Behaviometrics: Behavior Modeling from Heterogeneous Sensory Time-SeriesJiang Zhu
Over the decades, we have seen tremendous success in biometrics technologies being used in all types of applications based on the physical attributes of the individual such as face, fingerprints, voice and iris. Inspired by this, we introduce a new concept Mobile Behaviometrics, which uses algorithms and models to measure and quantify unique human behavioral patterns in place of human bio-attributes. Behaviometrics algorithms take multiple data from various sensors as input and fuse them to build behavioral models which are capable of producing application specific quantitative analysis on the unique individuals that were the originators of the data.
We introduce a new mobile system framework, SenSec, which uses passive sensory data to ensure the security of applications and data on mobile devices.
SenSec constantly collects sensory data from accelerometers, gyroscopes and magnetometers and constructs the gesture model of how a user uses the device.
SenSec calculates the sureness that the mobile device is being used by its owner.
Based on the sureness score, mobile devices can dynamically request the user to provide active authentication (such as a strong password), or disable certain features of the mobile devices to protect user's privacy and information security.
In this paper, we model such gesture patterns through a continuous n-gram language model using a set of features constructed from these sensors. We built mobile application prototype based on this model and use it to perform both user classification and user authentication experiments. User studies show that SenSec can achieve 75 accuracy in identifying the users and 71.3 accuracy in detecting the non-owners with only 13.1 false alarms.
The penetration of mobile devices equipped with various embedded sensors also make it possible to capture the physical and virtual context of the user and surrounding environment. Further, the modeling of human behaviors based on those data becomes very important due to the increasing popularity of context-aware computing and people-centric applications, which utilize users' behavior pattern to improve the existing services or enable new services. In many natural settings, however, their broader applications are hindered by three main challenges: rarity of labels, uncertainty of activity granularities, and the difficulty of multi-dimensional sensor fusion.
Behaviometrics: Behavior Modeling from Heterogeneous Sensory Time-SeriesJiang Zhu
Over the decades, we have seen tremendous success in biometrics technologies being used in all types of applications based on the physical attributes of the individual such as face, fingerprints, voice and iris. Inspired by this, we introduce a new concept Mobile Behaviometrics, which uses algorithms and models to measure and quantify unique human behavioral patterns in place of human bio-attributes. Behaviometrics algorithms take multiple data from various sensors as input and fuse them to build behavioral models which are capable of producing application specific quantitative analysis on the unique individuals that were the originators of the data.
We introduce a new mobile system framework, SenSec, which uses passive sensory data to ensure the security of applications and data on mobile devices.
SenSec constantly collects sensory data from accelerometers, gyroscopes and magnetometers and constructs the gesture model of how a user uses the device.
SenSec calculates the sureness that the mobile device is being used by its owner.
Based on the sureness score, mobile devices can dynamically request the user to provide active authentication (such as a strong password), or disable certain features of the mobile devices to protect user's privacy and information security.
In this paper, we model such gesture patterns through a continuous n-gram language model using a set of features constructed from these sensors. We built mobile application prototype based on this model and use it to perform both user classification and user authentication experiments. User studies show that SenSec can achieve 75 accuracy in identifying the users and 71.3 accuracy in detecting the non-owners with only 13.1 false alarms.
The penetration of mobile devices equipped with various embedded sensors also make it possible to capture the physical and virtual context of the user and surrounding environment. Further, the modeling of human behaviors based on those data becomes very important due to the increasing popularity of context-aware computing and people-centric applications, which utilize users' behavior pattern to improve the existing services or enable new services. In many natural settings, however, their broader applications are hindered by three main challenges: rarity of labels, uncertainty of activity granularities, and the difficulty of multi-dimensional sensor fusion.
It's easy to recognize at any time using an object detection camera - How?HinalModi5
Using an Object detection camera it's easy to watch the live feed and will consumers learn more about different things around them, whether an artifact from a museum or a suspicious object kept in a public place.
For more information visit https://www.vmukti.com/products/object-detection-camera/
Call us: +91-9687779999
Email us: contact@vmukti.com
Website: https://www.vmukti.com/
MobiDE’2012, Phoenix, AZ, United States, 20 May, 2012Charith Perera
Charith Perera, Arkady Zaslavsky, Peter Christen, Ali Salehi, Dimitrios Georgakopoulos, Connecting Mobile Things to Global Sensor Network Middleware using System-generated Wrappers, Proceedings of the 11th ACM International Workshop on Data Engineering for Wireless and Mobile Access (ACM SIGMOD/PODS-Workshop-MobiDE), Scottsdale, Arizona, USA, May, 2012
For the IoTweek 2019 conference in Aarhus Denmark 8 concepts were presented to an audience of Industry and higher education, which demonstrate the capabilities of the IoTCrawler and their potential to generate an impact within different domains.
