Advertisement

I Sensed It Was You: Authenticating Mobile Users with Sensor-Enhanced Keystroke Dynamics

  • Cristiano Giuffrida
  • Kamil Majdanik
  • Mauro Conti
  • Herbert Bos
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8550)

Abstract

Mobile devices have become an important part of our everyday life, harvesting more and more confidential user information. Their portable nature and the great exposure to security attacks, however, call out for stronger authentication mechanisms than simple password-based identification. Biometric authentication techniques have shown potential in this context. Unfortunately, prior approaches are either excessively prone to forgery or have too low accuracy to foster widespread adoption.

In this paper, we propose sensor-enhanced keystroke dynamics, a new biometric mechanism to authenticate users typing on mobile devices. The key idea is to characterize the typing behavior of the user via unique sensor features and rely on standard machine learning techniques to perform user authentication. To demonstrate the effectiveness of our approach, we implemented an Android prototype system termed Unagi. Our implementation supports several feature extraction and detection algorithms for evaluation and comparison purposes. Experimental results demonstrate that sensor-enhanced keystroke dynamics can improve the accuracy of recent gestured-based authentication mechanisms (i.e., EER>0.5%) by one order of magnitude, and the accuracy of traditional keystroke dynamics (i.e., EER>7%) by two orders of magnitude.

