Password Authentication using Keystroke Biometrics

Download PDF
1 downloads 0 Views 212KB Size Report
Comment
and cracking. Once the password is cracked, the attacker can use it to access restricted or confidential information like confidential files, client lists, etc. as well as ...
2015 International Conference on Communication, Information & Computing Technology (ICCICT), Jan. 16-17, Mumbai, India

Password Authentication using Keystroke Biometrics Nathan D’Lima

Jayashri Mittal

M.E. Student Computer Department St. Francis Institute of Technology Mumbai, India. [email protected]

Assistant Professor Computer Department St. Francis Institute of Technology Mumbai, India. [email protected]

Abstract - The majority of applications use a prompt for a username and password. Passwords are recommended to be unique, long, complex, alphanumeric and non-repetitive. These reasons that make passwords secure may prove to be a point of weakness. The complexity of the password provides a challenge for a user and they may choose to record it. This compromises the security of the password and takes away its advantage. An alternate method of security is Keystroke Biometrics. This approach uses the natural typing pattern of a user for authentication. This paper proposes a new method for reducing error rates and creating a robust technique. The new method makes use of multiple sensors to obtain information about a user. An artificial neural network is used to model a user’s behavior as well as for retraining the system. An alternate user verification mechanism is used in case a user is unable to match their typing pattern.

use it to access restricted or confidential information like confidential files, client lists, etc. as well as personal information like bank account and credit card information. The current systems used in user verification consist of 3 main types – unique keys, physical security and biometric security [1]. The very qualities that make a system robust, sometimes, also are its main vulnerability.

Keywords—Password, Artificial Neural Authentication, Security, Keystroke Biometrics.

Networks,

I. INTRODUCTION Authentication is the process of confirming a user’s identity and verifying the accessibility of some service or resource to that user. It is used as a means of identifying valid or legal users from the impostors. Some of the common authentication mechanisms include identity cards, fingerprints, iris, password, etc. Password based authentication is the most widely used user authentication mechanism. This method uses a prompt for a username and password that is unique to a particular user. A password must be unique, long, complex, and strong. The same user must use different passwords for different applications. Using the same password for multiple applications makes it more susceptible to attacks. A strong password consists of any combination of lowercase letters, uppercase letters, numerals, special characters, and symbols as well as have a length of 8 characters or more. The length of the passwords combined with a random arrangement of the characters make a password strong and less vulnerable to attacks. The random arrangement adds an element of unpredictability to the password that prevents attackers from easily guessing or breaking them. There are many types of password attacks. The most common is password guessing by using brute force method. Other attacks include dictionary, rainbow table, phishing, social engineering, shoulder surfing, key logging, sniffing, and cracking. Once the password is cracked, the attacker can

978-1-4799-5522-0/15/$31.00 ©2015 IEEE

Unique keys, as the name suggests, are unique, and provide access to the user. A unique key could be a secret PIN, number or password. It is recommended that a unique key be long, complex, and kept a secret. Although this makes the key strong and robust, the complexity and length as well as multiple keys for multiple applications provide a challenge to the user to remember. In order to make it easier to remember, a user may record the key in written or electronic form. A user may also relate the key to his/her personal life, like a date of birth, relative’s or pet’s name. This makes it easier for an attacker to obtain the password and gain access to information. Physical security includes swipe cards, identity cards etc. which have a magnetic strip that contains all of the user’s information. The main drawback of this type of security is that it is prone to theft. Theft of a card with a magnetic strip allows an attacker to pose as the user to gain access. This type of security is also vulnerable to cloning. The magnetic strip can be decoded with ease and the data within them replicated and cloned to another card. This poses as a serious risk as the attacker can then access information as a legitimate user without detection. Biometric security is a much more robust technique as compared to unique keys and physical security. It has 3 main modalities – biological (EEG, DNA), behavioral (keystroke dynamics), and morphological (iris, fingerprint) [13]. These features are used to identify the user. These characteristics are unique to a particular user and therefore provide better security. However, this system is not completely foolproof. Fingerprints are easy to replicate. Facial recognition cannot distinguish between a real user and an image of a real user. Iris recognition has provided the best security measure so far. It is the only biometric security method that satisfies the European Standard for Access Control [15]. Iris recognition can be tampered with if the attacker can gain access to the database where a user’s template is stored. One of the main drawbacks of biometric systems is the high setup costs. It requires specialized hardware and software. It is also very

