Keystroke dynamics

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

Keystroke dynamics, keystroke biometrics, typing dynamics, and lately typing biometrics, refer to the detailed timing information which describes exactly when each key was pressed and when it was released as a person is typing at a computer keyboard.[1]


The behavioral biometric of Keystroke Dynamics uses the manner and rhythm in which an individual types characters on a keyboard or keypad.[2][3][4] The keystroke rhythms of a user are measured to develop a unique biometric template of the user's typing pattern for future authentication.[5] Keystrokes are separated into static and dynamic typing, which are used to help distinguish between authorized and unauthorized users.[6] Vibration information may be used to create a pattern for future use in both identification and authentication tasks.

Data needed to analyze keystroke dynamics is obtained by keystroke logging. Normally, all that is retained when logging a typing session is the sequence of characters corresponding to the order in which keys were pressed and timing information is discarded. When reading email, the receiver cannot tell from reading the phrase "I saw 3 zebras!" whether:

  • that was typed rapidly or slowly.
  • the sender used the left shift key, the right shift key, or the caps-lock key to make the "i" turn into a capitalized letter "I".
  • the letters were all typed at the same pace, or if there was a long pause before any characters while looking for that key.
  • the sender typed any letters wrong initially and then went back and corrected them, or if they got them right the first time.


On May 24, 1844, the message "What hath God wrought" was sent by telegraph from the U.S. Capitol in Washington, D.C. to the Baltimore and Ohio Railroad "outer depot" in Baltimore, Maryland. This marked the beginning of a new era in long-distance communications. By the 1860s the telegraph revolution was in full swing and telegraph operators were a valuable resource. With experience, each operator developed their unique "signature" and was able to be identified simply by their tapping rhythm.[7]

As late as World War II the military transmitted messages through Morse Code. Using a methodology called "The Fist of the Sender", Military Intelligence identified that an individual had a unique way of keying in a message's "dots" and "dashes", creating a rhythm that could help distinguish ally from enemy.[8][9]

Use as biometric data[edit]

Researchers are interested in using this keystroke dynamic information, which is normally discarded, to verify or even try to determine the identity of the person who is producing those keystrokes. The techniques used to do this vary widely in power and sophistication, and range from statistical techniques to artificial intelligence (AI) approaches like neural networks.

The time to get to and depress a key (seek-time), and the time the key is held-down (hold-time) may be very characteristic for a person, regardless of how fast they are going overall. Most people have specific letters that take them longer to find or get to than their average seek-time over all letters, but which letters those are may vary dramatically but consistently for different people. Right-handed people may be statistically faster in getting to keys they hit with their right hand fingers than they are with their left hand fingers. Index fingers may be characteristically faster than other fingers to a degree that is consistent for a person day-to-day regardless of their overall speed that day.

In addition, sequences of letters may have characteristic properties for a person. In English, the word "the" is very common, and those three letters may be known as a rapid-fire sequence and not as just three meaningless letters hit in that order. Common endings, such as "ing", may be entered far faster than, say, the same letters in reverse order ("gni") to a degree that varies consistently by person. This consistency may hold and may reveal the person's native language's common sequences even when they are writing entirely in a different language, just as revealing as an accent might in spoken English.

Common "errors" may also be quite characteristic of a person, and there is an entire taxonomy of errors, such as this person's most common "substitutions", "reversals", "drop-outs", "double-strikes", "adjacent letter hits", "homonyms", hold-length-errors (for a shift key held down too short or too long a time). Even without knowing what language a person is working in, by looking at the rest of the text and what letters the person goes back and replaces, these errors might be detected. Again, the patterns of errors might be sufficiently different to distinguish two people.

Authentication versus identification[edit]

Keystroke dynamics is part of a larger class of biometrics known as behavioral biometrics; a field in which observed patterns are statistical in nature. Because of this inherent uncertainty, a commonly held belief is that behavioral biometrics are not as reliable as biometrics used for authentication based on physically observable characteristics such as fingerprints or retinal scans or DNA. The reality here is that behavioral biometrics use a confidence measurement instead of the traditional pass/fail measurements. As such, the traditional benchmarks of False Acceptance Rate (FAR) and False Rejection Rates (FRR) no longer have linear relationships.

