.
F U Z Z Y
L O G I C
Enhanced Password Authentication through Fuzzy Logic Willem G. de Ru and Jan H.P. Eloff Rand Afrikaans University
T
HE ROOT OF COMPUTER-SYSTEM security is the successful verification of the identity of a person or an entity wishing to use the system. Effective system administration, auditing, and efficient resource management all hinge on accurate user identification.1–3 Although a variety of authentication devices to verify a user’s identity are in use, password mechanisms have been and probably will remain the preferred method. Password authentication is an inexpensive, familiar paradigm that most operating systems support.3,4 Confidence in its ability to provide adequate authentication is, however, waning.4 This is largely due to the wrongful use of passwords by many users. Methods are needed, therefore, to extend and enhance the life of password techniques. We’ve developed a software methodology that improves security by using typing biometrics to reinforce password-authentication mechanisms. Typing biometrics is the analysis of a user’s keystroke patterns.4 Each user has a unique way of using the keyboard to enter a password; for example, each user types the characters that constitute the password at different speeds. Our methodology employs fuzzy logic to measure the user’s typing biometrics. This reinforcement is transparent—indiscernible to the users while they are entering the normal authentication 38
THE AUTHORS’ METHODOLOGY USES FUZZY LOGIC TO PERFORM TYPING BIOMETRICS—THE ANALYSIS OF A USER’S UNIQUE KEYSTROKE PATTERNS. THIS INEXPENSIVE SOFTWARE TECHNIQUE IMPROVES THE EFFECTIVENESS OF PASSWORDBASED COMPUTER SECURITY.
information (user ID and password). This methodology helps prevent the two main types of authentication errors: not giving access to legitimate users and giving access to impostors. (For more background on authentication and fuzzy logic, see the sidebars, “Getting to the truth” and “Fuzzy logic in brief.”)
Reinforced passwords In our approach, when a new user requests access to the computer system, or when an existing user’s password is to expire, the access-control system asks the user to type in the user ID and a new password. The system then asks the user to reenter the user ID and password to verify the previous inputs. Based on the typing patterns displayed on 0885-9000/97/$10.00 © 1997 IEEE
entering and reentering the information, the typing-biometrics methodology computes a typing template for the user. The accesscontrol system then saves the user’s identification with the associated template, along with the normal user ID and password pair. On subsequent attempts to access the system, the user goes through the normal password-authentication procedure—that is, entering the user ID and the password. At the same time, the system monitors the user’s typing patterns and computes a typing template based on the user ID and password just entered. It then compares this template with the template previously determined for this user. If the new password and typing template match those saved by the authentication mechanism, the system grants access to the user. If the password does not match, the norIEEE EXPERT
.
Getting to the truth Authentication techniques fall into three main categories.1,2 The first requires that the user possesses an object—for example, smart cards and magnetic-strip cards.3 The second entails that the user supplies specific information or answers questions. Passwords fall under this category.4 The third requires that the authentication device measures a physical characteristic of the person being verified.4,5 These techniques include biometrical mechanisms such as face recognition, fingerprints, voiceprints, retina scans, keystroke patterns, and signatures. In the strictest sense, biometrics refers to the application of a statistical analysis of biological data and phenomena. The security community, however, widely uses the term to describe technologies for personal-identity verification. Biometrical devices fall into two categories: those that use physical characteristics, such as fingerprints and hand geometry, and those that use behavioral characteristics, such as signature dynamics and keystroke dynamics. All authentication devices share the principal goal of preventing the two main types of errors: • •
Type I—Failing to correctly identify a legitimate user. Type II—Allowing access to an intruder.
