KeySens: Passive User Authentication through Micro-behavior Modeling of Soft Keyboard Interaction

Draffin, Benjamin; Zhu, Jiang; Zhang, Joy

doi:10.1007/978-3-319-05452-0_14

KeySens: Passive User Authentication through Micro-behavior Modeling of Soft Keyboard Interaction

Benjamin Draffin¹⁷,
Jiang Zhu¹⁷ &
Joy Zhang¹⁷

Conference paper

1754 Accesses
28 Citations
3 Altmetric

Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST,volume 130)

Abstract

Mobile devices have become almost ever-present in our daily lives and increasingly so in the professional workplace. Applications put company data, personal information and sensitive documents in the hands of busy nurses at hospitals, company employees on business trips and government workers at large conferences. Smartphones and tablets also not only store data on-device, but users are frequently authorized to access sensitive information in the cloud. Protecting the sensitivity of mobile devices yet not burdening users with complicated and cumbersome active authentication methods is of great importance to the security and convenience of mobile computing. In this paper, we propose a novel passive authentication method; we model the micro-behavior of mobile users’ interaction with their devices’ soft keyboard. We show that the way a user types—the specific location touched on each key, the drift from finger down to finger up, the force of touch, the area of press—reflects their unique physical and behavioral characteristics. We demonstrate that using these micro-behavior features without any contextual information, we can passively identify that a mobile device is being used by a non-authorized user within 5 keypresses 67.7% of the time. This comes with a False Acceptance Rate (FAR) of 32.3% and a False Rejection Rate (FRR) of only 4.6%. Our detection rate after 15 keypresses is 86% with a FAR of 14% and a FRR of only 2.2%.

Keywords

Keystroke Dynamics
User Authentication
Passive Authentication
Multi-factor Authentication
Continuous Authentication
Biometrics
Micro-behavior
Soft Keyboards
Mobile Security
Android

This is a preview of subscription content, access via your institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 64.99; Price excludes VAT (USA)

Softcover Book: USD 84.00; Price excludes VAT (USA)