2015 International Conference on Communication, Information & Computing Technology (ICCICT), Jan. 16-17, Mumbai, India intrusive and can make users uncomfortable. Keystroke dynamics is an alternative method in user authentication. This method uses the natural typing patterns of a user. A user can be uniquely identified from his/her typing patterns. The typing rhythm of a user is captured and the extracted features are used to verify users. The typing rhythm of a user can be captured using pressure sensors or timing patterns. Pressure sensing techniques generally require some extra hardware that is capable of sensing the pressure of the typed keys. This can be done using piezoresistive or piezoelectric strips. Timing patterns, on the other hand, do not require any extra hardware. This is a big factor in the reduction of cost of the system. Installation of software is the only requirement to capture the timing patterns of the user. The timing patterns are also known as keystroke latencies.

Fig. 1. Comparison of Security mechanisms [10].

Keystroke biometrics can be used as a standalone system for user authentication as well as combined with other preexisting systems as an added security measure. A user must be enrolled in the system before authentication. The enrollment process is used to obtain the system to the users’ information and create a template for future reference. This can be done by using some pre-determined text (fixed text) along with a username and password or some random text (free text). The user’s features are then captured and a reference template is created. This reference is then used to authenticate the user at the time of login. Keystroke analysis is the method of analyzing the keystroke information and deciding whether a user is legitimate or not. The keystroke analysis can be done only at login (static analysis) or throughout a user’s session (continuous analysis). Keystroke analysis techniques are mostly mathematical but can also use statistical methods, artificial neural networks (ANN), fuzzy logic and modern heuristic methods for analysis. The choice of data collection methods and analysis techniques directly affect the error rates.

978-1-4799-5522-0/15/$31.00 ©2015 IEEE

The performance of any keystroke biometric method is measured using 3 performance metrics – False Acceptance Rate (FAR), False Rejection Rate (FRR) and Equal Error Rate (EER). FAR is the probability of an impostor being wrongly classified as a legitimate user. FRR is the probability of a legitimate user being wrongly classified as an impostor. EER is the point at which FAR is equal to FRR. II.

RELATED WORK

Click patterns among telegraph operators were first observed in the 1980s. The operators could be identified by their unique tapping patterns called fists [1]. This same principle has been applied to typing. The typing pattern is characteristic to each user. This makes it tough to replicate and as a result provides good security. Keystroke biometrics can also be applied to non keyboard devices like phones or PDAs. The same can be applied to devices like a computer mouse. In [2] click dynamics are used to identify legitimate users. This method makes use of Click latencies. A rhythm commonly known as “Encourage with love” in Taiwan or “Rainbow Claps” in Singapore is used. There are a total of 11 clicks with a 2-3-42 rhythm. Although the time per user is very less, the error rates are relatively high. Using this method, the EER obtained was 12.09%. Keystrokes can also be obtained without a username or password. An undetermined text, also known as free text, is used to obtain the user’s typing pattern as in [3] and [4]. In [3] a text of 380 characters is used to enroll a user and a 75 character string is used in testing. To keep the test user friendly, only one sample per user was taken. Only 15 users were used in the experiment. This method takes into account the layout of the keyboard and stores keystroke latencies for each key and pair of keys. Euclidean distance is used to find the level of similarity between the login data and the user’s stored template. This method gives an FAR of 21% and FRR of 17% which is because of the less number of training samples. In [4], two separate experiments were conducted which had 53 and 17 participants respectively. The enrollment took place over 5 months for the free experiment and 81 days for the controlled experiment. This method also used free text to obtain user’s typing characteristics. Neural networks are used to model monograph and digraph behavior. This allows the algorithm to predict the typing behavior of a user in case of missing digraphs or monographs. For the free experiment with 53 users, an FAR of 0.0152% and FRR of 4.82% was obtained with an EER of 2.46%. The controlled experiment gave an FAR of 0%, FRR of 5.01% and an EER of 2.13%. Fourteen anomaly detectors were used in [5]. The detectors used are Euclidean distance, Normalized Euclidean distance, Manhattan distance, Filtered Manhattan, Scaled Manhattan, Mahalanobis, Normalized Mahalanobis, Fuzzy logic, Nearest neighbor Mahalanobis, Neural network, auto associative Neural network, Outlier counting, single class SVM and K-means. The password used in this method is “.tie5Roanl” and the experiment was conducted for 51

2015 International Conference on Communication, Information & Computing Technology (ICCICT), Jan. 16-17, Mumbai, India

TABLE I.

