Models were trained with 3000 keystrokes from primary user and 2000 from each of 3 other users.
Models were trained with 3000 keystrokes from primary user and 2000 from each of 3 other users. These models were tested against [on average] 539 ‘primary user’ keystrokes and 489 keystrokes from a wide variety of other users (not used to train the model)
KeySens: Passive User Authentication Through Micro Behavior Modeling of Soft Keyboard Interaction
6-7 November, Paris, France
Ben Draffin, Jiang Zhu, Joy Zhang
Tablet used for patient data
◦ Sensitive, private information
◦ Designed to be easily accessible
Urgent call from other room
◦ Nurse steps away
Bystander picks up tablet,
writes down patient data,
places it back
Results in identity theft
Mobile devices are at high risk of theft
Relatively easy to break into
After phone’s pin is entered, secondary
authentication is rare
Users may take many minutes to realize their
phones are stolen
Provides a way to passively authenticate while
using common, sensitive applications.
Allows for rapid detection of unauthorized
◦ Block their access as quickly as possible.
Uses a variety of sensors available on
Ask for password at opening of every app
◦ Some don’t need it
◦ Gets annoying
Allow for usage under certain situations (at
work, at home)
◦ Prompt if deviations from normal routine
Rely on prompt calls from affected party
◦ Call up IT department to deactivate phone
◦ What if first thing is to turn on airplane mode?
Keystroke Dynamics are a popular subject
◦ Many papers—focusing primarily on desktops
Great success for passwords, good success
for arbitrary text
Typing rate, key-to-key latencies are the
Once people are skilled at typing, they
develop natural rhythms (on desktops)
Detecting keystroke patterns on mobile
phones is challenging
Focus on Desktop-like attributes
◦ Typing rate, timing, di-graphs, tri-graphs, etc.
Need to leverage wealth of smartphone
Use background applications to ―sniff‖
◦ Without direct access to keyboard
Successful demonstrations using
Akin to microphone attacks on typing
◦ Typically single user
◦ Protected applications vs Non-protected
◦ Current location, historical patterns
Touchscreens provide wealth of data
◦ Touch location, pressure, finger size, finger drift
Wide variety of other sensors
◦ Accelerometers, gyroscopes
Limited computing power
◦ Need to use efficient algorithms
Finite battery life
◦ Users are sensitive to battery life impact
◦ Typical usage: lying
down, sitting, walking, passenger in
◦ Need to behave gracefully
Location pressed on key
Length of press (key down to key up)
Force of press
◦ Also, how force changes over key press
Size of finger
Drift of finger during press
Recent accelerometer history
Only use data from a single user’s phone
◦ Generative model rather than Discriminative
Respond quickly when unauthorized user
detected, yet avoid false positives
Work in open, unrestricted environments
◦ How to compensate for users sitting or laying down
13 initial users after short recruiting drive
2 week long collection period
430,000 data points @ ~5/keystroke
Data split into training and testing:
Training Data for Model
Some users are harder to differentiate than
◦ Gaps between ROC curves
◦ Could use more investigation
Pretty good success in the absence of any
◦ Continuing work on incorporating meta-data
◦ With contextual knowledge, accuracy increases
Addresses: How to block
unauthorized users from
Leverages a variety of sensors
(besides just keyboard)
Developed as part of a larger
behavioral analysis program
at Carnegie Mellon Univ.-SV
Led by Joy Zhang and Jiang Zhu
◦ Bring Your Own Device (BYOD)
Parents with children
Nurses with mobile devices
for patient records
Require use of the default Android keyboard
during password or sensitive text entry
Disable sensors while entering text into
Collaborate with context awareness groups or
side channel attack researchers
Consider research into swiping gestures
◦ Use keyboard interaction to
detect unauthorized users
◦ Leverage keyboard and sensors
to block unauthorized users
CyLab at Carnegie Mellon
Northrop Grumman Cybersecurity Research
◦ Research award for ―Privacy Preserved Personal Big
Data Analytics through Fog Computing''
Passive User Authentication through Microbehavior Modeling of Soft Keyboard Interaction
Salil P. Banerjee and Damon L. Woodard. Biometric authentication and identification using
keystroke dynamics: A survey. Journal of Pattern Recognition Research, 2012.
