1 / 22

Biometric Products

Biometric Products. Michael Isola John Granger, Wojciech Hojdysz, Arthur Gadayev. KEYLOGGER. Evaluate several keylogger applications so as to record all keystrokes on a machine on which it is installed.

maisie-joseph
Télécharger la présentation

Biometric Products

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Biometric Products Michael Isola John Granger, Wojciech Hojdysz, Arthur Gadayev

  2. KEYLOGGER Evaluate several keylogger applications so as to record all keystrokes on a machine on which it is installed. Test keylogger output by converting the keylogger output into the raw-data input format of the Pace University Keystroke Biometric System. Once the format of the keylogger output is converted, obtain system performance on users by running the converted format data through Pace University Keystroke Biometric System. Project Description

  3. KEYLOGGER Method of Communication Primary method of communication consists of e-mail. E-mail is used due to the feasibility of communication and the ability to preserve conversations. Team website is used to communicate project status updates to team customers.

  4. KEYLOGGER Addressing Requirement Changes Evaluate existing keylogger applications for additional functionality if requirement specifies. If requirement change is outside the current functionality of existing applications, seek and evaluate other applications for specified functionality.

  5. KEYLOGGER Keylogger Applications Evaluated

  6. KEYLOGGER Analyses Completed Common output format across all 7 keyloggers used is .HTML format Several other formats are also available. They range from .CSV to .PDF While all output can be converted to PKS format, no biometric way to distinguish between users. New requirement was added.

  7. KEYLOGGER Analyses Completed Continued New functionality required from software: Keystroke Dynamics Keystroke Dynamics include: • Overall typing speed. • Variations of speed moving between specific keys. • Common errors. • The length of time that keys are depressed.

  8. KEYLOGGER Application Description Basic Key Logger is a standalone key logger which has the ability to capture keyboard and mouse inputs from any application running in parallel. Basic Key Logger also has the ability to record the detailed timing information that describes exactly when each key was pressed and when it was released as a person is typing at a computer keyboard. Key Logger records types of operations, keys that are automatically generated, dates, timestamps, durations, overlap, and duration of quiet periods.

  9. KEYLOGGER Key Log Data Gathering Basic Key logger generates two logs (Key Logs, KPC Logs) once monitoring is stopped. Five individuals were given the task to write ten, one hundred word arbitrary paragraphs. The result was 50 Key Logs and 50 KPC logs either one can be used for training and testing. The difference between Key Logs and KPC logs is what each log file records. KPC Logs only log keystrokes. Key Logs in addition to logging keystroke, also log mouse movement and mouse button press and release timings. Gathered logs are available on the Team 3 project website for download and analysis.

  10. KEYLOGGER Example of a KPC Log

  11. KEYLOGGER Example of a Key Log

  12. KEYLOGGER If the key is visible (it writes something when you use it in a text editor), the key logger log will contain a non-null ASCII code and the key of the corresponding key pressed. For invisible keys (arrows, tabs), the key is a string, e.g., “LSHIFT”. Keys may also be prefixed. The prefix “ALT+” is added if some ALT key is currently press, and “CTRL+” is added if some Control key is pressed. The prefix “SHIFT+” is added only if the key is not a letter (and some SHIFT key is currently pressed). For instance, the “!” character would result in a “SHIFT+1” to be logged. “SHIFT+a” will not be logged, instead the character “A” will be logged. Log Keystroke Attributes

  13. VOICE Develop procedure for security testing & demonstration by comparing several test subjects for similarity matrix Use test phrase “My name is…” for all test subjects and “I am a Pace University student” Must use same phrase since product does not allow manipulation of wav file False Acceptance Rate (FAR)-false positives False Rejection Rate (FRR)-false negatives FAR & FRR to be used to grade VoiceCipher biometric Create a file for each test subject to encode with their voice key for testing Methodology:

  14. VOICE VoiceCipher:

  15. VOICE PC/Laptop with microphone attachment Windows XP, Windows 2000,Windows Vista, Windows 7 Microphone Downloadable trials from Voicelatch System Environment:

  16. VOICE 10 test subjects selected-5 male,5 female 2 unrecognizable by software (women's’ voices), decided to increase male test subject to 6 for a total of 9 test subjects Each test subject repeated “My name is…” and “I am a Pace University student” 3 times for training system Training and Recognition:

  17. VOICE Each test subject encoded/secured a document file using their voice biometric Each test subject then tried to decode their encoded/secured file with their own voice Each test subject then tried to decode other test subjects encoded/secured file Test subjects(9 total) decoding own files – ‘My name is’ phrase- 4 failures,5 successful for a False Rejection Rate 44% ‘I am a Pace University student’ – 2 failures,7 successful for a False Rejection rate 22% Each test subject decoding all other test subjects encoded files – ‘My name is’ - 16 times accessed of 72 attempts .. False Acceptance Rate 22% ‘I am a Pace University student’ – 10 times accessed of 72 attempts..False Acceptance Rate 14% Test Results:

  18. VOICE ‘My name is’ phrase Test Results: VoiceCipher Success/Failure Rate

  19. VOICE ‘I am a Pace University student’ phrase Test Results: VoiceCipher Success/Failure Rate

  20. VOICE The tests were repeatable as was proven with ‘My name is’ phrase from first half of semester with same results. Although the software product allowed for a shorter phrase to be used it is more accurate with a longer phrase creating more voice vectors. Future study - Attempt to decode the encoded files using telephone/cassette record voices Try multiple attempts decoding other subjects’ files for a larger pool instead of just one attempt Conclusion – Follow-Up:

  21. VOICE Provides additional security for online identification/authentication Law enforcement to confirm identity (e.g. policing a parole, sex offender, remote monitor alcohol testing for DUI felons and border patrol Accuracy is a challenge for voice biometrics due to high error rates (e.g. change in a person’s voice due to illness or mood) Voice Biometric Applications:

  22. Questions ?

More Related