Keystroke dynamics authentication for mobile phones

Keystroke Dynamics Authentication for Mobile Phones Emanuele Maiorana, Patrizio Campisi, Noelia González-Carballo, Alessandro Neri Dip. Elettronica Applicata, Universit` a degli Studi “Roma Tre”, Via della Vasca Navale 84, I-00146 Roma, Italy {maiorana,campisi,neri}@uniroma3.it

ABSTRACT

recognition strategy. A biometric based recognition system relies on the use of attributes derived from physiological (fingerprint, face, iris, etc.) or behavioral (voice, signature, etc.) characteristics of the user himself to perform recognition. Therefore such data are much more difficult to be forgotten, lost, stolen, copied or forged than traditional identifiers like PINs or tokens. Face and fingerprints are examples of biometric data already proposed to offer highly secure access control on smartphones [3], [4]. Also iris recognition has been employed for the security of mobile phones, as in [5]. In order to perform biometric recognition according to these modalities, an extra device has to be normally integrated into a mobile phone not already equipped with a finger scanner or an infrared camera, thus increasing the overall hardware costs. Moreover, users tend to be reluctant to provide biometrics such as fingerprints or irises, especially when the need for security is not significantly felt, and the use of biometrics like face or iris requires large memory volumes and computing power. Keystroke dynamics verification is based on how a user types at a terminal equipped with a keyboard, which may belong to a personal computer, or be a generic interface equipped with keys which can be pressed [6], [7], [8], [9]. With respect to biometric modalities such as fingerprints, or iris, keystroke dynamics allows performing recognition on mobile devices without requiring any additional dedicated hardware. Moreover, it may require limited storage and computational resources, and its users’ acceptability is very high. Keystroke authentication can be classified as either static or continuous. The first refers to keystroke analysis performed only at specific times, for example during a login process, while the analysis of the typing rhythm is performed continuously during a whole session when the latter is applied, thus providing a tool to also detect user substitution after a successful login. [8]. The effectiveness of keystroke dynamics as an authentication characteristic for traditional computer keyboards has been deeply investigated [10], [11], [12]. However, a comparable effort has not been devoted yet to applications dealing with keypads used in mobile handsets or in ATMs. Some preliminary studies have been performed in [13] where a traditional keyboard is substituted by four pairs of IR transmitters and receivers. A biometric verification system tailored to ATM user authentication was proposed in [14], where keystroke motion is analyzed when typing a four-digit PIN code. Moreover, a keystroke verification system based on numeric-pad inputs has been proposed

In this paper we discuss the feasibility of employing keystroke dynamics to perform user verification on mobile phones. Specifically, after having introduced a new statistical classifier, we analyze the discriminative capabilities of the features extracted from the acquired patterns, in order to determine which ones guarantee the best authentication performances. The effectiveness of using template selection techniques for keystroke verification is also investigated. The obtained experimental results indicate that the proposed method can be effectively employed to authenticate mobile phones users, even in operational contexts where the number of enrollment acquisition is kept low.

Keywords biometrics, keystroke dynamics, mobile phones, template selection

1. INTRODUCTION Thanks to the huge developments in wireless networks witnessed in the last decade, and to the parallel decrease of both connection prices and devices costs, cellular phones and personal digital assistants (PDA) are nowadays used by billions of people for many different applications, ranging from multimedia messaging to financial transactions. However, the vast majority of currently available mobile devices still uses weak authentication mechanisms based on passwords or PINs, which do not ensure an appropriate security level for the access to the stored information and to the available services. It is worth pointing out that the need of guaranteeing secure data access represents an issue of paramount importance especially when dealing with mobile devices, which may be easily lost or stolen because of their small sizes, and which are often lent to other people, being thus exposed to possible surreptitious uses [1]. In order to improve the security of mobile devices, the use of biometrics [2] has been recently proposed as automatic

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. SAC’11 March 21-25, 2011, TaiChung, Taiwan. Copyright 2011 ACM 978-1-4503-0113-8/11/03 ...$10.00.

