Abstract
Mobile devices have become almost ever-present in our daily lives and increasingly so in the professional workplace. Applications put company data, personal information and sensitive documents in the hands of busy nurses at hospitals, company employees on business trips and government workers at large conferences. Smartphones and tablets also not only store data on-device, but users are frequently authorized to access sensitive information in the cloud. Protecting the sensitivity of mobile devices yet not burdening users with complicated and cumbersome active authentication methods is of great importance to the security and convenience of mobile computing. In this paper, we propose a novel passive authentication method; we model the micro-behavior of mobile users’ interaction with their devices’ soft keyboard. We show that the way a user types—the specific location touched on each key, the drift from finger down to finger up, the force of touch, the area of press—reflects their unique physical and behavioral characteristics. We demonstrate that using these micro-behavior features without any contextual information, we can passively identify that a mobile device is being used by a non-authorized user within 5 keypresses 67.7% of the time. This comes with a False Acceptance Rate (FAR) of 32.3% and a False Rejection Rate (FRR) of only 4.6%. Our detection rate after 15 keypresses is 86% with a FAR of 14% and a FRR of only 2.2%.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Banerjee, S.P., Woodard, D.L.: Biometric authentication and identification using keystroke dynamics: A survey. Journal of Pattern Recognition Research (2012)
Bergadano, F., Gunetti, D., Picardi, C.: User authentication through keystroke dynamics. ACM Trans. Inf. Syst. Secur. 5(4), 367–397 (2002)
Cai, L., Chen, H.: On the practicality of motion based keystroke inference attack. In: Katzenbeisser, S., Weippl, E., Camp, L.J., Volkamer, M., Reiter, M., Zhang, X. (eds.) Trust 2012. LNCS, vol. 7344, pp. 273–290. Springer, Heidelberg (2012)
Cherifi, F., Hemery, B., Giot, R., Pasquet, M., Rosenberger, C.: Performance evaluation of behavioral biometric systems. In: Behavioral Biometrics for Human Identification: Intelligent Applications, pp. 57–74. IGI Global (2010)
Duda, R.O., Hart, P.E., Stork, D.G.: Multi-layer neural networks. In: Pattern Classification, 2nd edn., vol. 2. John Wiley and Sons, Inc. (2001)
Frank, M., Biedert, R., Ma, E., Martinovic, I., Song, D.: Touchalytics: On the applicability of touchscreen input as a behavioral biometric for continuous authentication. IEEE Transactions on Information Forensics and Security 8(1), 136–148 (2013)
Gordon, D., Czerny, J., Beigl, M.: Activity recognition for creatures of habit. In: Personal and Ubiquitous Computing, pp. 1–17 (2013)
Holleis, P., Huhtala, J., Häkkilä, J.: Studying applications for touch-enabled mobile phone keypads. In: Proceedings of the 2nd International Conference on Tangible and Embedded Interaction, TEI 2008, pp. 15–18. ACM, New York (2008)
Jain, A., Hong, L., Pankanti, S.: Biometric identification. Commun. ACM 43(2), 90–98 (2000)
Killourhy, K.S., Maxion, R.A.: Comparing anomaly-detection algorithms for keystroke dynamics. In: IEEE/IFIP International Conference on Dependable Systems Networks, DSN 2009, pp. 125–134 (2009)
Maiorana, E., Campisi, P., González-Carballo, N., Neri, A.: Keystroke dynamics authentication for mobile phones. In: Proceedings of the 2011 ACM Symposium on Applied Computing, SAC 2011, pp. 21–26. ACM, New York (2011)
International Standards Organization. Biometric performance testing and reporting (2006)
Owusu, E., Han, J., Das, S., Perrig, A., Zhang, J.: Accessory: password inference using accelerometers on smartphones. In: Proceedings of the Twelfth Workshop on Mobile Computing Systems & Applications, HotMobile 2012, pp. 9:1–9:6. ACM, New York (2012)
Peacock, A., Ke, X., Wilkerson, M.: Typing patterns: a key to user identification. IEEE Security Privacy 2(5), 40–47 (2004)
Android Open Source Project. Android security overview
Android Open Source Project. Touch devices
Shi, E., Niu, Y., Jakobsson, M., Chow, R.: Implicit authentication through learning user behavior. In: Burmester, M., Tsudik, G., Magliveras, S., Ilić, I. (eds.) ISC 2010. LNCS, vol. 6531, pp. 99–113. Springer, Heidelberg (2011)
Zahid, S., Shahzad, M., Khayam, S.A., Farooq, M.: Keystroke-based user identification on smart phones. In: Kirda, E., Jha, S., Balzarotti, D. (eds.) RAID 2009. LNCS, vol. 5758, pp. 224–243. Springer, Heidelberg (2009)
Zhu, J., Hu, H., Hu, S., Wu, P., Zhang, J.Y.: Mobile behaviometrics: Models and applications. In: Proceedings of the Second IEEE/CIC International Conference on Communications in China (ICCC), Xi’An, China, August 12-14 (2013)
Zhu, J., Wu, P., Wang, X., Perrig, A., Hong, J., Zhang, J.Y.: Sensec: Mobile application security through passive sensing. In: Proceedings of International Conference on Computing, Networking and Communications (ICNC 2013), San Diego, CA, USA, January 28-31 (2013)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Draffin, B., Zhu, J., Zhang, J. (2014). KeySens: Passive User Authentication through Micro-behavior Modeling of Soft Keyboard Interaction. In: Memmi, G., Blanke, U. (eds) Mobile Computing, Applications, and Services. MobiCASE 2013. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 130. Springer, Cham. https://doi.org/10.1007/978-3-319-05452-0_14
Download citation
DOI: https://doi.org/10.1007/978-3-319-05452-0_14
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-05451-3
Online ISBN: 978-3-319-05452-0
eBook Packages: Computer ScienceComputer Science (R0)