Keywords

Mobile Device Sensor Data Authentication Scheme Touch Screen Equal Error Rate 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Cisco visual networking index: Global mobile data traffic forecast update (2012 -2017), http://www.cisco.com/en/US/solutions/collateral/ns341/ns525/ns537/ns705/ns827/white_paper_c11-520862.html
  2. 2.
  3. 3.
  4. 4.
    Araujo, L., Sucupira Jr., L.H.R., Lizarraga, M., Ling, L., Yabu-Uti, J.B.T.: User authentication through typing biometrics features. IEEE Trans. Signal Process. 53(2), 851–855 (2005)CrossRefMathSciNetGoogle Scholar
  5. 5.
    Aviv, A.J., Gibson, K., Mossop, E., Blaze, M., Smith, J.M.: Smudge attacks on smartphone touch screens. In: Proc. of the 4th USENIX Conf. on Offensive Technologies, pp. 1–7 (2010)Google Scholar
  6. 6.
    Aviv, A.J., Sapp, B., Blaze, M., Smith, J.M.: Practicality of accelerometer side channels on smartphones. In: Proc. of the 28th Annual Computer Security Appl. Conf., pp. 41–50 (2012)Google Scholar
  7. 7.
    Bergadano, F., Gunetti, D., Picardi, C.: User authentication through keystroke dynamics. ACM Trans. Inf. Syst. Secur. 5(4), 367–397 (2002)CrossRefGoogle Scholar
  8. 8.
    Brown, P.F., de Souza, P.V., Mercer, R.L., Pietra, V.J.D., Lai, J.C.: Class-based n-gram models of natural language. Comput. Linguist. 18(4), 467–479 (1992)Google Scholar
  9. 9.
    Burnett, M.: 10,000 top passwords, http://xato.net/passwords/more-top-worst-passwords/
  10. 10.
    Cai, L., Chen, H.: TouchLogger: Inferring keystrokes on touch screen from smartphone motion. In: Proc. of the Sixth USENIX Workshop on Hot Topics in Security, p. 9 (2011)Google Scholar
  11. 11.
    Cai, L., Chen, H.: On the practicality of motion based keystroke inference attack. In: Katzenbeisser, S., Weippl, E., Camp, L.J., Volkamer, M., Reiter, M., Zhang, X. (eds.) Trust 2012. LNCS, vol. 7344, pp. 273–290. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  12. 12.
    Campisi, P., Maiorana, E., Lo Bosco, M., Neri, A.: User authentication using keystroke dynamics for cellular phones. IET Signal Processing 3(4), 333–341 (2009)CrossRefGoogle Scholar
  13. 13.
    Clarke, N.L., Furnell, S.M.: Authenticating mobile phone users using keystroke analysis. Int’l J. Inf. Secur. 6(1), 1–14 (2006)CrossRefGoogle Scholar
  14. 14.
    Clarke, N.L., Furnell, S.M., Lines, B.M., Reynolds, P.L.: Keystroke dynamics on a mobile handset: A feasibility study. Information Management & Computer Security 11(4), 161–166 (2003)CrossRefGoogle Scholar
  15. 15.
    Clarke, N.L., Furnell, S.M.: Authentication of users on mobile telephones-A survey of attitudes and practices. Computers & Security 24(7), 519–527 (2005)CrossRefGoogle Scholar
  16. 16.
    Conti, M., Zachia-Zlatea, I., Crispo, B.: Mind how you answer me!: Transparently authenticating the user of a smartphone when answering or placing a call. In: Proc. of the Sixth ACM Symp. on Information, Computer and Communications Security, pp. 249–259 (2011)Google Scholar
  17. 17.
    Damopoulos, D., Kambourakis, G., Gritzalis, S.: From keyloggers to touchloggers: Take the rough with the smooth. Computers & Security 32, 102–114 (2013)CrossRefGoogle Scholar
  18. 18.
    De Luca, A., Hang, A., Brudy, F., Lindner, C., Hussmann, H.: Touch me once and i know it’s you!: Implicit authentication based on touch screen patterns. In: Proc. of the SIGCHI Conf. on Human Factors in Computing Systems, pp. 987–996 (2012)Google Scholar
  19. 19.
    Frank, M., Biedert, R., Ma, E., Martinovic, I., Song, D.: Touchalytics: On the applicability of touchscreen input as a behavioral biometric for continuous authentication. IEEE Trans. Inf. Forensics and Security 8(1), 136–148 (2013)CrossRefGoogle Scholar
  20. 20.
    Gaines, R.S., Lisowski, W., Press, S.J., Shapiro, N.: Authentication by keystroke timing. Tech. rep. (1980)Google Scholar
  21. 21.
    Guerra Casanova, J., Avila, C., de Santos Sierra, A., Bailador del Pozo, G., Jara Vera, V.: Acceleration axis selection in biometric technique based on gesture recognition. In: Proc. of the Sixth Int’l Conf. on Intelligent Information Hiding and Multimedia Signal Processing, pp. 360–363 (2010)Google Scholar
  22. 22.
