Securing Graphical Authentication Using Keystroke Dynamics

Abstract

Account recovery is a critical aspect of web application security, often overlooked despite its importance. Traditional account recovery methods, such as sending a password reset link or a new username to the user’s registered email, are vulnerable to impostors who may have access to the user’s email and other credentials. This vulnerability makes account recovery a potential weak point in the overall security of a web application. Recent applications of behavioral biometrics, such as keystroke dynamics, for attack detection and user authentication bear similarities to biometric authentication. Adding keystroke dynamics analysis to the account recovery process significantly increases the difficulty for an impostor to successfully recover and take over a user’s account. To enhance user authentication effectiveness and raise account recovery requirements through keystroke dynamics, this study adds one additional measure of keystroke patterns to the already-existing features. Compared to other access control systems based on biometric features like face or fingerprint, keystroke analysis has attained a respectable level of accuracy. In this aim, this study uses experimental data and statistical analysis to show how the unique keystroke measure provided may be utilized in conjunction with the current authentication mechanism to greatly improve the authentication and security of sensitive applications. It may be beneficial to recognize the intruders and expel them from the system as long as this job can accommodate their typing rhythm. In this study, generative adversarial networks (GAN) are utilized to generate keyboard dynamics data with a focus on impersonating a user at the identification step in both fixed text and fixed sentence contexts. Three distinct architectures have been devised, implemented, and validated with the aid of machine learning and deep learning: vanilla-GAN based on simple neural networks NN, LSTM-GAN based on recurrent neural networks using long short-term memories (LSTM), CNN-GAN based on convolutional neural networks. The developed Conditional Generative Adversarial Networks have shown that these architectures can successfully replicate a user’s keystroke dynamics by learning about the user’s typing style and generating keyboard dynamics data using different GANs with different architectural styles. Findings show that keystroke dynamics patterns can be efficiently produced by the GAN and utilized to trick keystroke authentication systems.