Skip to main content
SpringerLink
Log in

I Sensed It Was You: Authenticating Mobile Users with Sensor-Enhanced Keystroke Dynamics

  • Conference paper
Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8550))

Abstract

Mobile devices have become an important part of our everyday life, harvesting more and more confidential user information. Their portable nature and the great exposure to security attacks, however, call out for stronger authentication mechanisms than simple password-based identification. Biometric authentication techniques have shown potential in this context. Unfortunately, prior approaches are either excessively prone to forgery or have too low accuracy to foster widespread adoption.

In this paper, we propose sensor-enhanced keystroke dynamics, a new biometric mechanism to authenticate users typing on mobile devices. The key idea is to characterize the typing behavior of the user via unique sensor features and rely on standard machine learning techniques to perform user authentication. To demonstrate the effectiveness of our approach, we implemented an Android prototype system termed Unagi. Our implementation supports several feature extraction and detection algorithms for evaluation and comparison purposes. Experimental results demonstrate that sensor-enhanced keystroke dynamics can improve the accuracy of recent gestured-based authentication mechanisms (i.e., EER>0.5%) by one order of magnitude, and the accuracy of traditional keystroke dynamics (i.e., EER>7%) by two orders of magnitude.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Cisco visual networking index: Global mobile data traffic forecast update (2012 -2017), http://www.cisco.com/en/US/solutions/collateral/ns341/ns525/ns537/ns705/ns827/white_paper_c11-520862.html

  2. The Symantec smartphone honey stick project, http://www.symantec.com/content/en/us/about/presskits/b-symantec-smartphone-honey-stick-project.en-us.pdf

  3. With 1.6 million smart phones stolen last year, efforts under way to stem the losses, http://www.consumerreports.org/cro/news/2013/06/with-1-6-million-smart-phones-stolen-last-year-efforts-under-way-to-stem-the-losses/index.htm

  4. Araujo, L., Sucupira Jr., L.H.R., Lizarraga, M., Ling, L., Yabu-Uti, J.B.T.: User authentication through typing biometrics features. IEEE Trans. Signal Process. 53(2), 851–855 (2005)

    Article  MathSciNet  Google Scholar 

  5. Aviv, A.J., Gibson, K., Mossop, E., Blaze, M., Smith, J.M.: Smudge attacks on smartphone touch screens. In: Proc. of the 4th USENIX Conf. on Offensive Technologies, pp. 1–7 (2010)

    Google Scholar 

  6. Aviv, A.J., Sapp, B., Blaze, M., Smith, J.M.: Practicality of accelerometer side channels on smartphones. In: Proc. of the 28th Annual Computer Security Appl. Conf., pp. 41–50 (2012)

    Google Scholar 

  7. Bergadano, F., Gunetti, D., Picardi, C.: User authentication through keystroke dynamics. ACM Trans. Inf. Syst. Secur. 5(4), 367–397 (2002)

    Article  Google Scholar 

  8. Brown, P.F., de Souza, P.V., Mercer, R.L., Pietra, V.J.D., Lai, J.C.: Class-based n-gram models of natural language. Comput. Linguist. 18(4), 467–479 (1992)

    Google Scholar 

  9. Burnett, M.: 10,000 top passwords, http://xato.net/passwords/more-top-worst-passwords/

  10. Cai, L., Chen, H.: TouchLogger: Inferring keystrokes on touch screen from smartphone motion. In: Proc. of the Sixth USENIX Workshop on Hot Topics in Security, p. 9 (2011)

    Google Scholar 

  11. Cai, L., Chen, H.: On the practicality of motion based keystroke inference attack. In: Katzenbeisser, S., Weippl, E., Camp, L.J., Volkamer, M., Reiter, M., Zhang, X. (eds.) Trust 2012. LNCS, vol. 7344, pp. 273–290. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  12. Campisi, P., Maiorana, E., Lo Bosco, M., Neri, A.: User authentication using keystroke dynamics for cellular phones. IET Signal Processing 3(4), 333–341 (2009)

    Article  Google Scholar 

  13. Clarke, N.L., Furnell, S.M.: Authenticating mobile phone users using keystroke analysis. Int’l J. Inf. Secur. 6(1), 1–14 (2006)