    Han, J., Owusu, E., Nguyen, L., Perrig, A., Zhang, J.: ACComplice: Location inference using accelerometers on smartphones. In: Proc. of the Fourth Int’l Conf. on Communication Systems and Networks, pp. 1–9 (2012)Google Scholar
  23. 23.
    Huang, X., Lund, G., Sapeluk, A.: Development of a typing behaviour recognition mechanism on android. In: Proc. of the 11th Int’l Conf. on Trust, Security and Privacy in Computing and Communications, pp. 1342–1347 (2012)Google Scholar
  24. 24.
    Hwang, S.S., Cho, S., Park, S.: Keystroke dynamics-based authentication for mobile devices. Computers & Security 28(1-2), 85–93 (2009)CrossRefGoogle Scholar
  25. 25.
    Joyce, R., Gupta, G.: Identity authentication based on keystroke latencies. Communications of The ACM 33(2), 168–176 (1990)CrossRefGoogle Scholar
  26. 26.
    Kang, P., Hwang, S.-s., Cho, S.: Continual retraining of keystroke dynamics based authenticator. In: Lee, S.-W., Li, S.Z. (eds.) ICB 2007. LNCS, vol. 4642, pp. 1203–1211. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  27. 27.
    Karatzouni, S., Clarke, N.: Keystroke analysis for thumb-based keyboards on mobile devices. In: Venter, H., Eloff, M., Labuschagne, L., Eloff, J., Solms, R. (eds.) Proc. of the 22nd IFIP Int’l Information Security Conf., pp. 253–263 (2007)Google Scholar
  28. 28.
    Killourhy, K., Maxion, R.: Why did my detector do that?!: Predicting keystroke-dynamics error rates. In: Jha, S., Sommer, R., Kreibich, C. (eds.) RAID 2010. LNCS, vol. 6307, pp. 256–276. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  29. 29.
    Killourhy, K.S., Maxion, R.A.: Comparing anomaly-detection algorithms for keystroke dynamics. In: Proc. of the Int’l Conf. on Dependable Systems and Networks, pp. 125–134 (2009)Google Scholar
  30. 30.
    Kolly, S.M., Wattenhofer, R., Welten, S.: A personal touch: Recognizing users based on touch screen behavior. In: Proc. of the Third Int’l Workshop on Sensing Applications on Mobile Phones, pp. 1–5 (2012)Google Scholar
  31. 31.
    Kotani, K., Horii, K.: Evaluation on a keystroke authentication system by keying force incorporated with temporal characteristics of keystroke dynamics. Behaviour & Information Technology 24(4), 289–302 (2005)CrossRefGoogle Scholar
  32. 32.
    Leggett, J., Williams, G.: Verifying identity via keystroke characteristics. Int’l J. Man-Mach. Stud. 28(1), 67–76 (1988)CrossRefGoogle Scholar
  33. 33.
    Li, L., Zhao, X., Xue, G.: Unobservable re-authentication for smartphones. In: Proc. of the 20th Network and Distributed System Security Symp. (2013)Google Scholar
  34. 34.
    Lin, D.T.: Computer-access authentication with neural network based keystroke identity verification. In: Proc. of the Int’l Conf. on Neural Networks, pp. 174–178 (1997)Google Scholar
  35. 35.
    Liu, M.: A study of mobile sensing using smartphones. Int’l J. of Distributed Sensor Networks 2013(2013)Google Scholar
  36. 36.
    Maiorana, E., Campisi, P., González-Carballo, N., Neri, A.: Keystroke dynamics authentication for mobile phones. In: Proc. of the ACM Symp. on Applied Computing, pp. 21–26 (2011)Google Scholar
  37. 37.
    Mantyjarvi, J., Lindholm, M., Vildjiounaite, E., Makela, S.M., Ailisto, H.: Identifying users of portable devices from gait pattern with accelerometers. In: Proc. of the Int’l Conf. on Acoustics, Speech, and Signal Processing, pp. 973–976 (2005)Google Scholar
  38. 38.
    Meng, T.C., Gupta, P., Gao, D.: I can be you: Questioning the use of keystroke dynamics as biometrics. In: Proc. of the 20th Network and Distributed System Security Symp. (2013)Google Scholar
  39. 39.
    Meng, Y., Wong, D.S., Schlegel, R., Kwok, L.-F.: Touch gestures based biometric authentication scheme for touchscreen mobile phones. In: Kutyłowski, M., Yung, M. (eds.) Inscrypt 2012. LNCS, vol. 7763, pp. 331–350. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  40. 40.
    Miluzzo, E., Varshavsky, A., Balakrishnan, S., Choudhury, R.R.: Tapprints: Your finger taps have fingerprints. In: Proc. of the 10th Int’l Conf. on Mobile Systems, Applications, and Services, pp. 323–336 (2012)Google Scholar
  41. 41.
    Monrose, F., Rubin, A.: Authentication via keystroke dynamics. In: Proc. of the Fourth ACM Conf. on Computer and Communications Security, pp. 48–56 (1997)Google Scholar
  42. 42.