21

in [15]. The different layout, the use of smaller keys, the keys shape and the key response to the applied pressure make the keystroke analysis for mobile handset keypads significantly different from the one performed over traditional keyboards. The feasibility of applying keystroke dynamics verification to mobile devices has been first analyzed in [16] with a neural networks-based approach, which has been further extended in [17] by analyzing the feed-forward multi-layered perceptron network, the radial basis function network and the generalized regression neural network. However, mobile devises may lack the computing power necessary to employ a neural network-based processing on the device itself [18]. In such cases, it would be preferable to resort to statistical classifiers like the one proposed in [19]. A user-dependent statistical classifier, able to perform matching with low computational complexity and execution time, has also been proposed by the authors in [20]. Moreover, the use of artificial rhythms to improve authentication performance has been discussed in [21], while the use of pressure information, derived from the pressed area for keystrokes’ acquisition in devices equipped with touch screens, has been exploited in [22]. In this paper we focus on keystroke biometrics within the framework of secure user authentication using mobile devices. Specifically, we propose a statistical approach able to guarantee good verification rates when the number of enrollment acquisitions is low, which represents a common practical operational scenario. We also provide an analysis on the discriminative capabilities of the features usually extracted from a keystroke dynamics acquisition. Moreover, the application of template selection methods to keystroke recognition on mobile handsets is also investigated. The proposed approach for keystroke dynamics verification is presented in Section 2. Specifically, Section 2.1 illustrates the enrollment procedure, while the considered template selection methods are outlined in Section 2.2. Section 2.3 then details the authentication phase of the proposed approach. The experimental results are presented in Section 3, while conclusions are eventually drawn in Section 4.

Figure 1: Keystroke dynamics events. • time interval between the release of the i-th key and the stroke of the successive key, namely f RP (i); f RP = [f RP (1), f RP (2), · · · , f RP (K − 1)],

• time interval between the release of the i-th key and the release of the successive key f RR (i). f RR = [f RR (1), f RR (2), · · · , f RR (K − 1)].

2.1

Enrollment

In the enrollment phase, a number E of keystroke dynamδ ics are acquired for each user u. Let us indicate with fu,e the δ-feature vector derived from the e-th acquisition of user u. The enrolled acquisitions are then pairwise compared beδ δ tween them, by computing the distances D(fu,e , fu,i ), with {e, i} = 1, 2, . . . , E, for each feature δ ∈ ∆. The employed distance D(·, ·) has to be normalized with respect to the length of the considered vectors. As it will be outlined in Section 3, we have considered two possible definitions for the distance scores D(·, ·). The first one is the Manhattan (or L1) distance DL1 (·, ·)

In this section, the proposed keystroke-based recognition system, tailored to cellular phones, is illustrated. The approach relies on the analysis of keystroke dynamics referred to static text input using mobile phone keypads. Specifically, it is assumed that the timestamps generated by the mobile phone, and related to press and release events of a key, can be acquired and processed. With reference to Figure 1, where “P” represents a press event and “R” represents a release event, the following feature vectors, representing latency intervals, can be derived from any acquisition consisting of K pressed keys:

 K  1∑ δ δ  |fu,e (k) − fu,i (k)|, δ = P R,   K k=1 δ δ DL1 (fu,e , fu,i )= K−1    1 ∑ δ δ  |fu,e (k) − fu,i (k)|, δ=P P, RP, RR,  K − 1 k=1 (5) and the second one is the Euclidean (or L2) distance DL2 (·, ·)

• time interval between the stroke of the i-th key and the release of the same key, namely f P R (i);

 K  1∑ δ  δ  [fu,e (k) − fu,i (k)]2 , δ = P R,   K k=1 δ δ DL2 (fu,e , fu,i )= K−1    1 ∑ δ δ  [fu,e (k) − fu,i (k)]2 , δ=P P, RP, RR.  K − 1 k=1 (6)

(1)

• time interval between the stroke of the i-th key and the stroke of the successive key, namely f P P (i); f P P = [f P P (1), f P P (2), · · · , f P P (K − 1)],

(4)

As it will be shown in Section 3, the features listed in (1)(4) are characterized by different discriminative capabilities. A discussion will be provided in Section 3. In the proposed method, each acquired dynamics is therefore represented through a set of feature vectors f δ , with δ ∈ ∆ ⊆ {P R, P P, RP, RR}, where ∆ is a subset of {P R, P P, RP, RR}, containing only those features which guarantee the best verification performances.

