Multimodal mobile keystroke dynamics biometrics combining fixed and variable passwords

Recent works have demonstrated the possibility to craft successful statistical attacks against keystroke dynamic biometric password. Those attacks leverage the possibility to capture several keystroke dynamics samples for a given password string, and then extract and use their distributional properties to craft the attack. These approaches are by design more likely to be successful when launched against fixed passwords, as several samples of the passwords can be captured through successive login sessions. Although the dynamics obtained from specific keys or key sequences for consecutive passwords slightly vary, by definition the distributional properties remain fairly stable for the same user. One way to thwart such that attack to use a variable password, also know as one‐time password (OTP). However, the fact that the keystroke dynamic OTP is different from one session to the other, makes it extremely difficult to reconstruct a valid biometric profile for a user. Modeling accurate keystroke dynamic OTP is challenging, due to the underlying variability and the sparse amount of information involved. We tackle the aformentioned challenge by presenting, in this paper, by presenting a multimodal approach tat combines fixed and variable keystroke dynamic biometric passwords. We investigate two different fusion models and evaluate our approach using a data set involving 100 different users, yielding encouraging performance results in terms of accuracy and resistance against statistical attacks.