Securing keystroke dynamics from replay attacks

Itay Hazan, Oded Margalit, Lior Rokach

Research output: Contribution to journalArticlepeer-review


Keystroke dynamics is a viable behavioral biometric technique for identity verification based on users’ keyboard interaction traits. Keystroke dynamics can help prevent credentials from being abused in case of theft or leakage. But what happens if the keystroke events are eavesdropped and being replayed? Attackers that intercept keystroke dynamics authentication sessions of benign users can easily replay them from other sources unchanged or with minor changes and gain illegitimate privileges. Hence, even with its major security advantages, keystroke dynamics can still expose authentication mechanisms to replay attacks. Although replay attack is one of the oldest techniques to manipulate authentication systems, keystroke dynamics does not help preventing it. We suggest a new protocol for dynamics exchange based on choosing a subset of real and fake information snippets shared between the client and service providers to lure potential attackers. We evaluated our method on four state-of-the-art keystroke dynamics algorithms and three publicly available datasets and showed that we can dramatically reduce the possibility of replay attacks while preserving highly accurate user verification.

Original languageAmerican English
Article number105798
JournalApplied Soft Computing Journal
StatePublished - 1 Dec 2019


  • Behavioral biometrics
  • Keystroke dynamics
  • Replay attack

All Science Journal Classification (ASJC) codes

  • Software


Dive into the research topics of 'Securing keystroke dynamics from replay attacks'. Together they form a unique fingerprint.

Cite this