Also, they all aim to avoid placing any extra burden on the users and to provide authentication at a reasonable cost.1,2,4 Each category has strengths and weaknesses. Authentication devices that require possession of an object provide a high level of security.3 However, they are susceptible to loss or theft; for example, magneticstrip cards can be copied relatively cheaply. Authentication devices that require users to supply specific information are the cheapest and the most widely used. However, they are extremely vulnerable to trial-and-error attacks, because users normally have difficulty choosing passwords that are memorable but difficult to guess. For example, the infamous Internet worm of 1989 used a widespread password dictionary to compromise the security of many network sites. Because devices that measure a physical characteristic—that is, biometrical techniques—use authentication information that cannot be forgotten or stolen, they seem a very attractive solution. However, their inability to eliminate Type I and Type II errors completely, combined with their expensive price tags, hampers their coming of age. All authentication devices are, in varying
degrees, susceptible to Type I and Type II errors. No control mechanism or security measure can provide wholly adequate security. It has been truly said that computer security should be composed of a combination of locks and control mechanisms.6 The most effective line of defense will, therefore, comprise a sequence of interrelated security mechanisms. In this manner, each vulnerability in a security function is countered by another security mechanism. The same rationale applies to authentication mechanisms. An approach that combines various authentication devices, while minimizing cost and the user’s burden, could limit the occurrence of Type I and II errors. Authentication would be optimized if the mechanisms were synergistically combined, so that the system is greater than the sum of its parts.
References 1. C.P. Pfleeger, Security in Computing, Prentice-Hall, Upper Saddle River, N.J., 1993. 2. J.C. Spender, “Identifying Computer Users with Authentication Devices (Tokens),” Computers & Security, Vol. 6, 1987, pp. 385–395. 3. A.P. Conn, J.H. Parodi, and M. Taylor, “The Place of Biometrics in a User Authentication Taxonomy,” Proc. 13th Nat’l Computer Security Conf., Nat’l Inst. Standards and Technology/Nat’l Computer Security Center, Gaithersburg, Md.,1990. 4. D.L. Jobusch and A.E. Oldehoeft, “A Survey of Password Mechanisms: Weaknesses and Potential Improvements, Part 1,” Computers & Security, Vol. 8, 1989, pp. 587–604. 5. W.G. de Ru and J.H.P. Eloff, “Improved Password Mechanisms through Expert System Technology,” Proc. Ninth Ann. Computer Security Applications Conf., IEEE Computer Society Press, Los Alamitos, Calif., 1993, pp. 272–280. 6. D. Russell and G.T. Gangemi, Sr., Computer Security Basics, O’Reilly and Associates, Sebastopol, Calif., 1991.
Fuzzy logic in brief
mal password-authentication mechanism, without consulting the biometrics component, will reject the user or ask the user to reenter the authentication information. If the password does match, the biometrics component will provide a supporting recommendation that verifies that the user is legitimate. If the user ID and password are correct, but the new typing template does not match the reference template, the security system has several options, which we’ll discuss later. A typical scenario might be that the typingbiometrics system advises a security or network administrator that the typing pattern for a newly entered user ID and password is not what the system expected it to be and that a security breach might be possible. The security administrator then closely monitors the session to ensure that the user does nothing he or she is not authorized to do. NOVEMBER/DECEMBER 1997
Fuzzy logic uses multivalued logic to model problems that deal with ambiguous data.1–3 It is a generalization of the traditional bivalent logic, which states that any premise can be either true or false, but not both. The statement, “The time interval between typing two successive password characters is very short,” is ambiguous, because where can the line for “very short” be drawn? Fuzzy logic holds that everything is a matter of degree; for example, the typing speed between typing two successive password characters might belong 90% to the set of short typing intervals. Commercially available equipment using fuzzy logic is proliferating tremendously.2,4 Fuzzy logic is being applied in many and varied fields, from mission-critical train control, in which many lives are at stake, to the rather mundane control of a washing machine.