    Article  Google Scholar 

  14. Clarke, N.L., Furnell, S.M., Lines, B.M., Reynolds, P.L.: Keystroke dynamics on a mobile handset: A feasibility study. Information Management & Computer Security 11(4), 161–166 (2003)

    Article  Google Scholar 

  15. Clarke, N.L., Furnell, S.M.: Authentication of users on mobile telephones-A survey of attitudes and practices. Computers & Security 24(7), 519–527 (2005)

    Article  Google Scholar 

  16. Conti, M., Zachia-Zlatea, I., Crispo, B.: Mind how you answer me!: Transparently authenticating the user of a smartphone when answering or placing a call. In: Proc. of the Sixth ACM Symp. on Information, Computer and Communications Security, pp. 249–259 (2011)

    Google Scholar 

  17. Damopoulos, D., Kambourakis, G., Gritzalis, S.: From keyloggers to touchloggers: Take the rough with the smooth. Computers & Security 32, 102–114 (2013)

    Article  Google Scholar 

  18. De Luca, A., Hang, A., Brudy, F., Lindner, C., Hussmann, H.: Touch me once and i know it’s you!: Implicit authentication based on touch screen patterns. In: Proc. of the SIGCHI Conf. on Human Factors in Computing Systems, pp. 987–996 (2012)

    Google Scholar 

  19. Frank, M., Biedert, R., Ma, E., Martinovic, I., Song, D.: Touchalytics: On the applicability of touchscreen input as a behavioral biometric for continuous authentication. IEEE Trans. Inf. Forensics and Security 8(1), 136–148 (2013)

    Article  Google Scholar 

  20. Gaines, R.S., Lisowski, W., Press, S.J., Shapiro, N.: Authentication by keystroke timing. Tech. rep. (1980)

    Google Scholar 

  21. Guerra Casanova, J., Avila, C., de Santos Sierra, A., Bailador del Pozo, G., Jara Vera, V.: Acceleration axis selection in biometric technique based on gesture recognition. In: Proc. of the Sixth Int’l Conf. on Intelligent Information Hiding and Multimedia Signal Processing, pp. 360–363 (2010)

    Google Scholar 

  22. Han, J., Owusu, E., Nguyen, L., Perrig, A., Zhang, J.: ACComplice: Location inference using accelerometers on smartphones. In: Proc. of the Fourth Int’l Conf. on Communication Systems and Networks, pp. 1–9 (2012)

    Google Scholar 

  23. Huang, X., Lund, G., Sapeluk, A.: Development of a typing behaviour recognition mechanism on android. In: Proc. of the 11th Int’l Conf. on Trust, Security and Privacy in Computing and Communications, pp. 1342–1347 (2012)

    Google Scholar 

  24. Hwang, S.S., Cho, S., Park, S.: Keystroke dynamics-based authentication for mobile devices. Computers & Security 28(1-2), 85–93 (2009)

    Article  Google Scholar 

  25. Joyce, R., Gupta, G.: Identity authentication based on keystroke latencies. Communications of The ACM 33(2), 168–176 (1990)

    Article  Google Scholar 

  26. Kang, P., Hwang, S.-s., Cho, S.: Continual retraining of keystroke dynamics based authenticator. In: Lee, S.-W., Li, S.Z. (eds.) ICB 2007. LNCS, vol. 4642, pp. 1203–1211. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  27. Karatzouni, S., Clarke, N.: Keystroke analysis for thumb-based keyboards on mobile devices. In: Venter, H., Eloff, M., Labuschagne, L., Eloff, J., Solms, R. (eds.) Proc. of the 22nd IFIP Int’l Information Security Conf., pp. 253–263 (2007)

    Google Scholar 

  28. Killourhy, K., Maxion, R.: Why did my detector do that?!: Predicting keystroke-dynamics error rates. In: Jha, S., Sommer, R., Kreibich, C. (eds.) RAID 2010. LNCS, vol. 6307, pp. 256–276. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  29. Killourhy, K.S., Maxion, R.A.: Comparing anomaly-detection algorithms for keystroke dynamics. In: Proc. of the Int’l Conf. on Dependable Systems and Networks, pp. 125–134 (2009)

