Impact of Network and Host Characteristics on the Keystroke Pattern in Remote Desktop Sessions

TL;DR

This study examines how network latency and host interactions influence keystroke timing patterns in remote desktop sessions, revealing that network impairments can significantly affect keystroke-based biometric authentication effectiveness.

Contribution

It provides empirical analysis of network and host effects on keystroke biometrics in remote desktop scenarios, highlighting challenges for continuous authentication.

Findings

Network congestion impacts keystroke timing variations.

Additional remote interactions increase Euclidean distance in keystroke profiles.

Remote desktop traffic is not prioritized, affecting authentication reliability.

Abstract

Authentication based on keystroke dynamics is a convenient biometric approach, easy in use, transparent, and cheap as it does not require a dedicated sensor. Keystroke authentication, as part of multi factor authentication, can be used in remote display access to guarantee the security of use of remote connectivity systems during the access control phase or throughout the session. This paper investigates how network conditions and additional host interaction may impact the behavioural pattern of keystrokes when used in a remote desktop application scenario. We focus on the timing of adjacent keys and investigate this impact by calculating the variations of the Euclidean distance between a reference profile and resulting profiles following such impairments. The experimental results indicate that variations of congestion latency, whether produced by adjacent traffic sources or by additional remote desktop interactions, have a substantive impact on the Euclidian distance, which in turn may affect the effectiveness of the biometric authentication algorithm. Results also indicate that data flows within remote desktop protocol are not prioritized and therefore additional traffic will have a significant impact on the keystroke timings, which renders continuous authentication less effective for remote access and more appropriate for one-time login.