Reference

SUMMARY OF VARIOUS METHODS, THE TYPE OF SAMPLE USED, ENROLLMENT TIME PER USER AND PERFORMANCE MEASURE.

Method

Type of Sample

Enrollment Time

Performance

Statistical based classification

Click rhythm

2 minutes

EER = 12.09%

Euclidean Distance

Free text

1 day

FAR = 21%, FRR = 17%

Neural Networks

Free text

Multiple Detectors

Password

-

EER = 0.096 by scaled Manhattan method

Various Pattern Recognition and Neural Networks

Login user ID

8 weeks

FAR = 0% FRR = 0% For LVQ, RBFN and Fuzzy ARTMAP

Seham, Mohamed and Osman [7]

Fuzzy sets and Enhanced NM&W algorithm

Password

1.25 min – 11 min per session

Precision = 90.3% Accuracy = 80%

Teh, Teoh, Tee and Ong [10]

2 layer fusion

Predetermined string

5-10 minutes

EER = 1.401%

Statistical classifier and adaptation mechanism

String

10-20 minutes

EER = 1.6%

SVM and KRR

Text

90 minutes

SVM: FAR = 5.5% FRR = 0.7%

Statistical Pretesting

Password

Unspecified

FAR = 0.23%, FRR = 0.09%

Decision Fusion System

Reading, writing and web browsing

1 week

FAR = 0.122% FRR = 0.218%

Tsai, Chang, Yang, Wu and Li [2] Alsutan and Warwick [3] Ahmed and Traore [4] Killourhy and Maxion [5] Obaidat and Sadoun [6]

Araújo [11]

Chang et al [12] Al-Athari and Hussain [13] Fridman, Stolerman and Acharya [14]

subjects each typing 400 repetitions of the password. The best error rate of 0.096 was obtained by Scaled Manhattan detector. The other top performing detectors were Nearestneighbor Mahalanobis and the Outlier count with equal error rates of 0.1 and 0.102 respectively. Pattern recognition and neural network techniques were used in [6]. The pattern recognition techniques used are – K means, Cosine measure, Minimum distance, Bayes’ decision rule and Potential function. The neural network techniques used are – Back Propagation Neural Network (BPNN), Counter Propagation Neural Network (CPNN), Fuzzy ARTMAP, Radial basis function network (RBFN), Linear Vector Quantization (LVQ) networks, Reinforcement Neural Network (RNN), Sum of Product (SOP) and Hybrid sum of products (HSOP). Among the pattern recognition techniques, potential function was the best and gave an FRR of 1.9% and FAR of 0.7%. Among the neural networks, LVQ, RBFN and Fuzzy ARTMAP were the best and gave an FRR and FAR of 0%. The results indicate that neural networks have better 978-1-4799-5522-0/15/$31.00 ©2015 IEEE

Free expt. 209 hrs over 5 months

Controlled expt. 2-9 days

EER =2.46%

EER = 2.13%

KRR: FAR = 5.5% FRR = 1.77%

classification accuracy than traditional pattern recognition techniques. An enhanced Needleman Wunsch Algorithm is used as an alignment tool in [7]. Needleman Wunsch algorithm was used as a sequence alignment tool for DNA strings in [8]. This algorithm uses a slightly modified version of the algorithm along with a blosum or similarity matrix [9] to authenticate users. The keystroke features are assigned to fuzzy sets and then using the enhanced algorithm for efficient authentication. The error is measured in terms of precision and accuracy. It provides a far better result than similar methods. This method gives a precision of 90.3% and an accuracy rate of 80%. However, this algorithm is unable to work with continuous or dynamic data. It is also susceptible to getting trapped in local minima. A two layer fusion approach is used in [10]. Feature matching is done using two methods – Gaussian Probability Density Function (GPD) and Direction Similarity Measure