2. PROPOSED APPROACH

f P R = [f P R (1), f P R (2), · · · , f P R (K)],

(3)

(2)

22

templates and the set of the N − E non employed acquisitions. Also in this case, the samples having maximum match scores with the left acquisition are considered to be the most representative. As it will be shown in Section 3, we have proposed a modification of both the MDIST and the GMMS algorithm to obtain significative results for keystroke dynamics. Eventually, we also consider two different clustering algorithms to perform biometric template selection. The first one is the agglomerative complete link clustering approach, employed in the DEND method in [23] to select the E prototypes which better represent the variability observed in a user’s data. As described in [23], this algorithm can be prone to the selection of outliers, if present in the original set of acquisitions. Also the fuzzy C-means clustering algorithm [25], employed in [26] to perform template selection for signature biometrics, is here investigated with application to keystroke analysis.

In order to characterize the keystroke variability of each user, the following statistics can be evaluated for each latency feature δ ∈ ∆: • M INuδ : mean value of the distances of each enrollment acquisition to its nearest neighbor M INuδ =

E 1 ∑ min E e=1 i∈{1,...,E,};

δ δ D[fu,e , fu,i ];

(7)

i̸=e

• M AXuδ : mean value of the distances of each enrollment acquisition to its farthest neighbor M AXuδ =

E 1 ∑ max E e=1 i∈{1,...,E,};

δ δ ]; ; D[fu,e , fu,i

(8)

i̸=e

• M EANuδ : mean value of all the computed distances, over all the enrollment acquisitions M EANuδ

E E ∑ 1 ∑ 1 δ δ = D[fu,e , fu,i ]; E e=1 E − 1

2.3

(9)

i=1;i̸=e

• T EM Puδ : mean value of the distances of each enrollment acquisition to the “template keystroke dynamics”, defined as the acquisition with minimum average distance to all the other ones, and identified by the index tu T EM Puδ

1 = E

E ∑

δ δ u ]. D[fu,e , fu,t

Authentication

During the authentication phase, a subject u ˜ claims the identity of a user u by typing his password. The keystroke dynamics is then compared to the E reference acquisitions belonging to the claimed identity, by computing the disδ tances D(fu,e , fu˜δ ), with e = 1, 2, . . . , E, for each feature δ ∈ ∆. The following normalized distances are then computed: M IN =

δ , fu˜δ ] 1 ∑ mine=1,...,E D[fu,e , ∥∆∥ M INuδ

(11)

δ∈∆

(10)

δ , fu˜δ ] 1 ∑ maxe=1,...,E D[fu,e , δ ∥∆∥ M AXu δ∈∆ ∑E δ , fu˜δ ] 1 ∑ e=1 D[fu,e , M EAN = ∥∆∥ M EANuδ

e=1;e̸=tu

M AX =

The values in (7)-(10) have to be stored together with δ the feature vectors fu,e , with δ ∈ ∆, extracted from the E acquisitions.

