As computer use becomes more widespread, the problem of computer system security also becomes increasingly critical. The volume of information stored in computer systems is growing at a large rate. Further, the accessibility of such information systems is increasing due to the interconnection of computer systems through networks such as the Internet. A major problem facing computer owners is how to protect computer systems, and the information they contain, from adversaries wishing to gain unauthorized access to stored information.
One type of computer system security is referred to as authentication. Authentication refers to confirming the identity of a user prior to allowing access to a computer system. Most authentication schemes are based on the user's knowledge of a secret, called a password. A user must have knowledge of a secret password in order to gain access to the computer system.
Another type of computer system security is referred to as encryption. Some, or all, of the information on the computer system may be encrypted such that the information is rendered unreadable or unusable until it is decrypted. Like authentication, decryption also relies on the knowledge of a secret, called a key, which is used to decrypt the information. Thus, even though a person may have access to information, that information may be useless to someone who does not possess the appropriate decryption key.
These two security techniques of authentication and encryption are related in many ways. For example, a secret known by a user may serve as both a password and a decryption key. Further, a computer system may employ both types of security techniques.
With respect to authentication, textual passwords have been, and remain, the primary means of authenticating users. However, passwords have been shown to be a relatively weak mechanism for authentication. Studies have shown that users tend to choose passwords that can be easily guessed by an exhaustive search of a relatively small subset of all possible passwords. For example, in a study of 14,000 computer system passwords, it was found that almost 24% of the passwords could be found in a “dictionary” of only 3×106 words. Considering the high speed at which a computer could generate and test 3×106 words, passwords are considered to be a weak form of computer security.
One known technique for strengthening passwords is to require not only that the correct password be typed, but also that the user's keystroke features (e.g. duration of keystrokes and latency between keystrokes) match a predetermined stored model of expected keystroke features. This technique is effective against so-called online attacks in which an adversary is attempting to gain access to a computer system through the computer's authentication system. However, this technique is not effective against a so-called off-line attack, in which an adversary gains physical access to the computer's data, for example by taking physical possession of a laptop computer or by otherwise circumventing the computer's authentication system. Once an adversary has physical access to computer information, the above described keystroke feature technique is ineffective. Further, if an adversary gets physical access to a computer which allows access to the stored keystroke feature models, the models may leak sensitive information which would then make it easier for the adversary to determine actual user passwords.
Other techniques exist which do not require the storage of such models in memory. For example, U.S. Pat. No. 5,680,460 describes a technique in which a user's fingerprint characteristics are measured and various filters are applied to the measurements to generate a key which can then be used to authenticate the user on a computer system. Another example is G. I. Davida, Y. Frankel, and B. J. Matt, On Enabling Secure Applications Through Off-Line Biometric Identification, Proceedings of the 1998 IEEE Symposium on Security and Privacy, pp. 148-157, May 1998, in which error correcting parameters are used to decode biometric (e.g. iris scan) readings into a canonical form for a particular user. This canonical form may then be used to generate a key for authentication purposes. However, both of these techniques also suffer from the above described deficiency in that any compromise of the underlying system data (either the filters or the error correcting parameters) will leak sensitive information which, in certain applications, would allow an adversary to more easily determine the user's authentication key.