The benefit to keystroke dynamics (as well as other behavioral biometrics) is that FRR/FAR can be adjusted by changing the acceptance threshold at the individual level. This allows for explicitly defined individual risk mitigation–something physical biometric technologies could never achieve.

One of the major problems that keystroke dynamics runs into is that a person's typing varies substantially during a day and between different days, and may be affected by any number of external factors.

Because of these variations, any system will make false-positive and false-negative errors. Some of the successful commercial products have strategies to handle these issues and have proven effective in large-scale use (thousands of users) in real-world settings and applications.

Legal and regulatory issues[edit]

Use of keylogging software may be in direct and explicit violation of local laws, such as the U.S. Patriot Act, under which such use may constitute wire-tapping. This could have severe penalties including jail time. See spyware for a better description of user-consent issues and various fraud statutes.


  • US patent 9430626, John D. Rome, Bethann G. Rome and Thomas E. Ketcham II, "User authentication via known text input cadence", issued 2012 
  • US patent 7206938, S. Blender and H. Postley, "Key sequence rhythm recognition system and method", issued 2007 
  • US patent 4621334, J. Garcia, "Personal identification apparatus", issued 1986 
  • US patent 4805222, J.R. Young and R.W. Hammon, "Method and apparatus for verifying an individual's identity", issued 1989 
  • P. Nordström, J. Johansson. Security system and method for detecting intrusion in a computerized system. Patent No. 2 069 993, European Patent Office, 2009.
  • US patent 8230232, A. Awad and I. Traore, "System and method for determining a computer user profile from a motion-based input device", issued 2012 

Other uses[edit]

Because keystroke timings are generated by human beings, they are not well correlated with external processes, and are frequently used as a source of hardware-generated random numbers for computer systems.

See also[edit]


  1. ^ Robert Moskovitch , Clint Feher , Arik Messerman , Niklas Kirschnick , Tarik Mustafic , Ahmet Camtepe , Bernhard Löhlein , Ulrich Heister , Sebastian Möller , Lior Rokach , Yuval Elovici (2009). Identity theft, computers and behavioral biometrics (PDF). Proceedings of the IEEE International Conference on Intelligence and Security Informatics. pp. 155–160.CS1 maint: multiple names: authors list (link)
  2. ^ Deng, Y.; Yu, Y. (2013). "Keystroke Dynamics User Authentication Based on Gaussian Mixture Model and Deep Belief Nets". ISRN Signal Processing. 2013: 565183. doi:10.1155/2013/565183.
  3. ^ "User authentication through typing biometrics features" (PDF). Archived from the original (PDF) on 2014-03-04. Retrieved 2013-11-14.
  4. ^ Continuous authentication by analysis of keyboard typing characteristics
  5. ^ A modified algorithm for user identification by his typing on the keyboard
  6. ^ Alzubaidi, Abdulaziz; Kalita, Jugal (2016). "Authentication of Smartphone Users Using Behavioral Biometrics". IEEE Communications Surveys & Tutorials. 18 (3): 1998–2026. arXiv:1911.04104. doi:10.1109/comst.2016.2537748. ISSN 1553-877X. S2CID 8443300.
  7. ^ Monrose, Fabian, and Aviel D. Rubin. "Keystroke dynamics as a biometric for authentication". Future Generation Computer Systems.CS1 maint: multiple names: authors list (link)
  8. ^ "Keystroke Dynamics". Biometrics. Retrieved 2018-01-18.
  9. ^ Haring, Kristen (2007). Ham Radio's Technical Culture. MIT Press. p. 23. ISBN 978-0-262-08355-3.

