logged in the biometrics would indicate a different actors’ involvement afterward. This would be especially useful for a case in which a laptop was being used to access the network remotely.

Example #02: UNAUTHORIZED ACCESS

An administrator does not sign out of the system when leaving and an unauthorized actor accesses the computer. In another scenario, a privileged user signs on and allows a non-privileged user to access the system. Both scenarios may be considered violations of policy that result in a “teachable moment” or a job vacancy announcement.

Keystroke dynamics does have drawbacks as a persons’ typing varies substantially during the day and between days due to temporal changes, fatigue, emotions, and martinis imbibed at lunch meetings.

However, implemented as part of a multimodal biometric system that augments the measurement of physical characteristics, it can prove to be a very effective low-cost solution.

Michael I. Kaplan is the Director of Phase2 Advantage, a cybersecurity training and instructional design company based in Savannah, Georgia. He is also the Chairman of the Cyber Security Advisory Committee at Savannah Technical College. The publishing division of Phase2 Advantage creates cybersecurity textbooks and workbooks listed on Amazon, Ingram's VitalSource platform, and all major booksellers.

Michael's technical areas of specialization are Incident Response, Business Continuity / Disaster Response Planning, Information Security Management, and Digital / Network Forensics.

Feel free to contact Michael at michael.kaplan@phase2advantage.com.