2015 International Conference on Communication, Information & Computing Technology (ICCICT), Jan. 16-17, Mumbai, India (DSM). Although GPD provides better results than DSM, both are used to provide a sub score which is then fused together to obtain the final score. The final score is computed by using 6 different fusion rules – sum rule, weighted sum rule, product rule, min-max rule, OR voting rule and AND voting rule. The AND voting rule provided the best results while the OR voting rule provided the worst result. A decision system is used to accept or reject a user based on this final score. This system also uses a retraining mechanism for a successful login. This is done to take into account the change in human behavior. An Alternative Authorization Code (AAC) is used as an alternate means of verification. This method obtains an FAR and FRR of 1 % and an EER of 1.401%. The method used in [11] uses only flight time for a user’s keystroke timing pattern. A sample is created from these features. This sample is analyzed by a classifier using a stored template and decides if the sample belongs to the actual owner. An adaptation mechanism can be used to compute an update to the stored template. The experiment was conducted on 30 users. This method obtained an FAR of 1.45%, FRR of 1.89% and an EER of 1.6%. Typing characteristics are unique to a user. The typing of certain syllables differs for same user in different words. These natural delays between syllables are called as cognitive factors. In [12] cognitive typing rhythm is used to identify users. Two different methods – Support Vector Machine (SVM) and Kernel Ridge Regression (KRR) are used for classification. A k-fold cross validation method is used for testing. The final decision is based on the scores of all classifiers. Both SVM and KRR provide an FAR of 5.5%. SVM provides an FRR of 0.7% while KRR gives an FRR of 1.77%. In [13], extensive pretesting is used along with typing speed to distinguish legitimate users from impostors. The average speed and standard deviation is measured with each trial. This method required the password to be very strong. The user has to undergo pretesting where the number of repetitions of the password starts from 10 and goes up to 100 repetitions. As the number of trials increase, the average typing speed reduces. A range is calculated based on the typing speed of all the trials. For an impostor trying to login as a legitimate user, if the typing speed is outside the range that was calculated previously, the impostor is rejected. If the typing speed is within the specified range, some private information is requested from the user in the form of a question. This is helpful to prevent the problem of multiple users having the same range of typing speed. This method obtains an FAR of 0.23% and an FRR of 0.09%. Instead of using only keystroke latencies, the method used in [14] utilizes multiple parameters like keystroke dynamics, mouse movement, web browsing and linguistic style. These sensors provide information from 10 sensors that are used by a decision fusion center (DFC) to make a decision. The DFC uses local decisions to form a global decision. The global decision decides if a user is legitimate or an impostor. A total of 1024 combinations are possible for the 10 different sensors. The combination of all the sensors 978-1-4799-5522-0/15/$31.00 ©2015 IEEE

together gives best results. An FAR of 0.122% and an FRR of 0.218% is obtained using this method. Table 1 summarizes the various methods in terms of method used, the type of sample, the enrollment time per user and its performance measure. III.

PROPOSED WORK

The proposed system uses four sensors – keystrokes, typing speed, use of tab key, and mouse movement. Five keystroke latencies are used. An Artificial Neural Network (ANN) is used for user behavior classification and modeling. A successful login updates the stored template and retrains the system. Some environmental or physical conditions may prevent the user from typing normally. As a result the typing characteristics may differ from the stored template and prevent the user from gaining access. To avoid such a problem, an alternate verification mechanism is introduced. The system consists of four parts – Enrollment, Authentication, Retraining, and Alternative authorization. A. Enrollment The enrollment process is triggered when a new user is encountered. In the enrollment phase, a user is asked to type his or her username and password. The users’ email address is also stored for alternate verification if the user is unable to login within 3 attempts. The password must be at least 10 characters and must contain alphabets and numerals. Along with the password, the user has to type the fixed phrase “The quick brown fox jumps over the lazy dog”. The particular phrase is chosen as it contains all alphabets of the English language. Fig. 2 illustrates the enrollment process. Get user Login Information

Set counter = 1

Enter Fixed Phrase

Monitor Parameters

Obtain Parameter Information

Database and Reference Template

No Classification using ANN

Yes

Is counter = 10?

