Re-evaluating Keystroke Dynamics for Continuous Authentication

Abstract

Today we use smartphones for banking, shopping, and monitoring our health. These applications store sensitive data in the smartphone, making reliable authentication a crucial element in mobile devices. However, current mobile authentication systems such as pin codes, passwords, pattern locks, fingerprints, and face IDs have security vulnerabilities as they are one-time authentication systems. In contrast, behavioural biometric-based Continuous Authentication (CA) focuses on continuously authenticating the user while using the device. Among behavioural biometrics, keystroke dynamics is an efficient and well-researched behavioural biometric. Keystrokes dynamics refers to the unique typing patterns of the user. However, despite many frameworks proposed for mobile CA using keystroke dynamics, they are only evaluated for their discriminative power using traditional metrics such as Equal Error Rate. However, these evaluations are unable to capture temporal performance. Hence, in this work, we evaluate the state-of-the-art keystroke dynamics systems using continuous evaluation metrics. Our analysis indicates that these systems perform differently with traditional and continuous evaluation metrics, stressing the importance of evaluating CA systems using traditional and continuous evaluation metrics for a holistic assessment. Further, our analysis highlights how different models perform differently when evaluated with CA evaluation metrics highlighting the need to carefully select appropriate evaluation schemes based on the requirements such as security and usability.