Abstract Textual passwords are still widely used as an authentication mechanism. This paper addresses the problem of textual password hardening and proposes a mechanism to make textual passwords harder to be used by unauthorized persons. The mechanism introduces time gaps between keystrokes (latency times) that would add a second protection line to the password. Latency times are converted into discrete representation (symbols) where the sequence of these symbols is added to the password. For accessing system, an authorized person needs to type his/her password with a certain rhythm. This rhythm is recorded at the sign-up time.This work is an extension to a previous work that elaborates more on the local approach of discretizing time gaps between every two consecutive keystrokes. In addition, more experimental settings and results are provided and analyzed. The local approach considers the keying pattern of each user to discretize latency times. The average, median and min-max are tested thoroughly.Two experimental settings are considered here: laboratory and real-world. The lab setting includes students studying information technology while the other group are not. On the other hand, information technology professional individuals participated in the real-world experiment. The results recommend using the local threshold approach over the global one. In addition, the average method performs better than the other methods. Finally, the experimental results of the real-world setting support using the proposed password hardening mechanism.

References

[1] Al-Rahmani A., “An Enhanced Classifier for Authentication in Keystroke Dynamics Using Experimental Data,” PhD Thesis, Middle East University, 2014.

[2] Alsulaiman F. and El Saddik A., “Three- Dimensional Password forMore Secure Authentication,” IEEE Transactions on Instrumentation and Measurement, vol. 57, no. 9, pp. 1929-1938, 2008.

[3] Bergadano F., Gunetti D., and Picardi C., “Identity Verification through Dynamic Keystroke Analysis,” Intelligent Data Analysis, vol. 7, no. 5, pp. 469-496, 2003.

[4] Bonissi A., Labati R., Perico L., Sassi R., Scotti F., and Sparagino L.,“A Preliminary Study on Continuous Authentication Methods for Photo Plethysmographic Biometrics,” in Proceedings of IEEE Workshop on Biometric Measurements and Systems for Security and Medical Applications (BIOMS), pp. 28-33, 2013.

[5] Chang T., Peng C., Tsai C., Chen Y., and Cheng P., “Personalized Rhythm Click Based Authentication System Improvement using a Statistical Classifier,” in Proceedings of 2nd International Conference on Information Communication and Management, pp. 39- 43,2012.

[6] Cho S., Han C., Han D., and Kim H., “Web- Based Keystroke Dynamics Identity Verification Using Neural Network,” Journal of Organizational Computing and Electronic Commerce, vol. 10, no. 4, pp. 295-307, 2000.

[7] Cho S. and Hwang S., “Artificial Rhythms and Cues for Keystroke Dynamics Based Authentication,” in Proceedings of the International Conference on Advances in Biometrics, Hong Kong, pp. 626-632, 2006.

[8] Conklin A., Dietrich G., and Walz D., “Password-Based Authentication: A System Perspective,” in Proceedings of the 37th Annual Hawaii International Conference on System Sciences, Big Island, pp. 1-10, 2004.

[9] Dasgupta D., Roy A., and Nag A., Advances in User Authentication, Springer International Publishing Cham, 2017.

[10] De Angeli A., Coventry L., Johnson G., and Renaud K., “Is a Picture Really Worth A Thousand Words? Exploring the Feasibility of Graphicalauthentication Systems,” International Journal of Human Computer Studies, vol. 63, no. 1-2, pp. 128-152, 2005.

[11] De Magalhaes S., Revett K., and Santos H., “Password Secured Sites-Stepping Forward with Keystroke Dynamics,” in Proceedings of International Conference on Next Generation A New Approach for Textual Password Hardening Using Keystroke Latency Times 345 Web Services Practices (NWeSP’05), Seoul, South Korea, pp. 6, 2005.

[12] Fayyadh B., Mansour K., and Mahmoud K., “New Pass Word Authentication Mechanism Using 2d Shapes,” in Proceedings of 8th International Conference on Computer Science and Information Technology, pp. 113-118, 2018.

[13] Fazal K. and Syed A., “Blockchain Authentication Mechanism For Securing Internet of Things,” Pakistan Journal of Engineering and Technology, vol. 3, no. 2, pp. 51-58, 2020.

[14] Fed Trade Commission. Identity Theft, https://www.ftc.gov/news-events/media- resources/identity-theft, Last Visited, 2019.

