Abstract
Keystroke dynamics and mouse movements are effective behavioral biometric modalities for active authentication. However, very little is done on the privacy of collection and transmission of keyboard and mouse data. In this paper, we develop a rule based data sanitization scheme to detect and remove personally identifiable and other sensitive information from the collected data set. Preliminary experiments show that our scheme incurs on average 5.69 % false negative error rate and 0.64 % false positive error rate. We also develop a data transmission scheme using the Extensible Messaging and Presence Protocol (XMPP) to guarantee privacy during transmission. Using these two schemes as a basis, we develop two distinct architectures for providing secure and privacy preserving data processing support for active authentication. These architectures provide flexibility of use depending upon the application environment.
Similar content being viewed by others
References
Ahmed, A., & Traore, I. (2005). Anomaly Intrusion Detection based on Biometrics. In Proceedings of the 2005 I.E. Workshop on Information Assurance. West Point.
Ahmed, W., & Athreya, J. (2013). Data Masking Best Practices. An Oracle White Paper (June 2013).
Bergadano, F., Gunetti, D., & Picardi, C. (2002). User authentication through keystroke dynamics. ACM Transactions on Information and System Security, 5, 367–397.
Garg, A., Rahalkar, R., Upadhyaya, S., & Kwiat, K. (2006). Profiling Users in GUI Based Systems for Masquerade Detection. In Proceedings of 7th Annual IEEE Information Assurance Workshop (IAW 2006). United States Military Academy, West Point.
Goecks, J., & Shavlik, J. (1999). Automatically Labeling Web Pages Based on Normal User Actions. In IJCAI Workshop on Machine Learning for Information Filtering. Stockholm.
Gunetti, D., & Picardi, C. (2005). Keystroke analysis of free text. ACM Transactions on Information and System Security (ACM TISSEC), 8(3), 312–347.
Gupta, A., Asthana, A., & Gupta, N. (2008). Masquerade Detection using Typing Pattern. In Proceedings of 2nd National Conference on Challenges and Opportunities in Information Technology (COIT-2008). Mandi Gobindgarh.
Jabber Inc. (1998). Jabber.org.
Johansson, L. (2005). XMPP as MOM. Greater NOrdic Middleware Symposium (GNOMIS). Oslo: University of Stockholm.
Leggett, J., Williams, G., Usnick, M., & Longnecker, M. (1991). Dynamic identity verification via keystroke characteristics. International Journal of Man-Machine Studies, 35.6(1991), 859–870.
Monrose, F., & Rubin, A. (1997). Authentication via Keystroke Dynamics. In ACM Conference on Computer and Communications Security. Zurich, pages 48–56.
Pusara, M., & Brodley, C. E. (2004). User re-authentication via mouse movements. In VizSEC/DMSEC’04: Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security. Washington DC, pages 1–8.
Radhakrishnan, R., Kharrazi, M., & Memon, N. (2005). Data masking: a new approach for steganography? The Journal of VLSI Signal Processing, 41(3), 293–303.
Ravikumar, G. K., Manjunath, T. N., Ravindra, S., & Umesh, I. M. (2011). A survey on recent trends, process and development in data masking for testing. IJCSI, 534.
Shavlik, J., Shavlik, M., & Fahland, M. (2001). Evaluating Software Sensors for Actively Profiling Windows 2000 Computer Users. In Fourth International Symposium on Recent Advances in Intrusion Detection. Davis.
Acknowledgments
This research is supported in part by NSF Grant No. CNS: 1314803. Usual disclaimers apply. A preliminary version of this paper was presented at the 6th Secure Knowledge Management Conference at Dubai, UAE in December 2014.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Sun, Y., Upadhyaya, S. Secure and privacy preserving data processing support for active authentication. Inf Syst Front 17, 1007–1015 (2015). https://doi.org/10.1007/s10796-015-9587-9
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10796-015-9587-9