Francesco Bergadano, Daniele Gunetti, and Claudia Picardi. User authentication through
keystroke dynamics. ACM Trans. Inf. Syst. Secur., 5(4):367–397, November 2002.
Liang Cai and Hao Chen. On the practicality of motion based keystroke inference attack. In
Stefan Katzenbeisser, Edgar Weippl, L.Jean Camp, Melanie Volkamer, Mike Reiter, and Xinwen
Zhang, editors, Trust and Trustworthy Computing, volume 7344 of Lecture Notes in Computer
Science, pages 273–290. Springer Berlin Heidelberg, 2012.
F. Cherifi, B. Hemery, R. Giot, M. Pasquet, and C. Rosenberger. Performance evaluation of
behavioral biometric systems. In Behavioral Biometrics for Human Identication: Intelligent
Applications, pages 57–74. IGI Global, 2010.
Richard O. Duda, Peter E. Hart, and David. G. Stork. Multi-layer neural networks. In Pattern
Classication, 2nd Edition, volume 2. John Wiley and Sons, Inc., 2001.
M. Frank, R. Biedert, E. Ma, I. Martinovic, and D. Song. Touchalytics: On the applicability of
touchscreen input as a behavioral biometric for continuous authentication. Information
Forensics and Security, IEEE Transactions on, 8(1):136–148, 2013.
Dawud Gordon, Jrgen Czerny, and Michael Beigl. Activity recognition for creatures of habit.
Personal and Ubiquitous Computing, pages 1–17, 2013.
Paul Holleis, Jussi Huhtala, and Jonna H¨akkil¨a. Studying applications for touch-enabled
mobile phone keypads. In Proceedings of the 2nd international conference on Tangible and
embedded interaction, TEI ’08, pages 15–18, New York, NY, USA, 2008. ACM.
Anil Jain, Lin Hong, and Sharath Pankanti. Biometric identification. Commun. ACM, 43(2):90–
98, February 2000.
K.S. Killourhy and R.A. Maxion. Comparing anomaly-detection algorithms for keystroke
dynamics. In Dependable Systems Networks, 2009. DSN '09. IEEE/IFIP International Conference
on, pages 125–134, 2009.
Emanuele Maiorana, Patrizio Campisi, Noelia Gonz´alez-Carballo, and Alessandro Neri.
Keystroke dynamics authentication for mobile phones. In Proceedings of the 011 ACM
Symposium on Applied Computing, SAC ’11, pages 21–26, New York, NY, USA, 2011. ACM.
Emmanuel Owusu, Jun Han, Sauvik Das, Adrian Perrig, and Joy Zhang. Accessory: password
inference using accelerometers on smartphones. In Proceedings of the Twelfth Workshop on
Mobile Computing Systems & Applications, HotMobile ’12, pages 9:1–9:6, New
York, NY, USA, 2012. ACM.
A. Peacock, Xian Ke, and M. Wilkerson. Typing patterns: a key to user identification. Security
Privacy, IEEE, 2(5):40 –47, sept.-oct. 2004.
Elaine Shi, Yuan Niu, Markus Jakobsson, and Richard Chow. Implicit authentication through
learning user behavior. In Mike Burmester, Gene Tsudik, Spyros Magliveras, and Ivana
Ili, editors, Information Security, volume 6531 of Lecture Notes in Computer Science, pages
99–113. Springer Berlin Heidelberg, 2011.
Saira Zahid, Muhammad Shahzad, SyedAli Khayam, and Muddassar Farooq. Keystroke-based
user identification on smart phones. In Engin Kirda, Somesh Jha, and Davide
Balzarotti, editors, Recent Advances in Intrusion Detection, volume 5758 of Lecture Notes in
Computer Science, pages 224–243. Springer Berlin Heidelberg, 2009.
Jiang Zhu, Hao Hu, Sky Hu, Pang Wu, and Joy Ying Zhang. Mobile behaviometrics: Models and
applications. In Proceedings of the Second IEEE/CIC Inter- national Conference on
Communications in China (ICCC), Xi’An, China, August 12-14 2013.
Jiang Zhu, Pang Wu, Xiao Wang, Adrian Perrig, Jason Hong, and Joy Ying Zhang. Sensec: Mobile
application security through passive sensing. In Proceedings of International Conference on
Computing, Networking and Communications. (ICNC 2013), San Diego, CA, USA, January 2831 2013.