In an earlier post I reflected on 2 main issues: the need to replace identity proxies with real aspects of us, and ways to improve the accuracy of biometric matchers by leveraging a user’s contextual or activity data. So, at long last, it’s finally time to talk tip-of-the-iceberg approaches for better security.
Like many research ventures, this one too begins with a hypothesis: not all authentication activities are created equally (and certainly not when we evaluate how they affect behavioral and cognitive biometric matching).
The Question: How do Operational Environment Factors Impact Accuracy?
Let’s return to our discussion of keystroke matcher performance in Post 2 – Your Access Control System Needs Behavioral Biometrics, and ask just one of many potential questions: how much does the program a user is working in affect the accuracy of a keystroke matcher?
Quite a bit, actually! In a study conducted using the activity data collected by West Point Cadet participants, the reported score accuracy of a keystroke matcher varied greatly depending on program being used at the time of score calculation. For example, on a 0 (impostor user) to 1 (genuine user) scale (with 0.47 being the recommended threshold), the average score for a genuine user while playing World of Warcraft was a paltry 0.15, but averaged 0.77 when the user was writing sticky notes; all other programs used during times of keystroke score calculation ranked in between this very wide range. Noticeably, not accounting for the keystroke matcher’s operational context – in this case, noting the program in use at the time of score calculation – within the overall fusion process results in a higher rate of incorrect, unlikely scores (i.e. a high False Rejection Rate or FRR, for you biometric performance metric aficionados).
The Case Study: Using Environmental Factors to Improve Accuracy
In endeavoring to overcome this impractical False Rejection Rate associated with keystroke activity and create a more user-adaptive system, we first selected two robust fusion methods capable of incorporating non-score parameters into the fusion process: Bayesian fusion and Likelihood Ratio Product (LHR) fusion.
For both fusion methods, we next considered the particular program or application (the “active window”) being used during which data feature is captured and score calculations executed. We classified the various active windows into five rated categories based on performance of the keystroke matcher within each active window type (e.g. 0 for programs associated with low average keystroke authentication scores, such as video games, ranging up to 5 for high average scores, such as those produced in Microsoft Word).
In case of Bayesian fusion, the active window category comprised yet another parameter to include into training. For LHR fusion, instead of previously only one set of genuine/impostor distributions, there were now five – one for each category of the Active Window. For distinction’s sake, we titled these methods “Adaptive Bayesian” and “Adaptive LHR” to reflect the efforts to account for the active window system activity factor.
The Findings: Achieving Higher Accuracy through “Smarter” Fusion is Feasible
When compared to the previous results from Bayesian and LHR, the Adaptive Bayesian and Adaptive LHR performed noticeably better, enough to show that the incorporation of additional, non-score factors into fusion process is worth the effort. Previously, the FRR/FAR (False Accept Rate) average for Bayesian and LHR was 0.14 and 0.37, respectively. Adaptive approaches lowered those inaccuracy rates for Adaptive Bayesian to 0.13 and Adaptive LHR to 0.1.
The Take-Aways: Limitless Avenues toward Better Security?
As a preliminary study, this by no means offers a final word on this topic – Active Window is only one type of system activity affecting a behavioral biometric modality (keystroke). Considering the realm of continuous authentication contexts (think beyond desktop to mobile and wearable platforms…), the number of system activity factors could be limitless, and the number of device-based biometric modalities growing. Another area in which adaptiveness may be refined lies in considering activity ratios. For example, when the system observes a high volume of accurate mouse data, it may wish to lessen the authentication weight given to keystroke data during the same time. The hypothesis here is that a user steadily engaged in mouse activity is busy clicking and navigating versus using the keyboard, and therefore will be generating insufficient data to support an accurate keystroke recognition score.
Hopefully this brief series of posts will inspire readers to think of their own suggestions for what other factors could be throwing off biometric scoring, and how that data can be incorporated to make fusion better, smarter, and more aware of critical user and environmental aspects. The potential solutions may be many, but one thing is for certain: enhancing the fusion process is worth it if you’re looking to achieve higher accuracy authentication. It brings us one step closer to truly assessing who you are rather than what you have or what you know, using the bountiful array of characteristics you effortlessly exhibit every day.