Authentication on the Go: Assessing the Effect of Movement on Mobile Device Keystroke Dynamics

Transparent authentication based on behavioral biometrics has the potential to improve the usability of mobile authentication due to the lack of a possibly intrusive user interface. Keystroke dynamics, or typing behavior, is a potentially rich source of biometric information for those that type frequently, and thus has been studied widely as an authenticator on touch-based mobile devices. However, the typingwhile-moving scenario that characterizes mobile device use may change keystroke-based patterns sufficiently that typing biometrics-based authentication may not be viable. This paper presents a user study on the effects of user movement while typing on the effectiveness of keystroke dynamics as an authenticator. Using the dynamic text-based keystroke timings of 36 study participants, we first show that näıvely measuring patterns without considering position (e.g., sitting, standing or walking while typing) results in generic patterns that are little better than chance. We show that first determining the user’s position before classifying their typing behavior, our two-phased approach, inferred the user’s position with an AUC of above 90%, and the user’s typing pattern was classified with an AUC of over 93%. Our results show that user typing patterns are a viable secondary or continuous post-PIN authentication method, even when movement changes a user’s typing pattern.

[1]  Alessandro Neri,et al.  Keystroke dynamics authentication for mobile phones , 2011, SAC.

[2]  Bin Liu,et al.  A two-layer and multi-strategy framework for human activity recognition using smartphone , 2016, 2016 IEEE International Conference on Communications (ICC).

[3]  John Williamson,et al.  Detecting Swipe Errors on Touchscreens using Grip Modulation , 2016, CHI.

[4]  Steven Furnell,et al.  Authenticating mobile phone users using keystroke analysis , 2006, International Journal of Information Security.

[5]  Heather Crawford Keystroke dynamics: Characteristics and opportunities , 2010, 2010 Eighth International Conference on Privacy, Security and Trust.

[6]  Andreas P. Heiner,et al.  A closer look at recognition-based graphical passwords on mobile devices , 2010, SOUPS.

[7]  Fabian Monrose,et al.  Keystroke dynamics as a biometric for authentication , 2000, Future Gener. Comput. Syst..

[8]  Claudia Picardi,et al.  User authentication through keystroke dynamics , 2002, TSEC.

[9]  I. Scott MacKenzie,et al.  Phrase sets for evaluating text entry techniques , 2003, CHI Extended Abstracts.

[10]  Yeliz Yesilada,et al.  What input errors do you experience? Typing and pointing errors of mobile Web users , 2010, Int. J. Hum. Comput. Stud..

[11]  Tim Storer,et al.  A framework for continuous, transparent mobile device authentication , 2013, Comput. Secur..

[12]  Mauro Conti,et al.  Mind how you answer me!: transparently authenticating the user of a smartphone when answering or placing a call , 2011, ASIACCS '11.

[13]  Muhammad Usman Ilyas,et al.  Activity recognition using smartphone sensors , 2013, 2013 IEEE 10th Consumer Communications and Networking Conference (CCNC).

[14]  Cheng-Jung Tsai,et al.  A graphical-based password keystroke dynamic authentication system for touch screen handheld mobile devices , 2012, J. Syst. Softw..

[15]  Terence Sim,et al.  Are Digraphs Good for Free-Text Keystroke Dynamics? , 2007, 2007 IEEE Conference on Computer Vision and Pattern Recognition.

[16]  Florian Alt,et al.  Improving Accuracy, Applicability and Usability of Keystroke Biometrics on Mobile Touchscreen Devices , 2015, CHI.

[17]  Kevin Warwick,et al.  User-Friendly Free-Text Keystroke Dynamics Authentication for Practical Applications , 2013, 2013 IEEE International Conference on Systems, Man, and Cybernetics.

[18]  Patrick Traynor,et al.  (sp)iPhone: decoding vibrations from nearby keyboards using mobile phone accelerometers , 2011, CCS '11.

[19]  Michael K. Reiter,et al.  Password hardening based on keystroke dynamics , 2002, International Journal of Information Security.

[20]  Mauro Conti,et al.  I Sensed It Was You: Authenticating Mobile Users with Sensor-Enhanced Keystroke Dynamics , 2014, DIMVA.

[21]  Xiaohong Guan,et al.  Performance Analysis of Motion-Sensor Behavior for User Authentication on Smartphones , 2016, Sensors.

[22]  David P. Quigley,et al.  Texting while walking: an evaluation of mini-qwerty text input while on-the-go , 2014, MobileHCI '14.

[23]  Claudia Picardi,et al.  Keystroke analysis of free text , 2005, TSEC.

[24]  Issa Traoré,et al.  Digital Fingerprinting Based on Keystroke Dynamics , 2008, HAISA.

[25]  Tim Dallas,et al.  Feature Selection and Activity Recognition System Using a Single Triaxial Accelerometer , 2014, IEEE Transactions on Biomedical Engineering.

[26]  Dawn Xiaodong Song,et al.  Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometric for Continuous Authentication , 2012, IEEE Transactions on Information Forensics and Security.

[27]  Jacob O. Wobbrock,et al.  WalkType: using accelerometer data to accomodate situational impairments in mobile touch screen text entry , 2012, CHI.

[28]  Steven Furnell,et al.  Advanced user authentication for mobile devices , 2007, Comput. Secur..

[29]  John J. Leggett,et al.  Dynamic Identity Verification via Keystroke Characteristics , 1991, Int. J. Man Mach. Stud..

[30]  Roy A. Maxion,et al.  The Effect of Clock Resolution on Keystroke Dynamics , 2008, RAID.

[31]  Nathan Clarke,et al.  Deployment of Keystroke Analysis on a Smartphone , 2008 .

[32]  Shumin Zhai,et al.  Touch behavior with different postures on soft smartphone keyboards , 2012, Mobile HCI.

[33]  Thomas Green,et al.  An In-Depth Look into the Text Entry User Experience on the iPhone , 2008 .

[34]  Per Ola Kristensson,et al.  Performance comparisons of phrase sets and presentation styles for text entry evaluations , 2012, IUI '12.

[35]  Sahin Albayrak,et al.  Continuous and non-intrusive identity verification in real-time environments based on free-text keystroke dynamics , 2011, 2011 International Joint Conference on Biometrics (IJCB).

[36]  Roy A. Maxion,et al.  Comparing anomaly-detection algorithms for keystroke dynamics , 2009, 2009 IEEE/IFIP International Conference on Dependable Systems & Networks.

[37]  Ian H. Witten,et al.  The WEKA data mining software: an update , 2009, SKDD.

[38]  Xiaoyuan Suo,et al.  A Study of Graphical Password for Mobile Devices , 2013, MobiCASE.

[39]  Kevin Warwick,et al.  Keystroke Dynamics Authentication: A Survey of Free-text Methods , 2013 .

[40]  Michael R. Lyu,et al.  Towards Continuous and Passive Authentication via Touch Biometrics: An Experimental Study on Smartphones , 2014, SOUPS.

[41]  Juan-Luis Gorricho,et al.  Activity Recognition from Accelerometer Data on a Mobile Phone , 2009, IWANN.