Read more about the partners and test-beds presented at: https://iotcrawler.eu/index.php/partners/
Comparison of android and black berry forensic techniquesYury Chemerkin
As digital data is omnipresent now, the digital forensics has quickly become a legal necessity. Mobile devices have quickly grown and extend their own features which simplifying makes them less unique. Developers API, SDK, NDK provide great opportunity to build live, DLP or spyware for data extracting.
http://hakin9.org/hakin9-extra-412/
[EUC2014] cODA: An Open-Source Framework to Easily Design Context-Aware Andro...Matteo Ferroni
Mobile devices take an important part in everyday life. They are now cheaper and widespread, but still a lot of time is spent by the users to configure them: users adapt to their own device, not vice versa. Can our smartphones do something smarter? In this work, we propose a framework to support the development of context-aware applications for Android devices: the goal of such applications is to reduce as much as possible the interaction with the user, making use of automatic and intelligent components. Moreover, these components should consume as less power and computational resources as possible, being them part of a mobile ecosystem whose battery and hardware are highly constrained. The work implies the study of a methodology that fits the Android framework and the design of a highly extensible software architecture. An open-source framework based on the proposed methodology is then described. Some use cases are finally presented, analyzing the performances and the limitations of the proposed methodology.
Full paper: http://ieeexplore.ieee.org/abstract/document/6962264
Sensors, threats, responses and challenges - Dr Emil Lupu (Imperial College L...Comit Projects Ltd
Presentation by Dr Emil Lupu (Imperial College London)at COMIT 2016: Digitally Building Britain, September 2016
More information: http://www.comit.org.uk/liveblog
Keystroke dynamics, or typing dynamics, is the detailed timing information that describes exactly when each key was pressed and when it was released as a person is typing at a computer keyboard.
#sitFRA - Improving the UX for your users - Where to start?Roel van den Berge
In this presentation I explained the difference between UX and UI and told about a UX strategy we created. I explained how a UX strategy can help build a business case to address the UX and what tools you can use to support this process. Tools discussed were the SAP Workload Monitor and the Keystroke-Level Model, used to measure user productivity.
Keyhole Markup Language (KML) is an XML notation for expressing geographic annotation and visualization within Internet-based, two-dimensional maps and three-dimensional Earth browsers.
It's easy to recognize at any time using an object detection camera - How?HinalModi5
Using an Object detection camera it's easy to watch the live feed and will consumers learn more about different things around them, whether an artifact from a museum or a suspicious object kept in a public place.
For more information visit https://www.vmukti.com/products/object-detection-camera/
Call us: +91-9687779999
Email us: contact@vmukti.com
Website: https://www.vmukti.com/
MobiDE’2012, Phoenix, AZ, United States, 20 May, 2012Charith Perera
Charith Perera, Arkady Zaslavsky, Peter Christen, Ali Salehi, Dimitrios Georgakopoulos, Connecting Mobile Things to Global Sensor Network Middleware using System-generated Wrappers, Proceedings of the 11th ACM International Workshop on Data Engineering for Wireless and Mobile Access (ACM SIGMOD/PODS-Workshop-MobiDE), Scottsdale, Arizona, USA, May, 2012
For the IoTweek 2019 conference in Aarhus Denmark 8 concepts were presented to an audience of Industry and higher education, which demonstrate the capabilities of the IoTCrawler and their potential to generate an impact within different domains.
Read more about the partners and test-beds presented at: https://iotcrawler.eu/index.php/partners/
Comparison of android and black berry forensic techniquesYury Chemerkin
As digital data is omnipresent now, the digital forensics has quickly become a legal necessity. Mobile devices have quickly grown and extend their own features which simplifying makes them less unique. Developers API, SDK, NDK provide great opportunity to build live, DLP or spyware for data extracting.
http://hakin9.org/hakin9-extra-412/
[EUC2014] cODA: An Open-Source Framework to Easily Design Context-Aware Andro...Matteo Ferroni
Mobile devices take an important part in everyday life. They are now cheaper and widespread, but still a lot of time is spent by the users to configure them: users adapt to their own device, not vice versa. Can our smartphones do something smarter? In this work, we propose a framework to support the development of context-aware applications for Android devices: the goal of such applications is to reduce as much as possible the interaction with the user, making use of automatic and intelligent components. Moreover, these components should consume as less power and computational resources as possible, being them part of a mobile ecosystem whose battery and hardware are highly constrained. The work implies the study of a methodology that fits the Android framework and the design of a highly extensible software architecture. An open-source framework based on the proposed methodology is then described. Some use cases are finally presented, analyzing the performances and the limitations of the proposed methodology.
