Keystroke Forensics - Fingerprints in the CyberWorld

This research asks, "What is the cyber-equivalent of a fingerprint -- that staple of forensic investigation in the physical world?" If one is able to identify users forensically by their "fingerprints" in cyberspace, what would correspond to the familiar loops, whorls and minutiae of physical evidence? It is hypothesized that just as a person may be identified by his handwriting, or by his manner of expression in prose, so may a person be identified by his typing style -- the particular rhythm of a user's keystrokes.

The approach being investigated is keystroke dynamics, the use of precise keystroke timings as a mechanism for building unique user profiles for differentiating among users. Goals of the work are to determine whether keystrokes can be used to identify/authenticate users in two-factor and continuous (re)authentication protocols, whether user keystroke patterns can be used to thwart insider attacks, and whether keystroke habits are sufficiently distinct to show who issued a command or typed a document. The work will develop the science, methodologies and techniques to answer such questions.

The results of the project are expected to provide a basis for substantial increases in on-line security in applications such as web-based financial transactions, two-factor authentication in various domains, and questioned-document forensics. The involvement of students, minorities, jurists and lay people in the scientific process will raise community awareness regarding computer forensic techniques, and will provide a foundation for rigorous experimental science.

This material is based upon work supported by the National Science Foundation under Grant No. CNS-0716677. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.