rikonor/keysig

Extract useful statistics from keyboard events, generate unique signatures and detect intruders.

KeySig

Extract useful statistics from keyboard events, generate unique signatures and detect intruders.
See also: Keylogger.

Goals

• Extract metrics from keystroke data.
• Generate a verifiable signature from the metrics.
• Create a mechanism to authenticate a user based on a previous signature.

Metrics

• Duration of key press [durationOfPress]
• Duration of key transition [timeToNext]
• Distribution of keys [keyDistribution]
• Length of line [Not implemented]
• Spelling mistakes [Not implemented]

Initial Results

Evolution of a timeToNext-based signature over the course of 3 hours. Frames were taken every 3 minutes. No filtering was done at this point.

The shade of gray represents the transition duration relative to the others. Black squares indicate either a very fast transition time relative to the other transitions or one that hasn't been encountered yet.

Evolution of a durationOfPress-based signature showing average keypress times.

Simple durationOfPress chart showing average values.

timeToNext-based signatures from two runs of typing the same text (random wikipedia article).

Run 1

Run 2

References

• https://github.com/MarinX/keylogger
• https://github.com/caseyscarborough/keylogger
• http://osxbook.com/book/bonus/chapter2/alterkeys/
• https://github.com/montanaflynn/stats
• http://www.cs.cmu.edu/~keystroke/
• http://www1.cs.columbia.edu/~hgs/teaching/security/hw/keystroke.pdf
• https://www.keytrac.net