Full paper: http://ieeexplore.ieee.org/abstract/document/6962264
Sensors, threats, responses and challenges - Dr Emil Lupu (Imperial College L...Comit Projects Ltd
Presentation by Dr Emil Lupu (Imperial College London)at COMIT 2016: Digitally Building Britain, September 2016
More information: http://www.comit.org.uk/liveblog
Keystroke dynamics, or typing dynamics, is the detailed timing information that describes exactly when each key was pressed and when it was released as a person is typing at a computer keyboard.
#sitFRA - Improving the UX for your users - Where to start?Roel van den Berge
In this presentation I explained the difference between UX and UI and told about a UX strategy we created. I explained how a UX strategy can help build a business case to address the UX and what tools you can use to support this process. Tools discussed were the SAP Workload Monitor and the Keystroke-Level Model, used to measure user productivity.
Keyhole Markup Language (KML) is an XML notation for expressing geographic annotation and visualization within Internet-based, two-dimensional maps and three-dimensional Earth browsers.
The GOMS keystroke level model is a simple technique that allows you to quantitatively compare the efficiency of alternative designs. Its powerful, compelling and can be done in a few minutes yet most UX professionals have never heard of it.
Mobile User Authentication Based On User Behavioral Pattern (MOUBE)CSCJournals
Smart devices are equipped with multiple authentication techniques and still remain prone to
attacks since all of these techniques require explicit user intervention. The purpose of this paper
is to capture the user behavior in order to use it as an implicit authentication technique.
In this paper, we introduce a novel authentication model to be used complementary to the
existing models; Particularly, the context of the user, the duration of usage of each application
and the occurrence time were examined and modeled using the cubic spline function as an
authentication technique. A software system composed of two software components has been
implemented on Android platform. Preliminary results show a 76% accuracy rate in determining
the rightful owner of the device.
LUIS: A L IGHT W EIGHT U SER I DENTIFICATION S CHEME FOR S MARTPHONES IJCI JOURNAL
Smartphone usage has reached its peak. There has be
en a tremendous growth in the number of people
migrating from PCs to smart phones. Numerous scenar
ios such as loss of a phone, phone theft etc., can
lead to unauthorized use of one’s own smartphone. T
his raises the concern for securing personal and
private data. This project proposes a light weight
two level user identification scheme to recognize a
nd
authenticate the mobile phone based on the device h
olding and usage patterns. To validate the proposed
scheme, an application is created which takes a ges
ture input characterized by time of swiping the scr
een,
finger pressure, phone movements and location of sw
ipe on the screen through X and Y co-ordinate. A
threshold based matching scheme performs classifica
tion to find the true owner. Results show that the
scheme was able to achieve 90% true positives and 1
0% false positives with a 0.5% of battery usage.
Smartphone is one of the important assets of today’s generation it makes people more responsive, productive and effective in work and in personal dealings. Remarkably it is used as the primary repository of individual confidential files because of its portability and reliability which provide a scheme to smartphone companies to embed security features and users install security application freely available in the market. In most various studies, facial recognition marked the highest security features. So, this study aims to develop a facial recognition application specifically for an android phone using a local binary histogram algorithm and V-Model to process the development of the application. Furthermore, this application is tested and evaluated by the experts with a score of 4.59 weighted mean “Excellent” based on its functionality, reliability, usability, efficiency and portability.
The home security system has become vital for every house. Previously, most doors can be open by using traditional ways, such as keys, security cards, password or pattern. However, incidents such as a key loss has led to much worrying cases such as robbery and identity fraud. This has become a significant issue. To overcome this problem, face recognition using deep learning technique was introduced and Internet of Thing (IoT) also been used to perform efficient door access control system. Raspberry Pi is a programmable small computer board and used as the main controller for face recognition, youth system and locking system. The camera is used to capture images of the person in front of the door. IoT system enables the user to control the door access.
