Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
MobiCASE 2013
6-7 November, Paris, France
Ben Draffin, Jiang Zhu, Joy Zhang

1


Tablet used for patient data
◦ Sensitive, private information
◦ Designed to be easily accessible



Urgent call from o...


Mobile devices are at high risk of theft



Relatively easy to break into





(Zahid 2009)

After phone’s pin is en...




Provides a way to passively authenticate while
using common, sensitive applications.
Allows for rapid detection of u...


Ask for password at opening of every app
◦ Some don’t need it
◦ Gets annoying



Allow for usage under certain situati...


Keystroke Dynamics are a popular subject
◦ Many papers—focusing primarily on desktops







Great success for passw...




Detecting keystroke patterns on mobile
phones is challenging
Focus on Desktop-like attributes
◦ Typing rate, timing,...


Use background applications to ―sniff‖
keystrokes
◦ Without direct access to keyboard





Successful demonstrations ...


Frequent use
◦ Typically single user



Context awareness
◦ Protected applications vs Non-protected
◦ Current location...


Limited computing power
◦ Need to use efficient algorithms



Finite battery life
◦ Users are sensitive to battery lif...
11




Location pressed on key
Length of press (key down to key up)
Force of press
◦ Also, how force changes over key pres...
13
14


From finger down to finger up

15


Only use data from a single user’s phone
◦ Generative model rather than Discriminative





Respond quickly when unau...


13 initial users after short recruiting drive
2 week long collection period
86,000 keystrokes
430,000 data points @ ~5/...
18
19
Intrusion Detection Rate: 67.7%
FAR:32.3%
FRR:4.6%

20
Intrustion Detection Rate:84.8%
FAR: 15.2%
FRR: 2.2%

21


Some users are harder to differentiate than
others
◦ Gaps between ROC curves
◦ Could use more investigation



Pretty ...








Addresses: How to block
unauthorized users from
protected applications?
Leverages a variety of sensors
(beside...


Employees' phones
◦ Bring Your Own Device (BYOD)









Delivery persons
IT administrators
Parents with childre...
25








Require use of the default Android keyboard
during password or sensitive text entry
Disable sensors while ente...


KeySens
◦ Use keyboard interaction to
detect unauthorized users



SenSec
◦ Leverage keyboard and sensors
to block una...





CyLab at Carnegie Mellon
Northrop Grumman Cybersecurity Research
Consortium
Cisco
◦ Research award for ―Privacy Pr...
Passive User Authentication through Microbehavior Modeling of Soft Keyboard Interaction

Thank You
MobiCASE 2013

29














Salil P. Banerjee and Damon L. Woodard. Biometric authentication and identification using
keystroke...















K.S. Killourhy and R.A. Maxion. Comparing anomaly-detection algorithms for keystroke
dynamics. In D...
Upcoming SlideShare
Loading in …5
×

KeySens: Passive User Authentication Through Micro Behavior Modeling of Soft Keyboard Interaction

1,123 views

Published on

KeySens: Passive User Authentication through Micro behavior Modeling of Soft Keyboard Interaction

Published in: Technology
  • Be the first to comment

KeySens: Passive User Authentication Through Micro Behavior Modeling of Soft Keyboard Interaction

