TapDynamics : Strengthening User Authentication on Mobile Phones with Keystroke Dynamics

The convenience and ubiquity of mobile devices make them a rich source of personal data such as email and financial information. Unfortunately, this data is often guaded by only a simple drawing pattern or short PIN code, which recent literature has shown to be woefully insecure [1]; as a particularly scary example, Bonneau’s recent work suggests that an attacker can guess most users’ PIN codes after only eleven attempts [2]. With the the rise of smartphone theft, we see a crucial need for stronger security mechanisms that protect a user’s data on smartphones. Our project aims to address this problem by strengthening user authentication when a person unlocks/logs into a phone. Specifically, we construct and analyze four keystroke dynamic classifiers that use a smartphone’s sensors to learn the key tap behavior of the true owner. After this training, our classifiers can be used to determine whether a login attempt is being made by the true owner or by an attacker who has guessed the owner’s PIN.

[1]  Andrew Beng Jin Teoh,et al.  A Survey of Keystroke Dynamics Biometrics , 2013, TheScientificWorldJournal.

[2]  Arun Ross,et al.  Biometric authentication via keystroke sound , 2013, 2013 International Conference on Biometrics (ICB).

[3]  Fabian Monrose,et al.  Keystroke dynamics as a biometric for authentication , 2000, Future Gener. Comput. Syst..

[4]  Roy A. Maxion,et al.  Keystroke biometrics with number-pad input , 2010, 2010 IEEE/IFIP International Conference on Dependable Systems & Networks (DSN).

[5]  Alessandro Neri,et al.  Keystroke dynamics authentication for mobile phones , 2011, SAC.

[6]  Ross J. Anderson,et al.  A Birthday Present Every Eleven Wallets? The Security of Customer-Chosen Banking PINs , 2012, Financial Cryptography.

[7]  Roy A. Maxion,et al.  Comparing anomaly-detection algorithms for keystroke dynamics , 2009, 2009 IEEE/IFIP International Conference on Dependable Systems & Networks.

[8]  Nathan Clarke,et al.  Deployment of Keystroke Analysis on a Smartphone , 2008 .