Increment counter

Fig. 2. Enrollment Process

The user has to repeat his/her username, password, and fixed phrase 10 times. The dwell time of each key and four flight time latencies for each pair of keys are obtained for each repetition. Along with the keystroke latencies, the typing speed, use of the tab key, and mouse movements are also obtained. Three parameters are used for the mouse movement – speed, distance and direction. The keystroke

2015 International Conference on Communication, Information & Computing Technology (ICCICT), Jan. 16-17, Mumbai, India pattern timing and mouse parameters are then given as input to the neural network to model the behavior. The neural network is used to predict the timing patterns of certain digraphs if they are missing. The output of the neural network gives the average timing patterns of each key and pair of keys for a user as well as the various other parameters. A template is created for each user based on the output of the neural network. The template stores the timing pattern, speed, frequency of use of the tab button, and parameters of mouse movement.

user. The number of unsuccessful attempts and timeout period is set to prevent multiple attempts by an impostor. Get user Login Information

Monitor Parameters

Set counter = 0

Database and Reference Template

Obtain Parameter Information

B. Authentication The authentication process is used for the users that have already been enrolled. The already enrolled users are asked to type in their username and password. The sensors are monitored and the parameters are calculated. If the login credentials do not match the username and password combination, the user is rejected and the user’s account is locked to prevent further attacks. If the login credentials of the user match, then the parameters obtained are used as a sample and compared with the reference template stored in the database. The matching is done using a Gaussian Probability Density Function (GPD). A GPD gives a similarity measure between 0 and 1. The curve is a normal Gaussian curve with the template value at the center of the curve having a value of 1. A value closer to the center of the graph indicates more similarity to the stored template. Since human behavior changes often, the similarity will rarely be equal to 1. A threshold value of 0.8 along with the other parameters is used to find the similar users. An overall similarity is calculated by finding the ratio of total matches to the maximum number of matches possible. The user is accepted only if the overall similarity is more than 90% or a maximum of 2 mismatches are allowed. If the sample does not match the stored template, the user is allowed 3 attempts. After 3 unsuccessful login attempts, an Alternate Verification Code (AVC) is mailed to the user’s registered email address. However, if during any attempt the user provides incorrect login information, the user is rejected and the account is locked. A successful login will re-train the system using the login sample of the user. C. Alternative Verification The alternative verification mechanism is triggered after 3 unsuccessful login attempts. Fig. 3 gives an overview of the authentication and alternate verification process. If a user fails to provide a sample similar to the stored template, an Alternate Verification Code (AVC) is mailed to the user’s registered email. The code is a random alphanumeric combination consisting of upper case and lowercase letters. As soon as the AVC is sent, a timer is started. The timeout period is set at 10 minutes. This is sufficient time for a user to access his or her email after which the user is locked out for 24 hours. If the code is verified within the timeout period, then the user is successfully logged into the system. This is a preventive mechanism that prevents an impostor from gaining access with similar characteristics as a legitimate

978-1-4799-5522-0/15/$31.00 ©2015 IEEE

Retraining

Yes

Matching Parameters?

Yes

Login Info match? No

No Increment counter

No

REJECT

Is counter = 3?

ACCEPT Yes

Yes

Email AVC

Obtain AVC

Timer Expired?

No

Yes Valid Code?

No

Verify Code Fig. 3. Authenticaton Process and Alternative Verification

D. Retraining Human behavioral characteristics change gradually over time [2]. The physical characteristics do not change as much. To account for the change in behavior, a module to retrain the system is added. This module uses the already stored template of the user and the current login sample. A similarity measure is checked using GPD. The values obtained from GPD matching above a similarity of 0.8 are used for updating the template. A value of 0.8 indicates an 80% similarity between the current sample value and the stored sample value. The template is updated by using a simple averaging technique. The averaging component calculates the mean distance of the sample and the stored template. The newly updated template is then given as an input to the ANN to retrain the system for the change in the behavior. Fig. 4 shows the retraining component of the system.

2015 International Conference on Communication, Information & Computing Technology (ICCICT), Jan. 16-17, Mumbai, India REFERENCES [1]

Login Sample

Database and Reference Template

[2]

Stored template

[3]

Similarity computation using GPD

[4]

Stored template [5]

Averaging Component

Update database

Updated template

[6]

[7]

Re-classification using ANN [8]

Fig. 4. Retraining Module

IV.

FUTURE SCOPE

In this age of technology, keystroke analysis can be applied to mobile and handheld devices. It can provide a quick and efficient authentication method to individuals as well as corporate clients and employees of commercial companies. Keystroke analysis combined with pressure sensing capabilities can be used as a tool in deception and emotion detection. Continuous analysis can prevent illegitimate users taking advantage of legal users leaving their machine unattended. V.