  1. 1. MobiCASE 2013 6-7 November, Paris, France Ben Draffin, Jiang Zhu, Joy Zhang 1
  2. 2.  Tablet used for patient data ◦ Sensitive, private information ◦ Designed to be easily accessible  Urgent call from other room ◦ Nurse steps away   Bystander picks up tablet, writes down patient data, places it back Results in identity theft 2
  3. 3.  Mobile devices are at high risk of theft  Relatively easy to break into   (Zahid 2009) After phone’s pin is entered, secondary authentication is rare Users may take many minutes to realize their phones are stolen 3
  4. 4.   Provides a way to passively authenticate while using common, sensitive applications. Allows for rapid detection of unauthorized users ◦ Block their access as quickly as possible.  Uses a variety of sensors available on common smartphones 4
  5. 5.  Ask for password at opening of every app ◦ Some don’t need it ◦ Gets annoying  Allow for usage under certain situations (at work, at home) ◦ Prompt if deviations from normal routine  Rely on prompt calls from affected party ◦ Call up IT department to deactivate phone ◦ What if first thing is to turn on airplane mode? 5
  6. 6.  Keystroke Dynamics are a popular subject ◦ Many papers—focusing primarily on desktops    Great success for passwords, good success for arbitrary text Typing rate, key-to-key latencies are the primary features Once people are skilled at typing, they develop natural rhythms (on desktops) 6
  7. 7.   Detecting keystroke patterns on mobile phones is challenging Focus on Desktop-like attributes ◦ Typing rate, timing, di-graphs, tri-graphs, etc.  Need to leverage wealth of smartphone features 7
  8. 8.  Use background applications to ―sniff‖ keystrokes ◦ Without direct access to keyboard   Successful demonstrations using accelerometers Akin to microphone attacks on typing 8
  9. 9.  Frequent use ◦ Typically single user  Context awareness ◦ Protected applications vs Non-protected ◦ Current location, historical patterns  Touchscreens provide wealth of data ◦ Touch location, pressure, finger size, finger drift  Wide variety of other sensors ◦ Accelerometers, gyroscopes 9
  10. 10.  Limited computing power ◦ Need to use efficient algorithms  Finite battery life ◦ Users are sensitive to battery life impact  Highly mobile ◦ Typical usage: lying down, sitting, walking, passenger in car/train/subway system ◦ Need to behave gracefully 10
  11. 11. 11
  12. 12.    Location pressed on key Length of press (key down to key up) Force of press ◦ Also, how force changes over key press     Size of finger Drift of finger during press Recent accelerometer history Orientation (depreciated) 12
  13. 13. 13
  14. 14. 14
  15. 15.  From finger down to finger up 15
  16. 16.  Only use data from a single user’s phone ◦ Generative model rather than Discriminative   Respond quickly when unauthorized user detected, yet avoid false positives Work in open, unrestricted environments ◦ How to compensate for users sitting or laying down 16
  17. 17.  13 initial users after short recruiting drive 2 week long collection period 86,000 keystrokes 430,000 data points @ ~5/keystroke  Data split into training and testing:    Training Data for Model 50% CV 15% Training for Keys 15% CV for Keys 10% Final Testing 15% 17
  18. 18. 18
  19. 19. 19
  20. 20. Intrusion Detection Rate: 67.7% FAR:32.3% FRR:4.6% 20
  21. 21. Intrustion Detection Rate:84.8% FAR: 15.2% FRR: 2.2% 21
  22. 22.  Some users are harder to differentiate than others ◦ Gaps between ROC curves ◦ Could use more investigation  Pretty good success in the absence of any contextual information. ◦ Continuing work on incorporating meta-data ◦ With contextual knowledge, accuracy increases 22
  23. 23.     Addresses: How to block unauthorized users from protected applications? Leverages a variety of sensors (besides just keyboard) Developed as part of a larger behavioral analysis program at Carnegie Mellon Univ.-SV Led by Joy Zhang and Jiang Zhu 23
  24. 24.  Employees' phones ◦ Bring Your Own Device (BYOD)       Delivery persons IT administrators Parents with children Social events Business travelers Nurses with mobile devices for patient records 24
  25. 25. 25
  26. 26.     Require use of the default Android keyboard during password or sensitive text entry Disable sensors while entering text into password fields Collaborate with context awareness groups or side channel attack researchers Consider research into swiping gestures 26