References 1. B. Kosko, Neural Networks and Fuzzy Systems, Prentice-Hall, Upper Saddle River, N.J., 1992. 2. B. Kosko, Fuzzy Thinking: The New Science of Fuzzy Logic, Hyperion Press, Westport, Conn., 1993. 3. L.A. Zadeh, “Fuzzy Sets,” Information and Control, Vol. 8, 1965, pp. 338–353. 4. D. McNeil and P. Freiberger, Fuzzy Logic, Touchstone, Simon & Schuster, Old Tappan, N.J., 1994.
39
.
Conventional password mechanism
Supporting typing-biometrics mechanism implemented without the user's knowledge
Begin
User inputs user ID
No Maximum number of attempts to correctly enter password exceeded?
No Monitoring of patterns
User inputs password
Computing of typing template
No
(User ID, password) pair matches?
Yes
(User ID, typing-index template) pair matches?
Maximum number of attempts to display correct typing patterns exceeded?
No
Yes Permits access to system
Figure 1. Reinforced password authentication with typing biometrics.
Rule 1: If the time interval is somewhat short, then the category is low. Rule 2: If the time interval is moderately short, then the category is medium. Rule 3: If the time interval is short, then the category is high. Rule 4: If the time interval is very short, then the category is very high. Rule 5: If the typing difficulty is high, then the category is high.
Figure 2. Rules stating the relationships between inputs and outputs.
Figure 1 illustrates the basic process. Next, we’ll examine the details. System output. Because our methodology aims to categorize uniquely each user’s typing patterns, the output will be the categorization of these patterns. This categorization, along with a password, will be the differentiating criterion for identifying the user. System inputs. Our typing-biometrics methodology uses two inputs to categorize a user’s keystroke patterns. First, it uses the time intervals between successive characters created by users while typing a known sequence of characters—that is, the user ID and password.5 Secondly, it uses the typing difficulty of successive characters. Research on typing 40
patterns suggests that certain key combinations on a conventional typewriter or computer keyboard are more difficult than others.6 We use two criteria to determine typing difficulty. The first is the number of keys on the keyboard separating the successive characters entered by the user. The second is whether the character was created with key combinations; for example, typing a capitalized character normally entails pressing two keys simultaneously. For example, suppose that the user enters “Jack” as his user ID and “BeaN” as his password. The first input—the time interval— entails the time between the letter pairs (J, a), (a, c), (c, k), (k, “Enter”), (“Enter”, B), (B, e), (e, a), and (a, N), measured in clock cycles. For the second input, for instance, the
letter pair (a, N) will yield a typing difficulty of 10. Five keys separate the “a” and the “N” on the keyboard, causing an initial difficulty of 5. The “n” was typed in combination with the “Shift” key to produce a capital “N,” thereby increasing the difficulty by 5. (We increased the difficulty by 5 for simplicity’s sake; the value can easily be adjusted to finetune the results.) Associating the inputs with the output. Even though a close correlation exists between the inputs and the output, that correlation is vague or fuzzy. Therefore, crisply quantifying the inputs’effect on the output is difficult. However, we can express these relationships vaguely in linguistic terms. For example, we can say that, if the time interval is very slow and the user ID and password are not difficult to type, the user must be categorized as typing poorly. The linguistic expressions represent subsets of the inputs and output; for example, “not difficult” could be a subset of the complete set of typing difficulties. To be able to relate the inputs to the output, therefore, we must define subsets for each input and for the output. Different subsets are possible for each input or the output. The time interval between successive characters might be somewhat short for a user not acquainted with a computer keyboard, or very short for an experienced user. Our typing-biometrics methodology uses these sets: somewhat short, moderately short, short, and very short. Experimentation has shown that the typing difficulty is less influential than the time interval. So, we use only one subset for typing difficulty: high. Regarding the output, the categorization might be low for typing patterns displayed by an inexperienced user or very high for patterns displayed by an experienced user. We use these sets: low, medium, high, and very high. Using these subsets, we express the relationships between the inputs and output as the rules shown in Figure 2. Relating precise values to fuzzy sets. Although we can express the relationships between the inputs and the output in linguistic terms, the inputs themselves are precise, albeit not always the same. For example, the time interval for a user who types the letter pair (J, a) might be 6,000 or 6,019 clock cycles. These values are precise, even if they aren’t identical. IEEE EXPERT
.
