Active Authentication of Keyboard Users: Performance Evaluation on 736 Subjects

Keystroke timing based active authentication systems are conceptually attractive because: (i) they use the keyboard as the sensor and are not hardware-cost prohibitive, and (ii) they use the keystrokes generated from normal usage of computers as input and are not interruptive. Several experiments have been reported on the performance of keystroke based authentication using small datasets. None of them, however, study a practical active authentication system, and the feasibility of keystroke based active authentication system for large scale and continuous deployment is still not demonstrated in the literature. We investigate this issue and establish that keystroke based active authentication systems can be highly accurate and scalable. We use a real active authentication system that we developed and analyze a dataset large enough to produce statistically significant results. We also present empirical methodologies used for characterizing various design parameters of the developed system.