User authentication is a key tehnology in human machine interaction. The need to establish the legitimacy of transactions and possibly the actors behind them is crucial for trustworthy operation of services over the internet. A good authentication method offers security, usability and privacy protections for users and the service providers. However, achieving all three properties with a single method is a difficult task and such methods are not in wide use today. We combine methods from biometrics, secure key exchange algorithms and privacy-protecting authentication to build authentication system that achieves there three properties. Our system uses keystroke dynamics to aut the authenticate the user and cryptographic methods to protect the privacy of the templates and samples and to extend the authentication to key exchange. The results show that the system can be used for user authentication, but more work is extensible to many other biometrics that can be measured and compared in as similar manner as keystroke dynamics and with further research to larger classes of authentication methods.
Kimmo Halunen, Visa Vallivaara (VTT): Secure, Usable and Privacy-Friendly User Authentication from Keystroke Dynamics
Presented at Nordsec 2016, Oulu