1
To be able to use the linguistic rules, we need to relate these precise values to linguistic sets. To do this, we use membership functions. Figure 3 illustrates the membership functions for the time interval, typing difficulty, and categorization. A membership function is the degree to which a specific, precise value belongs to a set.7–9 For example, in Figure 3a, a time interval of 38,000 clock cycles belongs 20% to short and 85% to moderately short. Similarly, in Figure 3b, a typing difficulty of 10 belongs 68% to high. As these examples show, a value can simultaneously belong to more than one set. We’ll demonstrate that this feature of fuzzy logic harmonizes all the obtained inputs, even if these inputs were not exactly the same for each authentication session, to produce a unique categorization. To determine the size and range of values over which to map the fuzzy sets, we examined different ranges in repeated trials of the prototype. We chose those ranges that produced the most stable results. Categorization. During evaluation of a user’s keystroke patterns, the time-interval and typing-difficulty values cause the typing-biometrics methodology to activate (fire) certain rules. For example, input values that fall in short will activate Rule 3, because Rule 3 states that if the time interval is short, the category is high. Because an input value can simultaneously belong to more than one set, rules can activate simultaneously in a fuzzy system.7,8 An example will best illustrate how our methodology achieves inferencing. Suppose the user enters the character pair (a, N), which yields a time interval of 38,000 clock cycles and a typing difficulty of 10. Figures 3a and b indicate to which fuzzy sets these input values belong. As we mentioned earlier, 38,000 clock cycles belongs to short and moderately short, and the typing difficulty of 10 belongs to high. Therefore, these statements hold: the time interval is short and moderately short, and the typing difficulty is high. This causes Rules 2, 3, and 5 in Figure 2 to fire. Because the input values only partially belong to the sets, the rules must fire only partially. Figure 4 illustrates how our methodology uses these rules to achieve categorization. The figure shows only the specific sets involved in each rule. The vertical lines represent the crisp input values—that is, the 38,000-clock-cycle time interval and the typNOVEMBER/DECEMBER 1997
Very short
Short
Moderately short
Somewhat short
85%
20% 0
10,000 20,000 30,000
(a)
40,000 50,000 60,000 Time interval (clock cycles)
70,000 80,000 90,000
1
High
68%
0
1
2
3
4
(b) 1
0 (c)
6
7 8 9 Typing difficulty
Medium
Low
100
5
200
300
400
10
11
13
14
15
Very high
High
500 600 Categorization
12
700
800
900
1,000
Figure 3. Membership functions for the two inputs and the output: (a) time interval; (b) typing difficulty; (c) categorization.
ing difficulty of 10. All three rules fire in parallel. For Rule 2, the vertical line indicates a membership of 85% in the moderately short time interval. This rule therefore recommends a medium categorization to a degree of 85%. For Rule 3, the vertical line indicates a membership of 20% in the short time interval. This rule therefore recommends a high categorization to a degree of 20%. For Rule 5, the vertical line indicates a membership of 68%. This rule therefore recommends a high categorization to a degree of 68%. Our methodology computes a typingtemplate element for each character pair by adding up the recommendations of all the
rules that have fired for that pair.9 To do this, it truncates the categorization triangles at the recommendation level, as is normally done in fuzzy logic applications (see the top three sections of Figure 5).9 It then superimposes the resultant trapezoids over each other to create a new geometrical shape, such as the shaded area at the bottom of Figure 5. The methodology then resolves these added-up recommendations into a crisp, quantifiable value. Different methods exist in fuzzy logic theory to achieve this.7–9 The most common method uses the shape’s center of gravity. This value is crisp and yields a numeric categorization—that is, an individual component of the typing template. In Figure 5, for 41
.
