A Generic Privacy-Preserving Protocol For Keystroke Dynamics-Based Continuous Authentication

TL;DR

This paper introduces a generic privacy-preserving protocol for keystroke dynamics-based continuous authentication, enabling secure user verification without revealing sensitive biometric features to the server.

Contribution

It proposes a novel homomorphic cryptography-based scheme that encrypts user features, ensuring privacy during continuous authentication.

Findings

Authentication conducted on encrypted data maintains privacy.

The scheme is compatible with various homomorphic cryptographic primitives.

It enhances privacy without compromising authentication accuracy.

Abstract

Continuous authentication utilizes automatic recognition of certain user features for seamless and passive authentication without requiring user attention. Such features can be divided into categories of physiological biometrics and behavioral biometrics. Keystroke dynamics is proposed for behavioral biometrics-oriented authentication by recognizing users by means of their typing patterns. However, it has been pointed out that continuous authentication using physiological biometrics and behavior biometrics incur privacy risks, revealing personal characteristics and activities. In this paper, we consider a previously proposed keystroke dynamics-based authentication scheme that has no privacy-preserving properties. In this regard, we propose a generic privacy-preserving version of this authentication scheme in which all user features are encrypted -- preventing disclosure of those to the authentication server. Our scheme is generic in the sense that it assumes homomorphic cryptographic primitives. Authentication is conducted on the basis of encrypted data due to the homomorphic cryptographic properties of our protocol.