Other references[edit]

  • Checco, J. (2003). Keystroke Dynamics & Corporate Security. WSTA Ticker Magazine, [1][permanent dead link].
  • Bergadano, F.; Gunetti, D.; Picardi, C. (2002). "User authentication through Keystroke Dynamics". ACM Transactions on Information and System Security. 5 (4): 367–397. doi:10.1145/581271.581272. S2CID 507476.
  • iMagic Software. (vendor web-site [2] May 2006). Notes: Vendor specializing in keystroke authentication for large enterprises.
  • AdmitOne Security - formerly BioPassword. (vendor web-site home [Web Page]. URL [3]. Notes: Vendor specializing in keystroke dynamics
  • Garcia, J. (Inventor). (1986). Personal identification apparatus. (USA 4621334). Notes: US Patent Office - [4]
  • Bender, S and Postley, H. (Inventors) (2007). Key sequence rhythm recognition system and method. (USA 7206938), Notes: US Patent Office - [5]
  • Joyce, R., & Gupta, G. (1990). Identity authorization based on keystroke latencies. Communications of the ACM, 33(2), 168-176. Notes: Review up through 1990
  • Mahar, D.; Napier, R.; Wagner, M.; Laverty, W.; Henderson, R. D.; Hiron, M. (1995). "Optimizing digraph-latency based biometric typist verification systems: inter and intra typist differences in digraph latency distributions". International Journal of Human-Computer Studies. 43 (4): 579–592. doi:10.1006/ijhc.1995.1061. S2CID 206564985.
  • Monrose, Fabian; Rubin, Aviel (1997). Authentication via keystroke dynamics. New York, New York, USA: ACM Press. doi:10.1145/266420.266434. ISBN 0-89791-912-2. much cited
  • Monrose, Fabian; Rubin, Aviel D. (2000). "Keystroke dynamics as a biometric for authentication" (PDF). Future Generation Computer Systems. Elsevier BV. 16 (4): 351–359X. doi:10.1016/s0167-739x(99)00059-x. ISSN 0167-739X.
  • Monrose, F. R. M. K., & Wetzel, S. (1999). Password hardening based on keystroke dynamics. Proceedings of the 6th ACM Conference on Computer and Communications Security, 73-82. Notes: Kent Ridge Digital Labs, Singapore
  • Robinson, J.A.; Liang, V.W.; Chambers, J.A.M.; MacKenzie, C.L. (1998). "Computer user verification using login string keystroke dynamics". IEEE Transactions on Systems, Man, and Cybernetics - Part A: Systems and Humans. Institute of Electrical and Electronics Engineers (IEEE). 28 (2): 236–241. doi:10.1109/3468.661150. ISSN 1083-4427. The keystroke dynamics of a computer user's login string provide a characteristic pattern that can be used for identity verification. Timing vectors for several hundred login attempts were collected for ten "valid" users and ten "forgers", and classification analysis was applied to discriminate between them. Three different classifiers were applied, and in each case the key hold times were more effective features for discrimination than the interkey times. Best performance was achieved by an inductive learning classifier using both interkey and hold times. A high rate of typographical errors during login entry is reported. In practice, these are usually corrected errors-that is, they are strings which include backspaces to correct earlier errors-but their presence confounds the use of typing-style analysis as a practical means of securing access to computer systems.
  • Young, J. R., & Hammon, R. W. (Inventors). (1989). Method and apparatus for verifying an individual's identity. 4805222). Notes: US Patent Office - [6]
  • Vertical Company LTD. (vendor web-site [7] October 2006). Notes: Vendor specializing in keystroke authentication solutions for government and commercial agencies.
  • Lopatka, M. & Peetz, M.H. (2009). Vibration Sensitive Keystroke Analysis. Proceedings of the 18th Annual Belgian-Dutch Conference on Machine Learning, 75-80.[8]
  • Coalfire Systems Compliance Validation Assessment (2007)
  • Karnan, M.Akila (2011). "Biometric personal authentication using keystroke dynamics: A review". Applied Soft Computing Journal. 11 (2): 1565–1573. doi:10.1016/j.asoc.2010.08.003.
  • Jenkins, Jeffrey; Nguyen, Quang; Reynolds, Joseph; Horner, William; Szu, Harold (2011-05-13). Szu, Harold (ed.). The physiology of keystroke dynamics. SPIE. doi:10.1117/12.887419.

Further reading[edit]