Then
Moderately short
Medium
Rule 2
100 200 300 400 Categorization
20,000 30,000 40,000 50,000 60,000 70,000 Time interval
Short
Then
500
600
900
1,000
High
Rule 3
10,000 20,000 30,000 40,000 Typing difficulty
400
500
600 700 800 Categorization
1 High
Very high
Rule 5
0
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 Typing difficulty
700 800 900 1,000 Categorization
Figure 4. Firing the fuzzy rules.
instance, the center of gravity is 56, which will constitute the typing-template value for this character pair (a, N). Every character pair in the authentication string goes through this procedure, which produces a typing template in the format (t1, t2, t3, t4, …, tn), where ti, 1 ≤ i ≤ n, are the individual template values. The variable n is equal to the number of time intervals that have been sampled for the authentication string and therefore to that string’s number of characters. The methodology then compares the newly computed typing template with a saved typing template, using this fuzzy rule: If (t1 is around T1) and (t2 is around T2) and … (tn is around Tn), then the pattern (t1, t2, …, tn) belongs to User X, where (t1, t2, …, tn) is the newly computed typing template and (T1, T2, …, Tn) is the saved typing template. The methodology creates fuzzy sets of the saved typing template values and then determines the degree of membership of the newly generated typing values in these fuzzy sets. 42
Finally, and operators consolidate the degrees of membership into a single value that indicates the degree to which the newly created template successfully matches the saved template. For example, suppose that the saved template for a specific user consists of the values (135, 362, 617, 904), and that the newly generated typing template consists of the values (151, 351, 597, 892). The methodology must determine whether or not these two templates match. This, therefore, entails the evaluation of this if statement: If (151 is around 135) and (351 is around 362) and (563 is around 617) and (846 is around 904), then the pattern (151, 351, 597, 892) belongs to Jack. Figure 6 shows the fuzzy sets that were created from the saved typing template, as well as the degree to which the saved typingtemplate values belong to these sets. Values inclining toward 1 on the vertical axis indicate a good match, and values inclining toward 0 on the vertical axis indicate a poor
match. This leaves four membership values (0.67, 0.81, 0.98, and 0.98), which must be consolidated using an and operator to obtain a value that lies between 0 and 1. Normally, the fuzzy logic and operator takes the minimum value of all the membership values.9 For the example in Figure 6, this tactic will produce a value of 0.67. Experimentation has shown that the minimum value often does not truly reflect the degree to which the saved template matches the newly generated template. So, our methodology uses a type of meanand operator,10 which takes the weighted average of the membership values. This will produce a value of 0.86 for the example in Figure 6, which better reflects the degree to which the patterns match. The closer the consolidated value is to 1, the better the match between the saved template and the newly generated template, and therefore the more confidence the methodology has that a user is who he or she claims to be. The initial prototype added all the recommendations of all the rules for all the character pairs onto the same resultant fuzzy set, eventually to produce only one categorization value. Experimentation with the prototype, however, indicated that this resultant fuzzy set became saturated and that the eventual categorization was not as unique as is desired in an authentication environment.
Prototype evaluation The prototype system has gone through several developmental stages. Initially, we used approximately 20 fuzzy rules. Tests on the system showed that the typing difficulty did not influence the categorization as significantly as did the time interval. So, we reduced the number of fuzzy rules to the five mentioned in this article. The reduced rule set also simplified fine-tuning of the system. The initial C++ programming environment we used to develop the prototype system could only produce time intervals measured in hundreds of seconds. This arrangement proved inadequate to measure the minute differences between the various users’ typing patterns. So, the current prototype employs inline assembler code to produce the time intervals measured in clock cycles, which have proven to be far more accurate, thereby improving the system’s performance. Experiments on the prototype showed that we needed to ensure that the system acts less fuzzy for shorter typing intervals, because IEEE EXPERT
.
