KeySens: Passive User Authentication through Micro-behavior Modeling of Soft Keyboard Interaction

Mobile devices have become almost ever-present in our daily lives and increasingly so in the professional workplace. Applications put company data, personal information and sensitive documents in the hands of busy nurses at hospitals, company employees on business trips and government workers at large conferences. Smartphones and tablets also not only store data on-device, but users are frequently authorized to access sensitive information in the cloud. Protecting the sensitivity of mobile devices yet not burdening users with complicated and cumbersome active authentication methods is of great importance to the security and convenience of mobile computing. In this paper, we propose a novel passive authentication method; we model the micro-behavior of mobile users’ interaction with their devices’ soft keyboard. We show that the way a user types—the specific location touched on each key, the drift from finger down to finger up, the force of touch, the area of press—reflects their unique physical and behavioral characteristics. We demonstrate that using these micro-behavior features without any contextual information, we can passively identify that a mobile device is being used by a non-authorized user within 5 keypresses 67.7% of the time. This comes with a False Acceptance Rate (FAR) of 32.3% and a False Rejection Rate (FRR) of only 4.6%. Our detection rate after 15 keypresses is 86% with a FAR of 14% and a FRR of only 2.2%.

[1]  Hao Chen,et al.  On the Practicality of Motion Based Keystroke Inference Attack , 2012, TRUST.

[2]  Dawn Xiaodong Song,et al.  Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometric for Continuous Authentication , 2012, IEEE Transactions on Information Forensics and Security.

[3]  Sharath Pankanti,et al.  BIOMETRIC IDENTIFICATION , 2000 .

[4]  Jun Han,et al.  ACCessory: password inference using accelerometers on smartphones , 2012, HotMobile '12.

[5]  Hao Hu,et al.  Mobile Behaviometrics: Models and applications , 2013, 2013 IEEE/CIC International Conference on Communications in China (ICCC).

[6]  Farzad Pourboghrat Multi-layer neural networks for robot control , 1989 .

[7]  Xian Ke,et al.  Typing patterns: a key to user identification , 2004, IEEE Security & Privacy Magazine.

[8]  Muddassar Farooq,et al.  Keystroke-Based User Identification on Smart Phones , 2009, RAID.

[9]  Xiao Wang,et al.  SenSec: Mobile security through passive sensing , 2013, 2013 International Conference on Computing, Networking and Communications (ICNC).

[10]  Michael Beigl,et al.  Activity recognition for creatures of habit , 2014, Pers. Ubiquitous Comput..

[11]  Baptiste Hemery,et al.  Performance Evaluation of Behavioral Biometric Systems , 2010 .

[12]  Roy A. Maxion,et al.  Comparing anomaly-detection algorithms for keystroke dynamics , 2009, 2009 IEEE/IFIP International Conference on Dependable Systems & Networks.

[13]  Claudia Picardi,et al.  User authentication through keystroke dynamics , 2002, TSEC.

[14]  Alessandro Neri,et al.  Keystroke dynamics authentication for mobile phones , 2011, SAC.

[15]  Damon L. Woodard,et al.  Biometric Authentication and Identification using Keystroke Dynamics: A Survey , 2012 .

[16]  Markus Jakobsson,et al.  Implicit Authentication through Learning User Behavior , 2010, ISC.

[17]  Jonna Häkkilä,et al.  Studying applications for touch-enabled mobile phone keypads , 2008, Tangible and Embedded Interaction.