Study of BioPassword Parameters

Purpose:


The purpose of this study was to explore and understand the adjustable parameters in the BioPassword security software. BioPassword is a software application that grants authentication based on the correctness of user password and the repetition of the user's typing rhythm. In particular, this experiment examined the effects of 3 adjustable parameters on the first-time false rejection rate of the authentication process. The first-time false rejection rate was calculated by:

(Number of false rejections in first attempt to logon)/(Total Number of first attempts to logon) x 100%

The 3 adjustable parameters were:

  1. T: The number of keystroke templates created during enrollment. This parameter has a default of 15 and a range of 10 to 20. The purpose of this parameter is to control the recording and extraction of the natural typing rhythm of a user in the enrollment process and create a keystroke template to be compared against in future authentication.

  2. S: The similarity of templates for successful merging. This parameter has a default of 3 and a range of 1 to 10. The purpose of this parameter is to adjust the tolerable differences between each keystroke template created during enrollment, since it is impossible to type in a phrase in exactly the rhythm every time. As the number increases, the software becomes increasingly intolerant toward the slight variations in the user's typing rhythm. During the enrollment process, if the rhythm is judged to be varied too much from previous templates, then that particular set of data would not be accepted and additional enrollment typing would be required.

  3. SA: The security level for authentication. This parameter has a default of and a range of 1 to 10. This parameter sets the tolerance for the difference between the master template created during enrollment and the typing rhythm provided by the user at login. The higher the number, the the higher the similarity required between the two sets of rhythmic data in order to be granted access to the computer.

Hypotheses

  1. The higher the number of keystroke templates, the higher the accuracy of the typing rhythm capture, and thus the lower the first-time false rejection rate.

  2. The lower the value of template merge similarity, the higher the tolerance for different typing rhythm variations, and thus the lower the first-time false rejection rate.

  3. The lower the value of security level for authentication, the lower the threshold for matching between the enrolled template and the actual keystroke dynamic presented by the user, and thus the lower the first-time false rejection rate.

Procedure:

The first step was to install the BioPassword software. (Please refer to the BioPassword heuristic analysis for details.) Then a new account was created using the standard default parameter values of: T=15, S= 3. Ten login attempts were then made for each possible value of the SA parameter (1-10), making for 100 login trials for this parameter combination. Changes where then made to the S parameter (from 3 to 10) and the 100 login trials were repeated. After adjusting S back to default, changes where made to the T parameter (from 15 to 20) and the 100 login trials were repeated. Last, both T and S are change, and another 100 login trials were performed for each SA parameter.

Results & Discussion:

Default Parameters

The first trials were conducted with the default parameters of T = 15 and S = 3, and the results are shown in the figure below. It can be seen that the number of false rejections increased as the SA parameter increased. There is also evidence of an apparent discontinuity of the increasing trend at SA = 4, and another smaller discontinuity at SA = 6.

These results confirm the hypothesis that increasing the SA parameter will lead to higher false rejection rates. However, the relationship between SA and the first-time false rejection rate is not linear, and it is not clear why the rejection rate rises at parameter levels of 4 and 6.

Effects of Increasing Similarity: Parameter S

The results from the 100 login attempts when the similarity parameter S was changed from the default value of 3 to a value of 10 are shown in the figure below. It can be seen that there is a shifting effect to the curve created as SA increases. Now the increase in the first-time false rejection rate does not occur until the SA parameter reaches a value of 6 (compared to 4 with the default parameter values).

These results are contrary to the hypothses that increasing the similarity required during enrollment would result in a stricter master template and thus a higher false-rejection rate during login attempts. Instead, increase the similarity parameter resulted in lower first-time false rejection rates, although the pattern was not entirely consistent across all values of SA.

Effects of Increasing Number of Templates: Parameter T

The results when the number of templates (Parameter T) was changed from the default value of 15 to a value of 20 are shown in the figure below. It can be seen that the increase in the number of templates appears to have had a sporadic effect on the false rejection rates, increasing some values and decreasing others.

There does seem to be some postive effect of increasing the number of templates captured during enrollment, so the hypothesis is supported, but the results are inconsistent.

Effects of Increasing Parameters T and S

Finally, the results when both the T and S parameters were increased can be seen in the figure below. When T is increased from 15 to 20, and S is increased from 3 to 10, it is clear that there is a shift of the boundary that defines a low first-time false rejection rate region (SA 1 to 5) and ahigh first-time false rejection rate region (SA > 5). The increase in the two parameters has caused the low false rejection rate region to expand. It is also noteworthy that the first-time false rejection rate had dimished in the middle regions of the SA parameter (5 to 7).

It seems that by adjusting the two parameters, the first-time false rejection rate can be lowered, but how each parameter has contributed is still not clear.

Conclusions

Overall, it seems that by increasing the number of enrollment templates and the similarity threshold, users can adopt a higher security level at login without suffering too many first-time false rejections, and thus they may be able to increase the security of the system. A complete analysis that included not only the false rejection rates but also the false acceptance rates would have to be conducted to determine all the effects of the parameters.

It is not clear if the vender intends the users to adjust these parameters, but more guidance would be useful for increasing the usability of the product.

Biometrics Trailer

This page is part of a project on the Usability and Acceptability of Biometric Security Devices.