    Obaidat, M., Sadoun, B.: Verification of computer users using keystroke dynamics. IEEE Trans. Syst. Man, Cybern. B, Cybern. 27(2), 261–269 (1997)CrossRefGoogle Scholar
  43. 43.
    Okumura, F., Kubota, A., Hatori, Y., Matsuo, K., Hashimoto, M., Koike, A.: A study on biometric authentication based on arm sweep action with acceleration sensor. In: Proc. of the Int’l Symp. on Intelligent Signal Processing and Communications, pp. 219–222 (2006)Google Scholar
  44. 44.
    Owusu, E., Han, J., Das, S., Perrig, A., Zhang, J.: Accessory: Password inference using accelerometers on smartphones. In: Proc. of the 12th Workshop on Mobile Computing Systems and Applications, pp. 1–6 (2012)Google Scholar
  45. 45.
    Rahman, K., Balagani, K., Phoha, V.: Snoop-forge-replay attacks on continuous verification with keystrokes. IEEE Trans. on Information Forensics and Security 8(3), 528–541 (2013)CrossRefGoogle Scholar
  46. 46.
    de Ru, W.G., Eloff, J.H.P.: Enhanced password authentication through fuzzy logic. IEEE Expert 12(6), 38–45 (1997)CrossRefGoogle Scholar
  47. 47.
    Saevanee, H., Bhatarakosol, P.: User authentication using combination of behavioral biometrics over the touchpad acting like touch screen of mobile device. In: Proc. of the Int’l Conf. on Computer and Electrical Engineering, pp. 82–86 (2008)Google Scholar
  48. 48.
    Saevanee, H., Bhattarakosol, P.: Authenticating user using keystroke dynamics and finger pressure. In: Proc. of the Sixth IEEE Conf. on Consumer Communications and Networking, pp. 1078–1079 (2009)Google Scholar
  49. 49.
    Serwadda, A., Phoha, V.V.: Examining a large keystroke biometrics dataset for statistical-attack openings. ACM Trans. Inf. Syst. Secur. 16(2), 1–30 (2013)CrossRefGoogle Scholar
  50. 50.
    Serwadda, A., Phoha, V.V.: When kids’ toys breach mobile phone security. In: Proc. of the 2013 ACM Conf. on Computer and Communications Security, pp. 599–610 (2013)Google Scholar
  51. 51.
    Shahzad, M., Liu, A.X., Samuel, A.: Secure unlocking of mobile touch screen devices by simple gestures: You can see it but you can not do it. In: Proc. of the 19th Annual Int’l Conf. on Mobile Computing and Networking, pp. 39–50 (2013)Google Scholar
  52. 52.
    de Souza Faria, G., Kim, H.Y.: Identification of pressed keys from mechanical vibrations. IEEE Trans. Inf. Forensics and Security 8(7), 1221–1229 (2013)CrossRefGoogle Scholar
  53. 53.
    Stefan, D., Shu, X., Yao, D.: Robustness of keystroke-dynamics based biometrics against synthetic forgeries. Computers & Security 31(1), 109–121 (2012)CrossRefGoogle Scholar
  54. 54.
    Tari, F., Ozok, A.A., Holden, S.H.: A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords. In: Proc. of the Second Symp. on Usable Privacy and Security, pp. 56–66 (2006)Google Scholar
  55. 55.
    Tasi, C.J., Chang, T.Y., Cheng, P.C., Lin, J.H.: Two novel biometric features in keystroke dynamics authentication systems for touch screen devices. Security and Communication Networks (2013)Google Scholar
  56. 56.
    Trojahn, M., Ortmeier, F.: Biometric authentication through a virtual keyboard for smartphones. Int’l J. Computer Science & Information Technology 4(5) (2012)Google Scholar
  57. 57.
    Witten, I.H., Frank, E., Hall, M.A.: Data Mining: Practical Machine Learning Tools and Techniques (2011)Google Scholar
  58. 58.
    Xu, Y., Heinly, J., White, A.M., Monrose, F., Frahm, J.M.: Seeing double: Reconstructing obscured typed input from repeated compromising reflections. In: Proc. of the 2013 ACM Conf. on Computer and Communications Security, pp. 1063–1074 (2013)Google Scholar
  59. 59.
    Xu, Z., Bai, K., Zhu, S.: TapLogger: Inferring user inputs on smartphone touchscreens using on-board motion sensors. In: Proc. of the Fifth ACM Conf. on Security and Privacy in Wireless and Mobile Networks, pp. 113–124 (2012)Google Scholar
  60. 60.
    Zahid, S., Shahzad, M., Khayam, S.A., Farooq, M.: Keystroke-based user identificationon smart phones. In: Kirda, E., Jha, S., Balzarotti, D. (eds.) RAID 2009. LNCS, vol. 5758, pp. 224–243. Springer, Heidelberg (2009)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Cristiano Giuffrida
    • 1
  • Kamil Majdanik
    • 1
  • Mauro Conti
    • 2
  • Herbert Bos
    • 1
  1. 1.VU University AmsterdamThe Netherlands
  2. 2.University of PaduaItaly

Personalised recommendations