  27. 27.  KeySens ◦ Use keyboard interaction to detect unauthorized users  SenSec ◦ Leverage keyboard and sensors to block unauthorized users   Applications Next Steps 27
  28. 28.    CyLab at Carnegie Mellon Northrop Grumman Cybersecurity Research Consortium Cisco ◦ Research award for ―Privacy Preserved Personal Big Data Analytics through Fog Computing'' Cybersecurity Research Consortium 28
  29. 29. Passive User Authentication through Microbehavior Modeling of Soft Keyboard Interaction Thank You MobiCASE 2013 29
  30. 30.          Salil P. Banerjee and Damon L. Woodard. Biometric authentication and identification using keystroke dynamics: A survey. Journal of Pattern Recognition Research, 2012. Francesco Bergadano, Daniele Gunetti, and Claudia Picardi. User authentication through keystroke dynamics. ACM Trans. Inf. Syst. Secur., 5(4):367–397, November 2002. Liang Cai and Hao Chen. On the practicality of motion based keystroke inference attack. In Stefan Katzenbeisser, Edgar Weippl, L.Jean Camp, Melanie Volkamer, Mike Reiter, and Xinwen Zhang, editors, Trust and Trustworthy Computing, volume 7344 of Lecture Notes in Computer Science, pages 273–290. Springer Berlin Heidelberg, 2012. F. Cherifi, B. Hemery, R. Giot, M. Pasquet, and C. Rosenberger. Performance evaluation of behavioral biometric systems. In Behavioral Biometrics for Human Identication: Intelligent Applications, pages 57–74. IGI Global, 2010. Richard O. Duda, Peter E. Hart, and David. G. Stork. Multi-layer neural networks. In Pattern Classication, 2nd Edition, volume 2. John Wiley and Sons, Inc., 2001. M. Frank, R. Biedert, E. Ma, I. Martinovic, and D. Song. Touchalytics: On the applicability of touchscreen input as a behavioral biometric for continuous authentication. Information Forensics and Security, IEEE Transactions on, 8(1):136–148, 2013. Dawud Gordon, Jrgen Czerny, and Michael Beigl. Activity recognition for creatures of habit. Personal and Ubiquitous Computing, pages 1–17, 2013. Paul Holleis, Jussi Huhtala, and Jonna H¨akkil¨a. Studying applications for touch-enabled mobile phone keypads. In Proceedings of the 2nd international conference on Tangible and embedded interaction, TEI ’08, pages 15–18, New York, NY, USA, 2008. ACM. Anil Jain, Lin Hong, and Sharath Pankanti. Biometric identification. Commun. ACM, 43(2):90– 98, February 2000. 30
  31. 31.         K.S. Killourhy and R.A. Maxion. Comparing anomaly-detection algorithms for keystroke dynamics. In Dependable Systems Networks, 2009. DSN '09. IEEE/IFIP International Conference on, pages 125–134, 2009. Emanuele Maiorana, Patrizio Campisi, Noelia Gonz´alez-Carballo, and Alessandro Neri. Keystroke dynamics authentication for mobile phones. In Proceedings of the 011 ACM Symposium on Applied Computing, SAC ’11, pages 21–26, New York, NY, USA, 2011. ACM. Emmanuel Owusu, Jun Han, Sauvik Das, Adrian Perrig, and Joy Zhang. Accessory: password inference using accelerometers on smartphones. In Proceedings of the Twelfth Workshop on Mobile Computing Systems & Applications, HotMobile ’12, pages 9:1–9:6, New York, NY, USA, 2012. ACM. A. Peacock, Xian Ke, and M. Wilkerson. Typing patterns: a key to user identification. Security Privacy, IEEE, 2(5):40 –47, sept.-oct. 2004. Elaine Shi, Yuan Niu, Markus Jakobsson, and Richard Chow. Implicit authentication through learning user behavior. In Mike Burmester, Gene Tsudik, Spyros Magliveras, and Ivana Ili, editors, Information Security, volume 6531 of Lecture Notes in Computer Science, pages 99–113. Springer Berlin Heidelberg, 2011. Saira Zahid, Muhammad Shahzad, SyedAli Khayam, and Muddassar Farooq. Keystroke-based user identification on smart phones. In Engin Kirda, Somesh Jha, and Davide Balzarotti, editors, Recent Advances in Intrusion Detection, volume 5758 of Lecture Notes in Computer Science, pages 224–243. Springer Berlin Heidelberg, 2009. Jiang Zhu, Hao Hu, Sky Hu, Pang Wu, and Joy Ying Zhang. Mobile behaviometrics: Models and applications. In Proceedings of the Second IEEE/CIC Inter- national Conference on Communications in China (ICCC), Xi’An, China, August 12-14 2013. Jiang Zhu, Pang Wu, Xiao Wang, Adrian Perrig, Jason Hong, and Joy Ying Zhang. Sensec: Mobile application security through passive sensing. In Proceedings of International Conference on Computing, Networking and Communications. (ICNC 2013), San Diego, CA, USA, January 2831 2013. 31

×