(12)

(13)

δ∈∆

2.2 Template Selection

T EM P =

As described in Section 2.1, multiple templates have to be recorded in a database for each user, in order to account for the variability of his biometric data. Template selection refers to the process of determining, from a given set of available biometric acquisitions, which are the best suited to represent the collected data and the statistics of the considered users’ biometrics. The selection can be usually performed during the enrollment phase to guarantee high verification performances, while saving memory space and reducing the processing time required to perform authentication. In this paper we take into account four different approaches to perform template selection, and apply them to keystroke dynamics. Let us indicate with E the number of templates which have to be selected out of the N available ones. The first approach is based on a minimum distance criteria and referred to as MDIST [23]: the set of the N available keystroke acquisitions is sorted according to their average distance from the other ones, and then the E dynamics corresponding to the smallest average distances are selected as representative for the user. The employed rationale consists in choosing the templates that exhibit maximum similarity with the others, thus representing typical data measurements. The Greedy Maximum Match Scores (GMMS) [24] tries to minimize the overall distance between the set of the E selected

δ δ u , fu 1 ∑ D[fu,t ˜] . δ ∥∆∥ T EM Pu

(14)

δ∈∆

The distances computed according to (11)-(14) can be compared to a threshold, or combined before performing such comparison, in the decision stage of the authentication system, in order to determine if subject u ˜ corresponds to the queried identity u. The performances achievable with the proposed metrics are discussed in Section 3.

3.

EXPERIMENTAL RESULTS

Several experimental tests have been conducted to analyze the proposed keystroke dynamics-based verification system for mobile phones. As in [20], we focus our attention on the use of alphabetical passwords, which have so far received much less attention than numerical ones. It should be noticed that the two cases are quite different: for the majority of mobile devices a character generation involves the pressure of a key several times, whereas this is not the case for typing numbers. A database consisting of six passwords, each ten character long, with a number K of key press/release events comprised between 20 and 26, has been collected using a Nokia 6680 mobile phone. The employed device is characterized by a clock frequency of 1 KHz, a dimension of 108.4 × 55.2 × 20.5 mm, and a keypad area limited to 33 × 20

23

Metrics M IN M AX M EAN T EM P M IN + M EAN M IN + M AX+ M EAN + T EM P

E=7 17.06 18.48 15.98 18.29 16.04 16.26

E=8 16.86 18.10 15.70 17.55 15.91 15.80

E=9 16.19 17.72 15.15 17.08 15.34 15.53

∆ PP RP RR PR {P P, P R} {RP, P R} {P P, RR, P R} {P P, P R, RP, RR}

E = 10 15.97 17.16 14.74 16.69 15.06 15.06

E=7 17.76 19.28 18.31 24.15 14.78 15.09 15.43 15.98

E=8 17.38 18.87 17.70 23.60 14.44 14.80 15.09 15.70

E=9 16.85 18.43 17.18 23.29 14.07 14.30 14.58 15.15

E = 10 16.29 18.07 16.81 22.87 13.59 13.87 14.21 14.74

Table 1: EERs (in %) obtained by using different statistics to perform verification.

Table 2: EERs (in %) obtained by using different sets of latency features.

mm. Each key has an approximate dimension 11 × 5 mm, although the keys’ shape is not perfectly rectangular. The Nokia 6680 mobile phone features a standard keypad with 12 buttons. No predictive text technology, like the Text on 9 keys (T9) method, has been employed when writing the passwords. It can be assumed that the verification rates reported hereafter could be reached also with devices having comparable dimensions and characteristics. The collected database contains acquisitions taken from forty users having an age range between 25 and 40 years, which have donated each password 20 times during four distinct sessions. Each user has waited 10 minutes between each session and the next one. The available dataset therefore comprises 40 · 20 · 6 = 4800 different acquisitions. The subjects trained themselves by typing each password only five times before performing enrollment. Therefore, since the database is collected without allowing the subjects to extensively train themselves, the considered scenario results to be extremely challenging for the analyzed authentication methods. It is also worth pointing out that if a user is mistaken in typing a password, the attempt is discarded: in fact, we assume that the keystroke-based authentication is only used as a password hardening mechanism. The available database has been then split into an enrollment set, composed by the first 10 acquisitions of each user and used for enrollment purposes, and into an authentication set, containing the remaining acquisitions of each user, and used to estimate the verification performances. The reported statistics have been estimated while considering 2400 different authentication processes made by genuine users, and an equal number of forgeries attempts. The first test has been performed to determine which distance D(·, ·) should be employed to achieve the best verification performances. According to the performed tests, we observed that the L1 norm in (5) always guarantees better results than the L2 one in (6). For example, when using all the first E = 10 acquisitions of each user for enrollment, the entire feature set ∆ = {P R, P P, RP, RR} for template representation, and the MEAN score in (13) during the authentication process, an Equal Error Rate (EER) of 14.74% is obtained with DL1 (·, ·), against an EER equal to 19.68% achieved with DL2 (·, ·). We then performed tests to determine which metrics, among those listed in (11)-(14), are the best suited for verification purposes. Table 1 reports the EERs obtained by performing authentication using the distances in (11)-(14), or combination of them, to perform verification, while keeping ∆ = {P R, P P, RP, RR}, and using the L1 norm to compute the distances. The first E = 7, 8, 9, 10 acquisitions of the enrolled set of each user are kept for enrollment. It is worth