Medium
unique typing patterns are much less discernible for users who display proficient typing patterns. The shorter the typing intervals became for a user, the more consistent (and therefore less fuzzy) the patterns became. Initially, the prototype assumed that a user’s typing undergoes a gradual learning curve. So, it adjusted the reference typing template for a user when the newly displayed pattern closely resembled the previously saved template. It did this because it assumed that the user was the legitimate user and that his or her reference typing template had to be adjusted to reflect the new typing pattern. When the newly typed pattern substantially deviated from the saved template, the system assumed that the user was an impostor, and did not adjust the saved template. One fact, however, soon became clear: simultaneously matching patterns and learning new patterns is very difficult, if not impossible. So, the prototype system now separates learning and matching. When a user registers new authentication information by entering the user ID and password, the system monitors when the user’s pattern stabilizes into a recognizable pattern. The user must therefore repeatedly enter the user ID and password until the pattern becomes recognizable. The prototype achieves this by monitoring when two subsequent typing patterns for a user correspond. The number of retries before the pattern stabilizes varies from two to 10. We’ve found that a user’s typing pattern changes as his or her fingers become accustomed to the keys of the authentication string being entered. The more a user enters the same
Recommendation 1
100 200
300
400
600 700 800 900 1,000 500 Categorization
High
Recommendation 2
100
200 300 400
500
600
700
800
900
1,000
Very high
Recommendation n
100 200 300
400
500
600
700
800
900
1,000
Center of gravity
100
200
300
400
Figure 5. Relating all recommendations to a crisp answer. The typing-biometrics methodology truncates the categorization triangles in the top three sections at the recommendation level, creating the shaded trapezoids. It then combines these trapezoids to form the new shape in the bottom section, and calculates the shape’s center of gravity to determine a crisp value.
500
600 700 800 900
Fuzzy set around 135
1,000
Fuzzy set around 362
Fuzzy set around 617
Fuzzy set around 904
0.98 0.81
0.67
Figure 6. The fuzzy sets created from a saved typing template. The horizontal lines indicate the degree to which the saved typing-template values (shown in the boxes) belong to these sets. NOVEMBER/DECEMBER 1997
0
100 151
200
300
400 351
500
600 563
700
800
900
1,000
846
43
.
Verifying typing-biometrics authentication To determine the efficiency of our typing-biometrics authentication system, we performed an experiment designed to answer these questions: • •
How successfully does the system confirm that a user is really who he or she claims to be? How successfully does the system identify an impostor?
The experiment
between the illegitimate user’s and the legitimate user’s typing pattern (the lower the rate, the better the system’s performance). Our study focused on how to improve results by optimizing the methodology itself, not by optimizing the use of the methodology. So, we did not empirically determine which types of passwords and user IDs work best or worst. However, password and user ID strings with normal “English-like” text seemed less discernible from each other than, for example, strings combining special characters (such as &, %, @, or !) with normal alphabet characters. Once a user’s fingers become accustomed to typing a specific string, differentiating between users’ typing patterns is more difficult. For normal English-like text, users’ fingers become accustomed faster than for strings combining special characters with normal alphabet characters.
Initially, each user had to register as a legitimate user by entering his or her user ID and password information in the experimental system. We requested that the users enter passwords of eight or more digits, combining special, uppercase, and lowercase characters. (The system did not check whether the passwords met these requirements.) We found that a user’s initial typing pattern is very fuzzy and different for each login attempt (especially when the Table A. The performance of the typing-biometrics authentication system. typed text is unusual, such as Not4Sale2U). For the prototype to be effective, it had to obtain a typing template, for referUSER ID PASSWORD SUCCESSFULLY IDENTIFIED FAILED TO DETECT ence purposes, that truly reflected the user’s typing pattern. LEGITIMATE USER (%) IMPOSTOR (%) So, the system repeatedly asked for the authentication information until a user’s typing stabilized into a recognizable pattern. (If users extensively edited the information with the backspace key, patterns were difficult to categorize. Pressing the backspace key only once or twice, however, did not alter a pattern such that it could not be recognized.) After the users had been added to the system, we attempted to answer the first question. We therefore required the users to enter their authentication information 25 times in a session that simulated an actual login environment. Each session was similar to this:
Enter user name: hun Enter password: ************ We then attempted to answer the second question. We had each user type in another user’s authentication information. The experiment repeated this procedure 25 times.
