Behavioral Biometric with SAFE

We have discussed about Yubikeys, SQRL, and other 2FA that are based on the “something we have” to complement the typical passphrase/pin (“something we know”)

But there is another type of 2FA option, a stealthier one, based on the “something we do”: behavioral biometrics.

Keystroke dynamics measure the timings quirks that we have while typing that are unique to each person. Our hand positions, our speed, the length of our fingers, everything affects and we all have personal identifiable styles.

This would kill two birds with one stone:

  • Proof of unique person
  • Impossible to use stolen credentials.

This adds an interesting layer of security, although the only weakness here would be a keylogger capturing the timing and movements of the keyboard and the mouse so a hardware solution (“something we have”) such as Yubikeys, would still be needed.

I know of two companies offering this technology: BehavioSec and KeyTrac


Nice, definitely worth a deeper look. I like this as it was a previous weakness in password discovery being used for the right purpose now.


No company in the world should have people their biometric. Imagine a future in which your bios can be sold on the darkmarket and that being used to buy stuff. You can’t change your bios so you’ll probably spend your life trying to find a solution.


Agreed, but wonder if we can do it differently, by using the differences to add to entropy (in terms of your pin input or similar). The issue may be different input keyboards behave or force different behaviour. Still could be something. If we could ditch pin for a pattern in input then it may be pretty cool, of course a keylogger using timing attacks could probably still capture this. Worth investigating though.


I was thinking in the exact same line.
If passwords are self-authenticated, the behavioral biometric could work as a salt.
No one owns the biometric data except the user itself.


I would argue that when you play with patterns you would also have to store that pattern. Example:
I (0.01sec) took (1sec) two seconds (3sec) to (1sec) write this (2sec). first time (written by me)
I (0.01sec) took (1sec) two seconds (3sec) to (1sec) write this (2sec). second time (written by computer)
How do you know if I or a computer wrote the second time? How do you measure what a human did, if an computer can replicated that exactly even within nanoseconds? Patterns become predictable if you register them long enough.

Don’t get me wrong i love this stuff. But if we start playing with biometric, we’re just opening a door, we can never close again. Let’s not forget, that browsers are the new operating systems now adays and they can be hidding stuff we’re not even aware of. When the SAFE Network got biometric, it only makes it easier to physically force some one to enter their code. Because they know your username & password, they only have to force you to type on your keyboard.

The thing with Apple’s Iphone that can save consumers a little, is that with a fingerprint you can just use another finger and lock down your phone. With something like a pattern recognition it’s impossible.

Why I keep rambling about SQRL (it needs multisig) like a madman is because, you don’t even need a keyboard or mouse to login. I know a mobile environment is the same as a computer environment. But what would be great is if somehow you could run Android on the SAFE Network and have that on your mobile.

Multsig login in combination with 2FA would be good, you don’t want things you can’t change as a log on, it will just follow you like your shadow.

Proof that browsers are the new OS. And Google Chrome will one day listen to you without your permission maybe, because you think your a Startrek Citizen and blablabla


Btw talking about SQRL, their is now an detailed explanation of how it works here

This is really pretty about SQRL, you can’t be tracked anymore acrossed websites. Just listen and you’ll get to hear why :stuck_out_tongue:


Big problem with these types of BIOMetric is that if a person is ill, had an accident like simply hitting their finger with a hammer, then they are screwed. If an alternative is provided then the BIO Metric is not securing the account.

I cannot count the number of times a particular BIO Metric (incl this one) would have excluded me from logging into my own account.


In the U.S., we just recently had a breach of federal employees’ personnel files (talked about in that same twit-security podcast video above describing SQRL) where 1.1 million people’s fingerprints are now in the wild.
So it’s not just a matter of accidentally burning your hand and not being able to use your own fingers to log in for a week, but our own biometric data is not always as close to us as we’d like to think.

You are describing a problem of a server/client architecture. You may say the same about passwords.
MaidSafe changes that equation with self-authentication, whatever that identifies you never leaves your computer.

Unless your computer is compromised. SAFE removes the central point of failure leading to mass breaches, but it doesn’t deliver absolute security. It’s almost inevitable that at some point some OS-level virus will compromise a meaningful percentage of SAFE accounts.

That’s when Yubikeys comes in.
For what I understand, the biggest risk that it has is being compromised with a keylogger. Remove that from the equation, and I don’t know what vector is left.

Rootkits, or any malware that nicks your private keys after you logged in.

Is the private key accessible?
I asked the same questions in another thread, about a total 0-ring compromise.

Should be stored in local memory in order to sign and decrypt stuff. Unless we get a hardware solution for that as well.

It is accessible, so we use NaCl keys and respect the formats and memory “hardness” there, for signing etc. it has to be, but there are chains of keys so revocation can happen in event of theft. There are a few other things like short lived keys, essentially though the private key needs to be available, it is the degree and responsibility per key that then becomes important. So multiple keys with differing responsibilities and only download and decrypt those keys you absolutely need. This will become a large part of the first security sprint for sure and then thereafter forever :wink:


I should add an area to look into if you are in this area is something I have not fully developed though. Using 2 accounts in a multisig manner for 2 factor auth, so log into your phone and computer say to access your account. Not yubikey but could be linked in this manner I feel. Anyhow it’s worth considering.

The other area is site visits logins in SAFE, using a SQRL type HMAC solution means unique verifiable visits where we can get the private key per site / location and, well basically do what SQRL does. This also links into the furthering security conversation. I am way into routing structures right now, but this will be a big focus soon.


Thanks for reminding me that we’re working with a new paradigm. The “usual” gets ingrained sometimes.

And I’m glad your comment brought others in to explore the “local compromise” scenarios. Not nearly as severe as a third-party data-store being compromised, but still good to be cognizant of.

1 Like

Severe weaknesses in Android handsets could leak user fingerprints

@dirvine Is there any impediment to implement FIDO U2F in SafeNet?

[Quote]“The technical working group of the U2F have a proposal on the table, so far it hasn’t been any major objections, in essence now that the browser can talk to the authenticator, one of the key pieces that the authenticator device needs to be implemented is what we call test of user presence.
So it is not good enough to leave your token in there, so if you are going to authenticate to the service, the service will provide a challenge and the authenticator will need to do something.
From my perspective the authenticator is blinking, and you have to touch it so there is an intent and to show to the browser that you are present. There is a challenge-response that is critical in this ecosystem” [/quote]

This would solve the problem of the “proof of unique human”, wouldn’t it?