reporting that, following the approach proposed in [27] for signature recognition, we also performed tests by employing a Bayes Classifier, Support Vector Machines (SVMs), as well as Principal Component Analysis (PCA) in conjunction with the metrics given in (11)-(14), in order to improve the authentication performances. However, the obtained verification results do not outperform those obtained by using the MEAN statistics, which produces the best achieved EERs and it is therefore employed hereafter. The discriminative capabilities of the features employed to represent a keystroke dynamics acquisition have also been analyzed. Table 2 reports a selection comprising the best EERs achieved when performing tests using different sets ∆ of features. The best performances are obtained when selecting ∆ = {P P, P R} as feature set. It is worth noticing that {RP, P R} has been employed in [28] as feature set for Hidden Markov Models-based keystroke recognition on numerical PC keyboards, while it has been found to not guarantee optimal performances in our scenarios. A comparison between the approach here proposed and the user-dependent method presented in [20] has also been performed, and the results are shown in Figure 2. The feature set ∆ = {P P, P R} has been used for both methods, having verified with experimental results that it represents the best choice also for the user-dependent approach in [20]. As evident from the obtained performances, the proposed approach performs better than the one proposed in [20] when a limited number of acquisitions is captured in the enrollment stage. This makes the proposed approach more suitable for practical scenarios. The proposed approach has the same performance of the user-dependent approach in [20] when using all the E = 10 acquisitions of the enrollment set of each user. Such behavior has been confirmed when considering passwords with less than 10 characters. This scenario has been analyzed by truncating the collected passwords, and then using the resulting words for enrollment and authentication. Figure 3 shows the performances obtained for E ∈ {5, 7, 10}, while varying the number of employed characters. Eventually, we have verified the improvements achievable when the template selection approaches presented in Section 2.2 are applied to the keystroke dynamics scenario. Specifically, for these tests we have employed an enrollment set composed by N = 12 randomly selected acquisitions of each user, and defined an authentication set with the remaining acquisitions. We have then performed template selection over the enrollment set of each user, in order to determine the E templates to be used for enrollment purposes, and compared the performances obtained over the authentica-

24

40

40 User−dependent approach in [16] Proposed approach

35

35 30 EER (in %)

EER (in %)

30 25

25

20

20

15

15

10 4

User−dependent approach in [16], E=5 Proposed approach, E=5 User−dependent approach in [16], E=7 Proposed approach, E=7 User−dependent approach in [16], E=10 Proposed approach, E=10

5

6 7 8 9 E (number of enrollment acquisition)

10 4

10

5

6 7 8 Employed characters

9

10

Figure 2: EERs (in %) with respect to the number E of enrollment acquisitions.