The results Table A shows the authentication information and the authentication system’s performance. The third column shows the extent to which the system successfully identified a legitimate user’s typing patterns as belonging to that user. The last column shows the extent to which an impostor’s attempts to impersonate that user was successful. Therefore, it shows the degree to which the system failed to differentiate
authentication information, the less fuzzy the typing patterns become. So, the prototype now decreases the fuzziness of the pattern matching when a specific password gets used frequently. Research results from our prototype (see the sidebar, “Verifying typing-biometrics authentication”) show that the system can accurately identify legitimate and illegitimate users. Various circumstances, however, might impede its accuracy. For example, a user 44
aal ajs alla ben bvark deru ema gavin gvdm jaco jep jjp jma kkn lcjd llr lvr mbes mdr nan nico oaw pme sarel Space wcv wil wim wjlp
Pulling$tring$ gnihsinav Neural#Network Fich&Chips Millionaire$ EncounterS Algorithm$ Maverick0 NaPoleon TimeLord Foot&Ball* Commun!cations Hard+Ware String:Array Allan Turing! Turbo+Reset Not4Sale2U #Digital# DCDCconverter MenWhoWin Spacem@n Insider?Info Cydoni@n Tuyn7Huis Bubblemania Person@lity Spitz&Koppe FireWork$ DoNetTell!
might have to answer the phone while he or she is entering authentication information; a user’s hand or hands might be injured; even the user’s emotional state might influence how he or she enters authentication information. That’s one reason why the typing-biometrics system functions in conjunction with a conventional password mechanism. That way, the authentication system’s security does not rely solely on the typing biometrics.
94 95 87 91 100 100 81 90 100 96 92 72 87 100 93 100 91 87 100 100 90 85 90 80 100 95 100 100 90
0 0 0 0 0 0 15 0 0 4 8 0 5 0 0 0 0 5 4 0 0 5 4 9 0 13 9 0 0
Advantages The synergistic reinforcement of password mechanisms with typing biometrics can only improve authentication. The methodology has these inherent advantages: • Because the methodology does not require expensive hardware, costs are manageable. IEEE EXPERT
.
How to Reach Us • A password obtained by an impostor does not necessarily mean that the impostor can access the system. • A user’s typing biometrics cannot be lost, stolen, or lent. • An impostor cannot obtain a user’s typing biometrics by peeking at the user’s typing. • The methodology’s integration into security systems will be smooth, because it works in conjunction with current password mechanisms. Because the methodology is software- and not hardwaredriven, the possibility of integration increases further. • The technique can be used to validate a user trying to gain access from any site or system, not only those sites trusted by the system or those equipped with special hardware. • The methodology effectively renders trial-and-error password attacks obsolete. The rejection of a password during system logon does not necessarily provide information pertaining to the correctness of the password string. • Throughout the session, the typingbiometrics mechanism can monitor the user’s keystrokes to ensure that the user that initiated the session is the same person still using the system.
O
UR RESULTS ARE ONLY A FIRST attempt to reinforce passwords with fuzzy logic-based typing biometrics; further research is necessary. First, the access-control system’s reliance on the recommendation of the typingbiometrics component needs investigation. For example, if the methodology reveals a typing-template mismatch, should the system
the correct use of authentication mechanisms. Security concerns both implementers and users.
