Authentication Technique Based on Behavioral Biometrics for Personal Devices

Various user authentication techniques used for personal device security are mainly based on password-based, pattern-based, and biometric-based techniques. But considering the usage pattern of these devices, an authentication mechanism that best suits these devices must provide a balance between security and user convenience. With this conception, behavioral biometrics produces a better solution. Keystroke dynamics is used in this thesis to provide a transparent, non-intrusive user authentication mechanism for verification of the user. Being a non-intrusive technique, keystroke dynamics of the user does not bother the user of providing their biometric features, which increases user convenience. Besides providing user convenience, the keystroke dynamics pattern of a user shows intraclass variation. To address this issue, a re-authentication mechanism is proposed in this thesis. This mechanism uses a clustering-based MJ48 algorithm for mitigating performance detoriation due to typing variation in user authentication. The proposed mechanism provides convenience along with security (FAR 0.1% and FRR 0.2%) to the genuine user. Most of the user authentication mechanisms applied for the security of personal devices is performed at the start of the session, which is not at all-sufficient. An impostor may try to access the post-authentication session. Hence along with entry point authentication, nonintrusive continuous user authentication is essential for the complete security of the device. But it was found that the devices are very frequently get locked due to continuous user authentication using keystroke dynamics in cases when the user is found unauthentic. Locking of the entire device is quite annoying for the genuine user and reduces device usability. Hence in this thesis, a continuous user authentication mechanism is proposed, which provides risk-based application-level authentication rather than the device level. The application-level authentication mechanism locks only the particular applications in the order of there sensitivity while leaving the other applications unaffected. This technique provides a user with the desired security, including improved device usability.