[15] Florˆencio D., Herley C., and Oorschot P., “An Administrators Guide to Internet Password Research,” in Proceedings of 28th Large Installation System Administration Conference, Seattle, pp. 35-52, 2014.

[16] Guo Y., Zhang Z., and Guo Y., “Optiwords: A New Password Policy for Creating Memorable And Strong Passwords,” Computers and Security, vol. 85, pp. 423-435, 2019.

[17] Haider S., Abbas A., and Zaidi A., “A Multi- Technique Approach for User Identification Through Keystroke Dynamics,” in Proceedings of IEEE International Conference on Systems, Man, and Cybernetics, Nashville, pp.1336-1341, 2000.

[18] Hu J., Gingrich D., and Sentosa A., “A K-Nearest Neighbor Approach for User Authentication Through Biometric Keystroke Dynamics,” in Proceedings of IEEE International Conference on Communications, Beijing, pp. 1556-1560, 2008.

[19] Jadhao P. and Dole L., “Survey on Authentication Password Techniques,” International Journal of Soft Computing and Engineering, vol. 3, no. 2, pp. 67-68, 2013.

[20] Jain A. and Nandakumar K., “Biometric Authentication: System security and User Privacy,” Computer, vol. 45, no. 11, pp. 87-92, 2012.

[21] Janakiraman R. and Sim T., “Keystroke Dynamics in A General Setting,” in Proceedings of International Conference on Biometrics, Seoul, pp. 584-593, 2007.

[22] Janik L., Chuda D., and Burda K., “Sgfa: A Two- Factor Smartphone Authentication Mechanism Using Touch Behavioral Biometrics,” in Proceedings of the 21st International Conference on Computer Systems and Technologies, New York, pp. 35-42, 2020.

[23] Kang P. and Cho S., “Keystroke Dynamics- Based User Authentication using Long and Free Text Strings from Various Input Devices,” Information Sciences, vol. 308, pp. 72-93, 2015.

[24] Kim J., Kim H., and Kang P., “Keystroke Dynamics-Based User Authentication Using Freely Typed Text Based on User-Adaptive Feature Extraction and Novelty Detection,” Applied Soft Computing, vol. 62, pp. 1077-1087, 2018.

[25] Klein D., “Foiling the Cracker: A Survey of, and Improvements to, Password Security,” in Proceedings of the 2nd USENIX Security Workshop, pp. 5-14, 1990.

[26] Lashkari A., Farmand S., Zakaria O., and Saleh R., “Shoulder Surfing Attack in Graphical Password Authentication,” International Journal of Computer Science and Information Security, vol. 6, no. 2, pp. 145-154, 2009.

[27] Lau S. and Maxion R., “Clusters and Markers for Keystroke Typing Rhythms,” LASER, pp. 1-10, 2014.

[28] Liebers J. and Schneegass S., “Introducing Functional Biometrics: Using body-Reflections as A Novel Class of Biometric Authentication Systems,” in Proceedings of Extended Abstracts of the CHI Conference on Human Factors in Computing Systems, New York, pp. 1-7, 2020.

[29] Mahmoud K., “Elastic Password: A New Mechanism for Strengthening passwords Using Time Delays between Keystrokes,” in Proceedings of the 8th International Conference on Information and Communication Systems, Irbid, 2017.

[30] Mahmoud K., Mansour K., and Makableh A., “Detecting Password File Theft using Predefined Time-Delays between Certain Password Characters,” Journal of Telecommunications and Information Technology, vol. 4, no. 4, pp. 101- 108,

[31] Mansour K., “A New Mechanism for Textual Password Hardening Using Adopted Typing Rhythm,” in Proceedings of the 2nd International Conference on Future Networks and Distributed Systems,” New York, pp. 1-8, 2018.

[32] Maxion R. and Killourhy K., “Keystroke Biometrics with Number Pad Input,” in Proceedings of the International Conference on Dependable Systems and Networks, Chicago, pp. 201-210, 2010.

[33] Mehmood R. and Selwal A., “Polynomial Based Fuzzy Vault Technique for Template Security in Fingerprint Biometrics,” The International Arab Journal of Information Technology, vol. 17, no. 6, pp. 926-934, 2020.