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Banerjee, S.P., Woodard, D.L.: Biometric authentication and identification using keystroke dynamics: A survey. Journal of Pattern Recognition Research (2012)
Google Scholar
Bergadano, F., Gunetti, D., Picardi, C.: User authentication through keystroke dynamics. ACM Trans. Inf. Syst. Secur. 5(4), 367–397 (2002)
CrossRef Google Scholar
Cai, L., Chen, H.: On the practicality of motion based keystroke inference attack. In: Katzenbeisser, S., Weippl, E., Camp, L.J., Volkamer, M., Reiter, M., Zhang, X. (eds.) Trust 2012. LNCS, vol. 7344, pp. 273–290. Springer, Heidelberg (2012)
CrossRef Google Scholar
Cherifi, F., Hemery, B., Giot, R., Pasquet, M., Rosenberger, C.: Performance evaluation of behavioral biometric systems. In: Behavioral Biometrics for Human Identification: Intelligent Applications, pp. 57–74. IGI Global (2010)
Google Scholar
Duda, R.O., Hart, P.E., Stork, D.G.: Multi-layer neural networks. In: Pattern Classification, 2nd edn., vol. 2. John Wiley and Sons, Inc. (2001)
Google Scholar
Frank, M., Biedert, R., Ma, E., Martinovic, I., Song, D.: Touchalytics: On the applicability of touchscreen input as a behavioral biometric for continuous authentication. IEEE Transactions on Information Forensics and Security 8(1), 136–148 (2013)
CrossRef Google Scholar
Gordon, D., Czerny, J., Beigl, M.: Activity recognition for creatures of habit. In: Personal and Ubiquitous Computing, pp. 1–17 (2013)
Google Scholar
Holleis, P., Huhtala, J., Häkkilä, J.: Studying applications for touch-enabled mobile phone keypads. In: Proceedings of the 2nd International Conference on Tangible and Embedded Interaction, TEI 2008, pp. 15–18. ACM, New York (2008)
Google Scholar
Jain, A., Hong, L., Pankanti, S.: Biometric identification. Commun. ACM 43(2), 90–98 (2000)
CrossRef Google Scholar
Killourhy, K.S., Maxion, R.A.: Comparing anomaly-detection algorithms for keystroke dynamics. In: IEEE/IFIP International Conference on Dependable Systems Networks, DSN 2009, pp. 125–134 (2009)
Google Scholar
Maiorana, E., Campisi, P., González-Carballo, N., Neri, A.: Keystroke dynamics authentication for mobile phones. In: Proceedings of the 2011 ACM Symposium on Applied Computing, SAC 2011, pp. 21–26. ACM, New York (2011)
Google Scholar
International Standards Organization. Biometric performance testing and reporting (2006)
Google Scholar
Owusu, E., Han, J., Das, S., Perrig, A., Zhang, J.: Accessory: password inference using accelerometers on smartphones. In: Proceedings of the Twelfth Workshop on Mobile Computing Systems & Applications, HotMobile 2012, pp. 9:1–9:6. ACM, New York (2012)
Google Scholar
Peacock, A., Ke, X., Wilkerson, M.: Typing patterns: a key to user identification. IEEE Security Privacy 2(5), 40–47 (2004)
CrossRef Google Scholar
Android Open Source Project. Android security overview
Google Scholar
Android Open Source Project. Touch devices
Google Scholar
Shi, E., Niu, Y., Jakobsson, M., Chow, R.: Implicit authentication through learning user behavior. In: Burmester, M., Tsudik, G., Magliveras, S., Ilić, I. (eds.) ISC 2010. LNCS, vol. 6531, pp. 99–113. Springer, Heidelberg (2011)
CrossRef Google Scholar
Zahid, S., Shahzad, M., Khayam, S.A., Farooq, M.: Keystroke-based user identification on smart phones. In: Kirda, E., Jha, S., Balzarotti, D. (eds.) RAID 2009. LNCS, vol. 5758, pp. 224–243. Springer, Heidelberg (2009)
CrossRef Google Scholar
Zhu, J., Hu, H., Hu, S., Wu, P., Zhang, J.Y.: Mobile behaviometrics: Models and applications. In: Proceedings of the Second IEEE/CIC International Conference on Communications in China (ICCC), Xi’An, China, August 12-14 (2013)
Google Scholar
Zhu, J., Wu, P., Wang, X., Perrig, A., Hong, J., Zhang, J.Y.: Sensec: Mobile application security through passive sensing. In: Proceedings of International Conference on Computing, Networking and Communications (ICNC 2013), San Diego, CA, USA, January 28-31 (2013)
Google Scholar

Download references

Author information

Authors and Affiliations

Department of Electrical and Computer Engineering, Carnegie Mellon University, Moffett Field, CA, USA
Benjamin Draffin, Jiang Zhu & Joy Zhang

Authors

Benjamin Draffin
View author publications
You can also search for this author in PubMed Google Scholar
Jiang Zhu
View author publications
You can also search for this author in PubMed Google Scholar
Joy Zhang
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Télécom ParisTech Department, 75013, Paris, France
Gérard Memmi
ETH Zürich, 8092, Zürich, Switzerland
Ulf Blanke

Rights and permissions

Reprints and Permissions

Copyright information

About this paper

Cite this paper

Draffin, B., Zhu, J., Zhang, J. (2014). KeySens: Passive User Authentication through Micro-behavior Modeling of Soft Keyboard Interaction. In: Memmi, G., Blanke, U. (eds) Mobile Computing, Applications, and Services. MobiCASE 2013. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 130. Springer, Cham. https://doi.org/10.1007/978-3-319-05452-0_14

Download citation

DOI: https://doi.org/10.1007/978-3-319-05452-0_14
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-05451-3
Online ISBN: 978-3-319-05452-0
eBook Packages: Computer ScienceComputer Science (R0)