Return to the Home Page...
Features on BBC BASIC programming...
Your questions and answers...
Buy or Sell an NC...
The NC200 manual and data sheets for BBC BASIC...
Information about BBC BASIC on the NC...
Free software for you to download...

Tim's Amstrad NC Users' Site

Passwording Your Programs using Keystroke Dynamics

By Tim Surtell

Keystroke Dynamics is a method of making computer passwords harder to crack by recording not only the user's password but also the way that the user types it.

An article in 'Electronics -- the Maplin Magazine' entitled "Access control" describes several ways of stopping unauthorized entry into computer systems including signature, hand and eye recognition, but keystroke dynamics is the only method that does not require special equipment.

Because the only thing needed to implement Keystroke Dynamics is a new design of software I decided to experiment and write the necessary program in BBC BASIC for the NC100/200.

Two programs are needed -- one to record the user's entry of the password, and one that can be put in the program that needs to be passworded. The listings of both are shown below. (To see them as text files click on the titles.)

Recording the password

Password recorder ... 1.8kb

 10 DIM kd(3,20),pass(20)
 20 CLS
 30 thres=70
 40 PRINTCHR$19"Keystroke dynamics password file generator"CHR$20
 50 PRINT'"* Create password -- type in password three times..."
 60 FORP=1 TO 3
 70   PRINT'"Password ";P;" : ";
 80   PROCenter_password(P)
 90 NEXT
100 PRINT''"Calculating average keystroke intervals... "
110 FORI=1 TO kdpos-2 STEP 2
120   pass(I)=(kd(1,I)+kd(2,I)+kd(3,I)) DIV 3
130   pass(I+1)=kd(1,I+1)
140 NEXT
150 PRINT:FORI=1 TO kdpos-2 STEP 2:PRINT;pass(I);",";pass(I+1);" ";:NEXT
160 PRINT''"Password saved in 'PASSWORD.TXT'."
180 FORI=1 TO kdpos-1
190   PRINT#K,pass(I)
200 NEXT
210 CLOSE#0
220 PRINT'"* Test password. Threshold is ";thres;"%..."'
230 PRINT"Type in your password : ";
240 PROCenter_password(0)
250 match=0
260 FORI=1 TO kdpos-2 STEP 2
270   IF kd(0,I)=pass(I) OR kd(0,I)-1=pass(I) OR kd(0,I)+1=pass(I) match=match+1
280   IF kd(0,I+1)<>pass(I+1) match=-1:I=kdpos-2
290 NEXT
300 IF match=-1 percent=0 ELSE percent=INT((match/((kdpos-1)/2))*100)
310 PRINTTAB(40)percent;"% -- Access ";:IF percent>320 GOTO230
330 PRINTpercent
340 END
350 DEF PROCenter_password(N)
360 FORI=1 TO 20:kd(N,I)=0:NEXT
370 kdpos=1
380 G=INKEY(1)
390 IF G=-1 GOTO380
420 IF kdpos=1 kd(N,kdpos)=0:kd(N,kdpos+1)=G:kdpos=kdpos+2:TIME=0:GOTO380
430 kd(N,kdpos)=TIME:kd(N,kdpos+1)=G:kdpos=kdpos+2:TIME=0:GOTO380

Using the password

PROCkeystroke_dynamics ... 1kb

 10 REM ************************
 20 REM Keystroke dynamics
 30 REM PROCkeystroke_dynamics
 40 REM Developed by Tim Surtell
 50 REM ************************
 60 REM NC100/200 Version 2 70 REM Downloaded from Tim's NC Users' Site
 80 REM
 90 DIM kd(20):thres=70
100 DEF PROCkeystroke_dynamics 110 PRINT "Type in your password : ";
120 FORI=1 TO 20:kd(I)=0:NEXT
130 kdpos=1
140 G=INKEY(1)
150 IF G=-1 GOTO140
160 IF G=13 GOTO200
180 IF kdpos=1 kd(kdpos)=0:kd(kdpos+1)=G:kdpos=kdpos+2:TIME=0:GOTO140
190 kd(kdpos)=TIME:kd(kdpos+1)=G:kdpos=kdpos+2:TIME=0:GOTO140
210 match=0
220 FORI=1 TO kdpos-2 STEP 2
230   INPUT#K,time,key
240   IF kd(0,I)=time OR kd(0,I)-1=time OR kd(0,I)+1=time match=match+1
250   IF kd(0,I+1)<>key match=-1:I=kdpos-2
260 NEXT
270 IF match=-1 percent=0 ELSE percent=INT((match/((kdpos-1)/2))*100)
280 PRINT"Access ";:IF percent thres PRINT;"denied.":GOTO110 ELSE PRINT;"granted."

Program analysis

I will now describe the operation of the password recorder program. The other program (PROCkeystroke_dynamics) is similar to PROCenter_password in the password recorder program.

As each key is pressed two things need to be recorded:

  • The first is the ASCII code of the character pressed.
  • The second is the time interval that elapsed before the key was pressed. For the first key this will be 0 since a key was not pressed previously.

Subsequent blocks of two cells in the arrays hold the data for the following characters.

Line 10 Sets two arrays; kd(n,l) holds the data received when you first set up the password by typing it in three times. n determines which of these sets of data is used. 'pass' holds the final average values.

Line 30 Sets the 'password correct' threshold as a percentage. You can change this if you need to.

Lines 60 to 90 Call PROCenter_password three times so that the password can be defined. Changing P from 1 to 3 means the data is placed in different parts of array 'kd'.

Lines 110 to 140 Take average values of the three sets of time intervals found in 'kd' and place the results in array 'pass'. The ASCII code values are left unchanged.

Lines 170 to 210 Save the array 'pass' to "PASSWORD.TXT" so it can be used in PROCkeystroke_dynamics.

Line 240 Calls PROCenter_password again and the results are put in kd(0,l).

Lines 250 to 290 Test this password against that in 'pass' by checking that the time intervals are the same, plus or minus 1 (line 270) and that the correct keys were pressed (line 280). Each time the interval test is true 'match' is increased by one. If a wrong key is pressed 'match' is made equal to -1.

Line 300 Produces a 'percentage correct' figure from 'match'.

Line 310 Compares this to 'thres' and prints 'Access granted' or 'Access denied', plus the percentage.

Line 360 In PROCenter_password deletes the previous data in kd(n,l).

Lines 380 to 430 Let the user input the password.  INKEY is used to get an input from the keyboard (line 380).  If no key is pressed, line 390 makes the program loop.  If there is an input, line 400 tests to see if it was ENTER.  If so the procedure ends.  Line 420 puts theASCII value and TIME into kd(n,l) and adds two to kdpos (the pointer for array 'kd'.)

Access Control by Frank Booty, Electronics -- The Maplin Magazine, Issue 97 January 1996 Page 22-23/45 ( 

1997 – 2024 Tim Surtell

Tim's Amstrad NC Users' Site

Return to top of page...

| Home | Features | Data Sheets | Questions | BBC BASIC | Software |