Figure 3: EERs (in %) with respect to the number of employed characters.

tion set with those achieved by randomly selecting E templates from the enrollment set. This latter random selection has been performed 20 times to average the obtained results, while the original division in enrollment and authentication sets has been performed 30 times in different ways. The EERs computed after all the iterations are reported in Fig. 4. A significant improvement is noticed when using the template selection approaches described in Section 2.2, with respect to random selection. Specifically, the fuzzy C-means approach provides the best results for E ≤ 7, although its behavior is not stable. The MDIST and the DEND methods performs better for E > 7. It is worth reporting that the performances obtained with the fuzzy C-means approach are strongly dependent on the choice of the exponential weight which controls the clusters’ degree of fuzziness and, due to its fuzzy nature, can produce varying results also when using the same parameters. The detailed behavior of the False Acceptance Rate (FAR) with respect to the False Rejection Rate (FRR) for different values of E, for a system using the MDIST template selection approach, is also reported in Figure 5. As already mentioned, it is worth pointing out that we have modified the MDIST and GMMS methods had to be modified to provide performances better than those obtained with random selection: for the MDIST approach, the templates with the largest distance from the others have been selected, while in GMMS we had to maximize the overall distance between the set of selected and non-selected templates. The rationale behind such modifications relies on the fact that, in the considered scenario, the acquisitions carrying distinctive information contribute to the authentication process better than those which reinforce the already estimated statistics.

considered statistics, the extracted feature set, as well as the number of enrollment acquisitions and the number of characters in the used passwords. Moreover, the benefits coming from the use of template selection strategies have also been discussed. The obtained verification results indicates that the proposed approach can be effectively employed as a passwordhardening mechanism for cellular phones, even in operational contexts where the number of stored acquisitions is kept low. However, they also show that if a strong secure authentication scheme for mobile devices is needed, it cannot rely exclusively on keystroke dynamics.

5.

REFERENCES

[1] S. Kowalski, M. Goldstein, “Consumers awareness of, attitudes towards and adoption of mobile phone security”, Int. Symp. on Human Factors in Telecommunication, 2006. [2] A. K. Jain, P. Flynn, A. Ross (Eds.), “Handbook of Biometrics”, Springer, 2008. [3] R. Ricci, et al. “SecurePhone: a mobile phone with biometric authentication and e-signature support for dealing secure transactions on the fly”, Int. Conf. on Security and Cryptography, 2006. [4] H.A. Shabeer, P. Suganthi, “Mobile Phones Security Using Biometrics”, Int. Conf. on Computational Intelligence and Multimedia Applications, 2007. [5] D.-h. Cho, K.R. Park, D.W. Rhee, Y. Kim, J. Yang, “Pupil and Iris Localization for Iris Recognition in Mobile Phones”, Int. Conf. on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing , 2006. [6] S. Bleha, C. Slivinsky, B. Hussien, “Computer-access security systems using keystroke dynamics”, IEEE Trans. on Pattern Analysis and Machine Intelligence, ˝ No. 12, pp. 1217U-1222, 1990. [7] M. Obaidat and B. Sadoun, “Verification of computer users using keystroke dynamics”, IEEE Trans. on Systems, Man, and Cybernetics, Part B, Vol. 27, No. 2, pp. 261–269, 1997.

4. CONCLUSIONS In this paper we have proposed a keystroke dynamicsbased verification method with application to mobile phones. Specifically, we have introduced a new statistical classifier for keystroke recognition, and analyzed the verification performances achievable when varying the employed distance, the

25

28 26 24

30

22 20 18

25 20 15

16

10

14

5

12 2

3

4

5 6 7 8 9 10 E (number of selected templates)

11

E=6 E=9 E=12

35

FAR (in %)

EER (in %)

40

Random selection MDIST GMMS DEND Fuzzy C−means

0 0

12

5

10

15

20 25 FRR (in %)

30

35

40

Figure 4: Application of template selection approaches to keystroke verification.

Figure 5: FRR vs FAR for E = {6, 9, 12}, while using the MDIST template selection approach.

