Beruflich Dokumente
Kultur Dokumente
Abstract
Online examinations pose a unique problem for distancebased education, in that it can be very difficult to provide
true user authentication. Due to the inherent anonymity
of being online, compared to taking an examination in a
classroom environment, students may attempt to
artificially boost their scores in online examinations by
having another individual take the exam for them, which
a typical user/password authentication scheme cannot
detect. This paper discusses and presents a method for
providing continuous biometric user authentication in
online examinations via keystroke dynamics.
2. Authentication Methods
Currently, there are 4 primary methods of user
authentication, which are: 1) Knowledge factors, or
something unique that the user knows; 2) Ownership
factors, or something unique that the user has; and
Inherence factors, 3) something unique that the user is or
4) something unique that the user does [1]. However,
when considering online examinations, each of these
methods has a number of drawbacks.
1. Introduction
In the situation of giving an online examination, there
are security factors to consider beyond simple password
authentication for access to the examination. It is not
unreasonable to assume that a student may willingly give
their password to someone else, with the intent that the
other person will take the examination for the student.
With this in mind, a system must be developed in order
to determine that the person taking the examination is, in
fact, the student registered to take the examination. While
it may be infeasible to guarantee with 100% confidence
that the person taking the examination is the student, there
are methods which can be used to provide an estimate of
how certain it is that the person taking the examination is
who they claim to be.
One way we can accomplish this is a biometric method
in which we monitor the keystroke dynamics of the person
taking the examination. Characteristics of keystroke
dynamics vary from person to person, and are thought to
be as individual as a signature. By measuring the flight
time, or the time it takes the user to go from one key
down event to another, a profile can be built of a users
typing signature. When we compare this recorded
488
3. Keystroke Dynamics
489
4. Implementing Continuous
Dynamic Authentication
Keystroke
3.3. Flight-time
Flight-time, which is the time between two key-up or
two key-down events, is another metric which can be used
to determine a profile of a user. Flight-time also includes
the amount of time that a user holds a key down, known as
hold-time.
Flight-time varies greatly from one user to another, as
the flight-time is closely related to the physiological
makeup of the users hands. A right-handed user may, for
instance, have a shorter hold-time on keys on the right half
of the keyboard when compared with their hold-time for
keys on the left-half of the keyboard. Injuries and other
physical abnormalities may also express themselves
through the flight-time metric.
Due to the physiological nature of variations in flighttime, we will focus on flight-time as the metric used for
user authentication in our proof of concept system.
490
491
12. References
[1] Anderson, R, Security Engineering: A Guide to Building
Dependable Systems, Wiley Publishing, Inc., Indianapolis, IN,
2008
[2] Y. Levy, M. Ramin, A Theoretical Approach for Biometrics
Authentication
of
e-Exams,
http://telempub.openu.ac.il/users/chais/2007/morning_1/M1_6.pdf
[3] Kinnunen, T., Hautamaki, V., Franti, P., On the Fusion of
Dissimilarity-Based Classifiers for Speaker Identification, 8th
European Conference on Speech Communication and
Technology, 2641-2644, 2003
[4] D. Gunetti , C. Picardi, Keystroke analysis of free text, ACM
Transactions on Information and System Security (TISSEC), v.8
n.3, p.312-347, August 2005
[5] Ilonen, J., Keystroke Dynamics, Lecture in Advanced Topics
in Information Processing, http://www.it.lut.fi/kurssit/0304/010970000/seminars/Ilonen.pdf
[6] R. Joyce , G. Gupta, Identity authentication based on
keystroke latencies, Communications of the ACM, v.33 n.2,
p.168-176, Feb. 1990
4. Conclusion
While our proof of concept system used HTML, PHP,
JavaScript and MySQL, there are a number of
programming technologies which can be used to gather
data regarding keystroke dynamics. We found that using
keystroke dynamics for biometric authentication of a user
taking an online examination is feasible for multi-factor
user authentication. Steinhaus method of cosine
correlation gives us a way to perform continuous user
authentication via keystroke dynamics in an online
examination scenario.
The problem of requiring a fixed text for authentication
via keystroke dynamics can be overcome by generating
multiple signatures from one set of text, and using the
average value of the cosine correlation. In this manner,
variations from one signature to another are diminished
and can give a more accurate correlation between the trial
signature and the recorded signature. This allows us to
492