[34] Monrose F., Reiter M., and Wetzel S., “Password Hardening Based on keystroke Dynamics,” in International Journal of Information Security, vol. 1, pp. 69-83, 2002.

[35] Morales A., Falanga M., Fierrez J., Sansone C., and Ortega-Garcia J., “Keystroke Dynamics Recognition based on Personal Data: A 346 The International Arab Journal of Information Technology, Vol. 18, No. 3, May 2021 Comparative Experimental Evaluation Implementing Reproducible Research,” in Proceedings of IEEE 7th International Conference on Biometrics: Theory, Applications and Systems, Arlington, pp. 1-6, 2015.

[36] Nandy T., Idris M., Noor R., Kiah L., Lun L., Jumaat N., Ahmedy I., Ghani N., and Bhattacharyya S., “Review on Security of Internet of Things Authentication Mechanism,” IEEE Access, vol. 7, pp. 151054-151089, 2019.

[37] O’Gorman L., “Comparing Passwords, Tokens, and Biometrics for User Authentication,” Proceedings of the IEEE, vol. 91, no. 12, pp. 2021-2040, 2003.

[38] Pietron A. and Han T., “A Case Study of Graphical Passwords in Achinese University,” in Proceedings of Adjunct Publication of the 28th ACM Conference on User Modeling, Adaptation and Personalization, New York, pp. 175-180, 2020.

[39] Raul N., Shankarmani R., and Joshi P., “A Comprehensive Review of keystroke Dynamics- Based Authentication Mechanism,” in Proceedings of International Conference on Innovative Computing and Communications, Singapore, pp. 149-162, 2020.

[40] Roth J., Liu X., Ross A., and Metaxas D., “Biometric Authentication Viakeystroke Sound,” in Proceedings of International Conference on Biometrics, Madrid, pp. 1-8, 2013.

[41] Sung K. and Cho S., “GA SVM Wrapper Ensemble for Keystroke Dynamics Authentication,” in Proceedings of International Conference on Biometrics, Hong Kong, pp. 654- 660, 2006.

[42] Skračić K., Pale P., and Kostanjčar Z., “Authentication Approach Using Onetime Challenge Generation Based on User Behavior Patterns Captured Intransactional Data Sets,” Computers and Security, vol. 67, pp. 107-121, 2017.

[43] Spillane R., “Keyboard Apparatus for Personal Identification,” IBM Technical Disclosure Bulletin, vol. 17, pp. 3346, 1975.

[44] Subashini S. and Kavitha V., “A Survey on Security Issues in Service Delivery Models of Cloud Computing,” Journal of Network and Computer Applications, vol. 34, no. 1, pp. 1-11, 2011.

[45] Teh P., Yue S., and Teoh A., “Feature Fusion Approach on Keystroke Dynamics Efficiency Enhancement,” International Journal of Cyber- Security and Digital Forensics, vol. 1, no. 1, pp. 20-31, 2012.

[46] Zhong Y. and Deng Y., Recent Advances In User Authentication Using Keystroke Dynamics Biometrics, Science Gate Publishing, 2015.

[47] Zhong Y., Deng Y., and Jain A., “Keystroke Dynamics for user Authentication,” in Proceedings of Computer Vision and Pattern Recognition Workshops, Providence, pp. 117- 123, 2012.

[48] Zimmermann V. and Gerber N., “The Password Is Dead, Long Live The password A Laboratory Study on User Perceptions of Authentication Schemes,” International Journal of Human- Computer Studies, vol. 133, pp. 26-44, 2020. Khalid Mansour received his PhD degree in computer science from Swinburne University of Technology (Australia) in 2014. In addition, he earned the MBA from Jordan University in 2008. He is an associate professor in artificial intelligence and his research interests are in automated negotiation in multi-agent systems, machine learning and information security. He is currently the head of department of data science and artificial intelligence at Zarqa University/Jordan. Khalid Mahmoud received his BSc degree in Computer Science from Jordan University on June 1992, MSc degree in Computer Science (Artificial Intelligence) from Jordan University on 1998 and PhD degree in Print Security and Digital Watermarking from Loughborough University (UK) on 2004. This was followed by academic appointments at ZARQA Private University as an assistance Professor in computer Science. On 2018 he joined Princess Sumaya University as an academic staff in computer science department. His areas of interest include Information security, Digital watermarking, Image forgery detection, AI and Arabic language processing.