[8] F. Monrose, A. D. Rubin, “Keystroke dynamics as a biometric for authentication”, Future Generation Computer Systems, Vol. 16, No. 4, pp. 351–359, 2000. [9] D. Shanmugapriya, G. Padmavathi, “A Survey of Biometric keystroke Dynamics: Approaches, Security and Challenges”, Int. J. of Computer Science and Information Security, Vol. 5, No. 1, pp: 115–119, 2009. [10] A. Peacock, X. Ke, and M. Wilkerson, “Typing Patterns: A Key to User Identification”, IEEE Security & Privacy, pp. 40–43, 2004. [11] D. Hosseinzadeh, S. Krishnan, “Gaussian mixture modeling of keystroke patterns for biometric applications” IEEE Trans. on Systems, Man, and Cybernetics, Part C, Vol. 38, No. 6, pp. 816–826, Nov. 2008. [12] R. Giot, M. El-Abed, C. Rosenberger, “Keystroke Dynamics With Low Constraints SVM Based Passphrase Enrollment”, IEEE Third Int. Conf. on Biometrics: Theory, Applications and Systems (BTAS), Wash. DC USA, Sept. 28–30, 2009 [13] J. M¨ antyj¨ arvi, J. Koivum¨ aki, P. Vuori, “Keystroke Recognition for Virtual Keyboard”, IEEE Int. Conf. on Multimedia and Expo, 2002. [14] A. Ogihara, H. Matsumura, and A. Shiozaki, “Biometric Verification Using Keystroke Motion and Key Press Timing for ATM User Authentication”, Int. Symp. on intelligent Signal Processing and Communications, 2006. [15] R.A. Maxion, K.S. Killourhy, “Keystroke biometrics with number-pad input”, IEEE/IFIP Int. Conf. on Dependable Systems and Networks, 2010. [16] N. L. Clarke, S. M. Furnell, B. M. Lines, P.L. Reynolds “Keystroke Dynamics on a Mobile Handset: A Feasibility Study”, Information Management and Computer Security, Vol. 11, No. 4, pp. 161–166, 2003. [17] N. L. Clarke, S. M. Furnell, “Authentication mobile phone users using keystroke analysis”, Int. J. of Information Security, Vol. 6, No. 6, pp. 1–14, 2007. [18] H. Crawford, “Keystroke Dynamics: Characteristics

and Opportunities”, Int. Conf. on Privacy Security and Trust, 2010. A. Buchoux, N.L. Clarke, “Deployment of Keystroke Analysis on a Smartphone”, Australian Conf. on Information Security & Management, 2008. P. Campisi, E. Maiorana, M. Lo Bosco, A. Neri, “User authentication using keystroke dynamics for cellular phones”, IET Signal Processing, Vol. 3, No. 4, pp. 333–341, 2009. S.-s. Hwang, S. Cho, S. Park, “Keystroke dynamics-based authentication for mobile devices”, Elsevier Computers & Security, Vol. 28, No. 1-2, pp: 85–93, 2009. H. Saevanee, P. Bhattarakosol, “Authenticating user using keystroke dynamics and finger pressure”, IEEE Conf. on Consumer Comm. and Networking, 2009. U. Uludag, A. Ross, A. K. Jain, “Biometric Template Selection and Update: A Case Study in Fingerprints”, Pattern Recognition, Vol. 37, No. 7, pp. 1533–1542, 2004. Y. Li, J. Yin, E. Zhu, C. Hu, H. Chen, “Score Based Biometric Template Selection and Update”, Int. Conf. on Future Generation Comm. and Networking, 2008. J.C. Bezdek, “Pattern Recognition with Fuzzy Objective Function Algorithms”, Plenum, New York, 1981. A. Lumini, L. Nanni, “A Clustering Method for Automatic Biometric Template Selection”, Pattern Recognition, Vol. 39, pp. 495–497, 2006. A. Kholmatov, B. Yanikoglu, “Identity Authentication Using Improved Online Signature Verification Method”, Pattern Recognition Letters, Vol. 26, No. 15, pp: 2400–2408, 2005. R.N. Rodrigues et al., “Biometric Access Control Through Numerical Keyboards Based on Keystroke Dynamics”, Lecture Notes in Computer Science, Vol. 3832, pp: 640–646, 2005.

[19]

[20]

[21]

[22]

[23]

[24]

[25]

[26]

[27]

[28]

26