[9]

[10]

[11]

[12]

CONCLUSION

The technique proposed in this paper aims to be user friendly and robust. The changes in human behavioral characteristics are accounted for by the retraining of the system. The alternate method of verification acts as a preventive measure for impostors having similar characteristics of a legitimate user. Overall, the system can provide a secure and impenetrable authentication mechanism. Keystroke Biometrics is a very useful tool in authentication. It overcomes the drawbacks of the existing systems and is more robust. The low setup cost and the lack of requirement of specialized hardware makes it very easy to implement. Password authentication as a standalone system may not provide the required security, but it can be strengthened by using keystroke biometrics.

978-1-4799-5522-0/15/$31.00 ©2015 IEEE

[13]

[14]

[15]

N. Ahmad, A. Szymkowiak and P.A. Campbell, “Keystroke dynamics in the pre-touch screen era,” in Frontiers in Human Neuroscience, December 2013, Volume7, Article 835. C.J Tsai, T.Y. Chang, Y.J. Yang, M.S Wu and Y.C Li, “An Approach for User Authentication on non-keyboard devices using mouse click characteristics and statistical based classification,” in International Journal of Innovative Computing, Information and Control, Vol 8, Number 11, November 2012. A.Alsultan and K. Warwick, “User-Friendly Free-text Keystroke Dynamics Authentication for Practical Applications,” in 2013 IEEE International Conference on Systems, Man, and Cybernetics. A.A. Ahmed and I. Traore, “Biometric Recognition Based on FreeText Keystroke Dynamics,” in IEEE Transactions On Cybernetics, Vol. 44, No. 4, April 2014. Killourhy,K.S.,andMaxion,R.A.(2009).“Comparing anomalydetection algorithms for keystroke dynamics,”in IEEE/IFIP InternationalConference on DependableSystems&Networks, Estoril,125–134. Obaidat M.S. and Sadoun B. “Verification of computer users using keystroke dynamics”, IEEE Transactions on Systems, Man, And Cybernetics—Part B: Cybernetics, Vol. 27, NO. 2, April 1997. Bamatraf, S., Bamatraf, M. and Hegazy, O. (2014) “Keystroke Authentication on Enhanced Needleman Alignment Algorithm.” Intelligent Information Management, 6, 211-221. http://dx.doi.org/ 10.4236/iim.2014.64021 Needleman, S.B. and Wunsch, C.D. (1970) “A General Method Applicable to the Search for Similarities in the Amino Acid Sequence of Two Proteins.” Journal of Molecular Biology, 48, 443-453. http://dx.doi.org/10.1016/0022-2836(70)90057-4 Henikoff, S. and Henikoff, J.G. (1992) “Amino Acid Substitution Matrices from Protein Blocks,” in Proceeding of the National Academy of Sciences of the United States of America, 89, 1091510919. P.S. Teh, A.B.J. Teoh, C. Tee and T.S Ong, “Keystroke dynamics in password authentication enhancement,” in Expert Systems with Applications, Elsevier (2010) 8618–8627. Lívia C. F. Araújo, Luiz H. R. Sucupira Jr., Miguel G. Lizárraga, Lee L. Ling, andJoão B. T. Yabu-Uti, "User Authentication Through Typing Biometrics Features", IEEE Transactions on Signal Processing, Vol. 53, NO. 2, February 2005. J.M. Chang, et al, “Capturing Cognitive Fingerprints from Keystroke Dynamics,” in IT Professional, IEEE Computer Society, Vol 15, Issue 4, August 2013. F.M. Al-Athari, A.K. Hussain, “Selection of the Best threshold in Biometric Authentication by Exhaustive Statistical Pre-Testing,” in International Journal of Computer and Information Technology (ISSN: 2279 – 0764) Volume 03 – Issue 04, July 2014. A. Fridman et al, “Decision Fusion for Multimodal Active Authentication,” in IT Professional, IEEE Computer Society, Vol 15, Issue 4, August 2013. Dr. Despina Polemi, “Biometric Techniques: Review And Evaluation Of Biometric Techniques Foridentification And Authentication, Including An Appraisal Of The Areas Where They Are Most Applicable”, Institute Of Communication And Computer Systems National Technical University Of Athens, Final Report.