    Google Scholar 

  30. Kolly, S.M., Wattenhofer, R., Welten, S.: A personal touch: Recognizing users based on touch screen behavior. In: Proc. of the Third Int’l Workshop on Sensing Applications on Mobile Phones, pp. 1–5 (2012)

    Google Scholar 

  31. Kotani, K., Horii, K.: Evaluation on a keystroke authentication system by keying force incorporated with temporal characteristics of keystroke dynamics. Behaviour & Information Technology 24(4), 289–302 (2005)

    Article  Google Scholar 

  32. Leggett, J., Williams, G.: Verifying identity via keystroke characteristics. Int’l J. Man-Mach. Stud. 28(1), 67–76 (1988)

    Article  Google Scholar 

  33. Li, L., Zhao, X., Xue, G.: Unobservable re-authentication for smartphones. In: Proc. of the 20th Network and Distributed System Security Symp. (2013)

    Google Scholar 

  34. Lin, D.T.: Computer-access authentication with neural network based keystroke identity verification. In: Proc. of the Int’l Conf. on Neural Networks, pp. 174–178 (1997)

    Google Scholar 

  35. Liu, M.: A study of mobile sensing using smartphones. Int’l J. of Distributed Sensor Networks 2013(2013)

    Google Scholar 

  36. Maiorana, E., Campisi, P., González-Carballo, N., Neri, A.: Keystroke dynamics authentication for mobile phones. In: Proc. of the ACM Symp. on Applied Computing, pp. 21–26 (2011)

    Google Scholar 

  37. Mantyjarvi, J., Lindholm, M., Vildjiounaite, E., Makela, S.M., Ailisto, H.: Identifying users of portable devices from gait pattern with accelerometers. In: Proc. of the Int’l Conf. on Acoustics, Speech, and Signal Processing, pp. 973–976 (2005)

    Google Scholar 

  38. Meng, T.C., Gupta, P., Gao, D.: I can be you: Questioning the use of keystroke dynamics as biometrics. In: Proc. of the 20th Network and Distributed System Security Symp. (2013)

    Google Scholar 

  39. Meng, Y., Wong, D.S., Schlegel, R., Kwok, L.-F.: Touch gestures based biometric authentication scheme for touchscreen mobile phones. In: Kutyłowski, M., Yung, M. (eds.) Inscrypt 2012. LNCS, vol. 7763, pp. 331–350. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  40. Miluzzo, E., Varshavsky, A., Balakrishnan, S., Choudhury, R.R.: Tapprints: Your finger taps have fingerprints. In: Proc. of the 10th Int’l Conf. on Mobile Systems, Applications, and Services, pp. 323–336 (2012)

    Google Scholar 

  41. Monrose, F., Rubin, A.: Authentication via keystroke dynamics. In: Proc. of the Fourth ACM Conf. on Computer and Communications Security, pp. 48–56 (1997)

    Google Scholar 

  42. Obaidat, M., Sadoun, B.: Verification of computer users using keystroke dynamics. IEEE Trans. Syst. Man, Cybern. B, Cybern. 27(2), 261–269 (1997)

    Article  Google Scholar 

  43. Okumura, F., Kubota, A., Hatori, Y., Matsuo, K., Hashimoto, M., Koike, A.: A study on biometric authentication based on arm sweep action with acceleration sensor. In: Proc. of the Int’l Symp. on Intelligent Signal Processing and Communications, pp. 219–222 (2006)

    Google Scholar 

  44. Owusu, E., Han, J., Das, S., Perrig, A., Zhang, J.: Accessory: Password inference using accelerometers on smartphones. In: Proc. of the 12th Workshop on Mobile Computing Systems and Applications, pp. 1–6 (2012)

    Google Scholar 

  45. Rahman, K., Balagani, K., Phoha, V.: Snoop-forge-replay attacks on continuous verification with keystrokes. IEEE Trans. on Information Forensics and Security 8(3), 528–541 (2013)

    Article  Google Scholar 

  46. de Ru, W.G., Eloff, J.H.P.: Enhanced password authentication through fuzzy logic. IEEE Expert 12(6), 38–45 (1997)

    Article  Google Scholar 

  47. Saevanee, H., Bhatarakosol, P.: User authentication using combination of behavioral biometrics over the touchpad acting like touch screen of mobile device. In: Proc. of the Int’l Conf. on Computer and Electrical Engineering, pp. 82–86 (2008)