References 1. D.L. Jobusch and A.E. Oldehoeft, “A Survey of Password Mechanisms: Weaknesses and Potential Improvements, Part 1,” Computers & Security, Vol. 8, 1989, pp. 587–604. 2. C.P. Pfleeger, Security in Computing, Prentice-Hall, Upper Saddle River, N.J., 1993. 3. J.C. Spender, “Identifying Computer Users with Authentication Devices (Tokens),” Computers & Security, Vol. 6, 1987, pp. 385–395. 4. A.P. Conn, J.H. Parodi, and M. Taylor, “The Place of Biometrics in a User Authentication Taxonomy,” Proc. 13th Nat’l Computer Security Conf., Nat’l Inst. Standards and Technology/Nat’l Computer Security Center, Gaithersburg, Md.,1990. 5. M.S. Obaidat, “A Methodology for Improving Computer Access Security,” Computers & Security, Vol. 12, 1993, pp. 657–662. 6. J.W. West, The Acquisition of Typewriting Skill, Pitman Publishers, Marshfield, Mass., 1969. 7. B. Kosko, Neural Networks and Fuzzy Systems, Prentice-Hall, 1992. 8. B. Kosko, Fuzzy Thinking: The New Science of Fuzzy Logic, Hyperion Press, Westport, Conn., 1993. 9. D. McNeil and P. Freiberger, Fuzzy Logic, Touchstone, Simon & Schuster, Old Tappan, N.J., 1994. 10. E. Cox, The Fuzzy Systems Handbook, Academic Press, San Diego, Calif., 1994.
• deny the user access; • allow access, but notify the security administrator; or • require the user to reenter the authentication information?
Willem G. de Ru is a software engineer with Dynamic Computer Encounters, in Johannesburg, South Africa. His research interests include developing custom-made client-server systems and using AI for information security. He received his BSc and MSc in computer science from Rand Afrikaans University, where he is working toward a PhD in computer science. Contact him at PO Box 269, Auckland Park 2006, South Africa; willem@ dce.co.za.
Second, neural networks, combined with fuzzy logic, could increase the system’s ability to learn a user’s keystroke patterns. As we mentioned, simultaneously matching patterns and learning is difficult. Neural networks might help overcome this limitation. The techniques we’ve outlined must never be used to replace the education of users in
Jan H.P. Eloff is a professor in computer science at Rand Afrikaans University in South Africa. His research interest is in information security. He has a PhD in information security (computer science) from Rand Afrikaans University. He chairs the Information Security Special Interest Group in South Africa and the International Workgroup on Small Systems Security. Contact him at the Dept. of Computer Science, Rand Afrikaans Univ., PO Box 524, Auckland Park 2006, South Africa;
NOVEMBER/DECEMBER 1997
[email protected]; http://www.rau.ac.za/ifip.
Writers For detailed information on submitting articles, write for our Editorial Guidelines (
[email protected]), or access http://computer.org/intelligent/ edguide.htm. Letters to the Editor Send letters to Managing Editor IEEE Intelligent Systems 10662 Los Vaqueros Circle Los Alamitos, CA 90720 Please provide an e-mail address or daytime phone number with your letter.
On the Web Access http://computer.org/intelligent/ for information about IEEE Intelligent Systems. Subscription Change of Address Send change-of-address requests for magazine subscriptions to
[email protected]. Be sure to specify Intelligent Systems. Membership Change of Address Send change-of-address requests for the membership directory to
[email protected]. Missing or Damaged Copies If you are missing an issue or you received a damaged copy, contact
[email protected]. Reprints of Articles For price information or to order reprints, send e-mail to
[email protected] or fax (714) 821-4010. Reprint Permission To obtain permission to reprint an article, contact William Hagen, IEEE Copyrights and Trademarks Manager, at
[email protected]. IEEE EXPERT
INTELLIGENT SYSTEMS & THEIR APPLICATIONS
