Password Hardening Based on Keystroke Dynamics
Summary:
Textual passwords have been the primary means of authenticating users to computers since the introduction of access controls in computer systems. Passwords remain the dominant user authentication technology today,
despite the fact that they have been shown to be a fairly weak mechanism for authenticating users. Studies have shown that users tend to choose passwords that can be broken by an exhaustive search of a relatively
small subset of all possible passwords. In one case study of 14 000 Unix?passwords, almost 25% of the passwords were found by searching for words from a carefully formed “dictionary” of only 3×106 words [15] (see also [9, 26,33, 34]). This high success rate is not unusual despite the
fact that there are roughly 2×1014 eight-character passwords consisting of digits and upper- and lower-case letters alone. In this paper, we propose a technique for improving the security of password-based applications by incorporating biometric information into the password. Specifically, our technique generates a hardened password based on both the password characters and the user’s typing patterns when typing the password. This hardened password can be tested for login purposes or used as a cryptographic key for file encryption, virtual private network access, etc. The primary attacker we consider is one who obtains all stored system information for password verification (the analog of the /etc/passwd file in a typical Unix?environment). We show that this attacker faces a convincingly more difficult task to exhaustively search for the hardened password than in a traditional password scheme.
Format:
Pages : 15
Size: 410 kb
Author: Fabian Monrose, Michael K. Reiter, SusanneWetzel