    Google Scholar 

  48. Saevanee, H., Bhattarakosol, P.: Authenticating user using keystroke dynamics and finger pressure. In: Proc. of the Sixth IEEE Conf. on Consumer Communications and Networking, pp. 1078–1079 (2009)

    Google Scholar 

  49. Serwadda, A., Phoha, V.V.: Examining a large keystroke biometrics dataset for statistical-attack openings. ACM Trans. Inf. Syst. Secur. 16(2), 1–30 (2013)

    Article  Google Scholar 

  50. Serwadda, A., Phoha, V.V.: When kids’ toys breach mobile phone security. In: Proc. of the 2013 ACM Conf. on Computer and Communications Security, pp. 599–610 (2013)

    Google Scholar 

  51. Shahzad, M., Liu, A.X., Samuel, A.: Secure unlocking of mobile touch screen devices by simple gestures: You can see it but you can not do it. In: Proc. of the 19th Annual Int’l Conf. on Mobile Computing and Networking, pp. 39–50 (2013)

    Google Scholar 

  52. de Souza Faria, G., Kim, H.Y.: Identification of pressed keys from mechanical vibrations. IEEE Trans. Inf. Forensics and Security 8(7), 1221–1229 (2013)

    Article  Google Scholar 

  53. Stefan, D., Shu, X., Yao, D.: Robustness of keystroke-dynamics based biometrics against synthetic forgeries. Computers & Security 31(1), 109–121 (2012)

    Article  Google Scholar 

  54. Tari, F., Ozok, A.A., Holden, S.H.: A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords. In: Proc. of the Second Symp. on Usable Privacy and Security, pp. 56–66 (2006)

    Google Scholar 

  55. Tasi, C.J., Chang, T.Y., Cheng, P.C., Lin, J.H.: Two novel biometric features in keystroke dynamics authentication systems for touch screen devices. Security and Communication Networks (2013)

    Google Scholar 

  56. Trojahn, M., Ortmeier, F.: Biometric authentication through a virtual keyboard for smartphones. Int’l J. Computer Science & Information Technology 4(5) (2012)

    Google Scholar 

  57. Witten, I.H., Frank, E., Hall, M.A.: Data Mining: Practical Machine Learning Tools and Techniques (2011)

    Google Scholar 

  58. Xu, Y., Heinly, J., White, A.M., Monrose, F., Frahm, J.M.: Seeing double: Reconstructing obscured typed input from repeated compromising reflections. In: Proc. of the 2013 ACM Conf. on Computer and Communications Security, pp. 1063–1074 (2013)

    Google Scholar 

  59. Xu, Z., Bai, K., Zhu, S.: TapLogger: Inferring user inputs on smartphone touchscreens using on-board motion sensors. In: Proc. of the Fifth ACM Conf. on Security and Privacy in Wireless and Mobile Networks, pp. 113–124 (2012)

    Google Scholar 

  60. Zahid, S., Shahzad, M., Khayam, S.A., Farooq, M.: Keystroke-based user identificationon smart phones. In: Kirda, E., Jha, S., Balzarotti, D. (eds.) RAID 2009. LNCS, vol. 5758, pp. 224–243. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. VU University Amsterdam, The Netherlands

    Cristiano Giuffrida, Kamil Majdanik & Herbert Bos

  2. University of Padua, Italy

    Mauro Conti

Authors
  1. Cristiano Giuffrida
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kamil Majdanik
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mauro Conti
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Herbert Bos
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, Castle Point on Hudson, Stevens Institute of Technology, 07030, Hoboken, NJ, USA

    Sven Dietrich

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Giuffrida, C., Majdanik, K., Conti, M., Bos, H. (2014). I Sensed It Was You: Authenticating Mobile Users with Sensor-Enhanced Keystroke Dynamics. In: Dietrich, S. (eds) Detection of Intrusions and Malware, and Vulnerability Assessment. DIMVA 2014. Lecture Notes in Computer Science, vol 8550. Springer, Cham. https://doi.org/10.1007/978-3-319-08509-8_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-08509-8_6

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-08508-1

  • Online ISBN: 978-3-319-08509-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation