KeySens: Passive User Authentication through Micro-behavior Modeling of Soft Keyboard Interaction

  • Benjamin Draffin
  • Jiang Zhu
  • Joy Zhang
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 130)


Mobile devices have become almost ever-present in our daily lives and increasingly so in the professional workplace. Applications put company data, personal information and sensitive documents in the hands of busy nurses at hospitals, company employees on business trips and government workers at large conferences. Smartphones and tablets also not only store data on-device, but users are frequently authorized to access sensitive information in the cloud. Protecting the sensitivity of mobile devices yet not burdening users with complicated and cumbersome active authentication methods is of great importance to the security and convenience of mobile computing. In this paper, we propose a novel passive authentication method; we model the micro-behavior of mobile users’ interaction with their devices’ soft keyboard. We show that the way a user types—the specific location touched on each key, the drift from finger down to finger up, the force of touch, the area of press—reflects their unique physical and behavioral characteristics. We demonstrate that using these micro-behavior features without any contextual information, we can passively identify that a mobile device is being used by a non-authorized user within 5 keypresses 67.7% of the time. This comes with a False Acceptance Rate (FAR) of 32.3% and a False Rejection Rate (FRR) of only 4.6%. Our detection rate after 15 keypresses is 86% with a FAR of 14% and a FRR of only 2.2%.


Keystroke Dynamics User Authentication Passive Authentication Multi-factor Authentication Continuous Authentication Biometrics Micro-behavior Soft Keyboards Mobile Security Android 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Banerjee, S.P., Woodard, D.L.: Biometric authentication and identification using keystroke dynamics: A survey. Journal of Pattern Recognition Research (2012)Google Scholar
  2. 2.
    Bergadano, F., Gunetti, D., Picardi, C.: User authentication through keystroke dynamics. ACM Trans. Inf. Syst. Secur. 5(4), 367–397 (2002)CrossRefGoogle Scholar
  3. 3.
    Cai, L., Chen, H.: On the practicality of motion based keystroke inference attack. In: Katzenbeisser, S., Weippl, E., Camp, L.J., Volkamer, M., Reiter, M., Zhang, X. (eds.) Trust 2012. LNCS, vol. 7344, pp. 273–290. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  4. 4.
    Cherifi, F., Hemery, B., Giot, R., Pasquet, M., Rosenberger, C.: Performance evaluation of behavioral biometric systems. In: Behavioral Biometrics for Human Identification: Intelligent Applications, pp. 57–74. IGI Global (2010)Google Scholar
  5. 5.
    Duda, R.O., Hart, P.E., Stork, D.G.: Multi-layer neural networks. In: Pattern Classification, 2nd edn., vol. 2. John Wiley and Sons, Inc. (2001)Google Scholar
  6. 6.
    Frank, M., Biedert, R., Ma, E., Martinovic, I., Song, D.: Touchalytics: On the applicability of touchscreen input as a behavioral biometric for continuous authentication. IEEE Transactions on Information Forensics and Security 8(1), 136–148 (2013)CrossRefGoogle Scholar
  7. 7.
    Gordon, D., Czerny, J., Beigl, M.: Activity recognition for creatures of habit. In: Personal and Ubiquitous Computing, pp. 1–17 (2013)Google Scholar
  8. 8.
    Holleis, P., Huhtala, J., Häkkilä, J.: Studying applications for touch-enabled mobile phone keypads. In: Proceedings of the 2nd International Conference on Tangible and Embedded Interaction, TEI 2008, pp. 15–18. ACM, New York (2008)Google Scholar
  9. 9.
    Jain, A., Hong, L., Pankanti, S.: Biometric identification. Commun. ACM 43(2), 90–98 (2000)CrossRefGoogle Scholar
  10. 10.
    Killourhy, K.S., Maxion, R.A.: Comparing anomaly-detection algorithms for keystroke dynamics. In: IEEE/IFIP International Conference on Dependable Systems Networks, DSN 2009, pp. 125–134 (2009)Google Scholar
  11. 11.
    Maiorana, E., Campisi, P., González-Carballo, N., Neri, A.: Keystroke dynamics authentication for mobile phones. In: Proceedings of the 2011 ACM Symposium on Applied Computing, SAC 2011, pp. 21–26. ACM, New York (2011)Google Scholar
  12. 12.
    International Standards Organization. Biometric performance testing and reporting (2006)Google Scholar
  13. 13.
    Owusu, E., Han, J., Das, S., Perrig, A., Zhang, J.: Accessory: password inference using accelerometers on smartphones. In: Proceedings of the Twelfth Workshop on Mobile Computing Systems & Applications, HotMobile 2012, pp. 9:1–9:6. ACM, New York (2012)Google Scholar
  14. 14.
    Peacock, A., Ke, X., Wilkerson, M.: Typing patterns: a key to user identification. IEEE Security Privacy 2(5), 40–47 (2004)CrossRefGoogle Scholar
  15. 15.
    Android Open Source Project. Android security overviewGoogle Scholar
  16. 16.
    Android Open Source Project. Touch devicesGoogle Scholar
  17. 17.
    Shi, E., Niu, Y., Jakobsson, M., Chow, R.: Implicit authentication through learning user behavior. In: Burmester, M., Tsudik, G., Magliveras, S., Ilić, I. (eds.) ISC 2010. LNCS, vol. 6531, pp. 99–113. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  18. 18.
    Zahid, S., Shahzad, M., Khayam, S.A., Farooq, M.: Keystroke-based user identification on smart phones. In: Kirda, E., Jha, S., Balzarotti, D. (eds.) RAID 2009. LNCS, vol. 5758, pp. 224–243. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  19. 19.
    Zhu, J., Hu, H., Hu, S., Wu, P., Zhang, J.Y.: Mobile behaviometrics: Models and applications. In: Proceedings of the Second IEEE/CIC International Conference on Communications in China (ICCC), Xi’An, China, August 12-14 (2013)Google Scholar
  20. 20.
    Zhu, J., Wu, P., Wang, X., Perrig, A., Hong, J., Zhang, J.Y.: Sensec: Mobile application security through passive sensing. In: Proceedings of International Conference on Computing, Networking and Communications (ICNC 2013), San Diego, CA, USA, January 28-31 (2013)Google Scholar

Copyright information

© ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering 2014

Authors and Affiliations

  • Benjamin Draffin
    • 1
  • Jiang Zhu
    • 1
  • Joy Zhang
    • 1
  1. 1.Department of Electrical and Computer EngineeringCarnegie Mellon UniversityMoffett FieldUSA

Personalised recommendations