Abstract
Keystroke dynamics is an intelligent data processing technique of analyzing the user’s habitual typing patterns to identify him. Keystroke dynamics combined with password authentication has been widely used as a means to enhance user authentication system. However, the user authentication system’s security does not rely solely on the keystroke dynamics. To guarantee a high level of security, more secure password authentication is needed. The design and development of a secure password authentication protocol for keystroke dynamics is discussed in this paper. We propose a new efficient password authentication protocol that is secure against all types of attacks considered in the paper. We also show that our two-party protocol is extended to a three-party protocol, where each user only shares a password with a trusted server. As a result, our protocols with keystroke dynamics can provide a secure and intelligent means of authentication and access control of computer users.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bellovin, S., Merritt, M.: Encrypted key exchange: password-based protocols secure against dictionary attacks. In: IEEE Symposium on Research in Security and Privacy, pp. 77–84 (1992)
Bellovin, S., Merritt, M.: Augmented encrypted key exchange: a password-based protocols secure against dictionary attacks and password-file compromise. In: ACM Conference on Computer and Communications Security, pp. 244–250 (1993)
Jablon, D.: Strong password-only authenticated key exchange. ACM Computer Communications Review 26(5), 5–26 (1996)
Jablon, D.: Extended password key exchange protocols immune to dictionary attacks. In: WETICE 1997 Workshop on Enterprise Security, pp. 248–255 (1997)
Wu, T.: Secure remote password protocol. In: Network and Distributed System Security Symposium Conference Proceedings (1998)
Boyko, V., MacKenzie, P., Patel, S.: Provably secure password authenticated key exchange using Diffie-Hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer, Heidelberg (2000)
MacKenzie, P.: More Efficient Password-Authenticated Key Exchange. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 361–377. Springer, Heidelberg (2001)
MacKenzie, P.: The PAK suites: Protocols for Password-Authenticated Key Exchange (2002), available from http://grouper.ieee.org/groups/1363/passwdPK/contributions.html#Mac02
Kwon, T.: Authentication and Key agreement via Memorable Passwords. In: Network and Distributed System Security Symposium Conference Proceedings (2001)
Kwon, T., Kang, M., Song, J.: An Adaptable and Reliable Authentication Protocol for Communication Networks. In: Proceedings of IEEE INFOCOM 1997, pp. 737–744 (1997)
Kwon, T., Kang, M., Jung, S., Song, J.: An Improvement of the Password-based Authentication protocol(K1P) on Security against Replay Attacks. IEICE Transactions on Communications E82-B(7), 991–997 (1999)
Ding, Y., Horster, P.: Undetectable On-line Password Guessing Attacks. ACM Operating Systems Review 29(4), 77–86 (1995)
Lin, C.-L., Sun, H.-M., Hwang, T.: Three party encrypted key exchange: Attacks and a solution. ACM Operating Systems Review 34(4), 12–20 (2000)
Lin, C.-L., Sun, H.-M., Steiner, M., Hwang, T.: Three-party encrypted key exchange Without Server Public-Keys. IEEE, Communications Letters 5(12), 497–499 (2001)
Gong, L., Lomos, M., Needham, R.: Protecting Poorly Chosen Secrets from Guessing Attacks. IEEE Journal on Selected Areas in Communications 11(5), 648–656 (1993)
Steiner, M., Tsudik, G., Waidner, M.: Refinement and Extension of Encrypted Key Exchange. ACM Operating Systems Review 29(3), 22–30 (1995)
Gong, L.: Optimal Authentication Protocols Resistant to Password Guessing Attacks. In: 8th IEEE Computer Security Foundations Workshop, pp. 24–29 (1995)
Diffie, W., Hellman, M.: New directions in cryptograpy. IEEE Transactions on Information Theory 22(6), 644–654 (1976)
Halevi, S., Krawczyk, H.: Public-key cryptography and password protocols. ACM Transactions on Information and System Security 2(3), 230–268 (1999)
Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated Key Exchange Secure Against Dictionary Attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)
Gennaro, R., Lindell, Y.: A Framework for Password-Based Authenticated Key Exchange. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 524–543. Springer, Heidelberg (2003)
Denning, D., Sacco, G.: Timestamps in key distribution protocols. Communications of the ACM 24(8), 533–536 (1981)
Yacobi, Y.: A key distribution paradox. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 268–273. Springer, Heidelberg (1991)
Cramer, R., Shoup, V.: A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 13–25. Springer, Heidelberg (1998)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Choe, Y., Kim, SJ. (2005). Secure Password Authentication for Keystroke Dynamics. In: Khosla, R., Howlett, R.J., Jain, L.C. (eds) Knowledge-Based Intelligent Information and Engineering Systems. KES 2005. Lecture Notes in Computer Science(), vol 3683. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11553939_46
Download citation
DOI: https://doi.org/10.1007/11553939_46
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-28896-1
Online ISBN: 978-3-540-31990-0
eBook Packages: Computer ScienceComputer Science (R0)