A Survey on Smart Android Graphical Passwordijtsrd
Photo password is designed to take advantage of better memory and protection against guessing attacks. Photo pass codes are best for small keyboard devices like Android and iPhones where entering text pass codes is difficult. In a project, the user can enter a template password and only the user knows what the entire template will look like. Upon matching the pattern, the system opens security and opens the specified system. Each time a user logs in, the template password changes location randomly. Now you can create a source template by selecting the correct picture, and allow the system to check for inspection and application. Otherwise, access to the user is not provided. Diksha Kanwar | Dr. Mir Aadil "A Survey on Smart Android Graphical Password" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-6 | Issue-3 , April 2022, URL: https://www.ijtsrd.com/papers/ijtsrd49811.pdf Paper URL: https://www.ijtsrd.com/computer-science/computer-security/49811/a-survey-on-smart-android-graphical-password/diksha-kanwar
A Novel Passwordless Authentication Scheme for Smart Phones Using Elliptic Cu...ADEIJ Journal
Today, a large number of people access internet through their smart phones to login to their bank accounts, social networking accounts and various other blogs. In such a scenario, user authentication has emerged as a major security issue in mobile internet. To date, password based authentication schemes have been extensively used to provide authentication and security. The password based authentication has always been cumbersome for the users because human memory is transient and remembering a large number of long and complicated passwords is impossible. Also, it is vulnerable to various kinds of attacks like brute force, rainbow table, dictionary, sniffing, shoulder surfing and so on. As the main contribution of this paper, a new passwordless authentication scheme for smart phones is presented which not only resolves all the weaknesses of password based schemes but also provide robust security. The proposed scheme relieves users from memorizing and storing long and complicated passwords. The proposed scheme uses ECDSA which is based on Elliptic Curve Cryptography (ECC). ECC has remarkable strength and efficiency advantages in terms of bandwidth, key sizes and computational overheads over other public key cryptosystems. It is therefore suitable for resource constraint devices like smart phone. Furthermore, the proposed scheme incorporate CAPTCHA which play a very important role in protecting the web resources from spamming and other malicious activities. To the best of our knowledge, until now no passwordless user authentication protocol based on ECC has been proposed for smart phones. Finally, the security and functionality analysis shows that compared with existing password based authentication schemes, the proposed scheme is more secure and efficient.
Usability vs. Security: Find the Right Balance in Mobile AppsJosiah Renaudin
Successful mobile apps have two key features: a great user experience and the ability to protect users’ data. Balancing user experience and security—a key aspect of product design and engineering—requires a multidisciplinary approach. According to Levent Gurses, a well-balanced app is designed through a series of informed decisions, meaningful compromises, and research that supports core user behaviors. Based on lessons learned from designing winning mobile apps and securing front- and back-end infrastructure, Levent shares his method for scientifically discovering the most critical aspects of an app and creating user-centric, secure mobile experiences. Join Levent for an interactive session on how to create both the best possible user experience and an app that keeps its users’ data safe and secure. He demonstrates core concepts by borrowing from proven UX design patterns and discovering what drives engagement and data protection. Levent uses the latest science in user behavioral research and cyber analytics to discover pragmatic ways to create engaging and secure mobile apps.
INTRO-
In the ubiquitous network society, where individuals can easily
access their information any time and anywhere, people are also faced with the risk that
others can easily access the same information anytime and anywhere. Because of this
risk, personal identification technology is used which includes Passwords, personal
identification numbers and identification cards.
However, cards can be stolen and passwords and numbers can be guessed or forgotten. To
solve these problems, Fujitsu developed four methods:fingerprints, faces, voice prints and
palm veins. Among these, because of its high accuracy, contact less palm vein
authentication technology is being incorporated into various financial solution products
for use in public places. This paper palm vein authentication technologies and some
examples of its application to financial solutions.
A security feature can be effective only if the user can use it effectively and the configuration settings are unambiguous. A complicated UI leads to most of the configuration errors. Most of the computer security failures find its genesis in the configuration errors.
The advent of Internet and ease of communication has thrown up the many such challenges; one of them being the security concerns about the data stored and transmitted. With the advent of hand phones, the security concerns have moved one notch up because mobile phones and especially smart phones are not merely devices for communication, but virtual identity databases. Though there has been a steady progress on the technological front, the user-interfaces are yet to become up to the mark for the end-user. Most of the UIs are complicated and confusing which leads the user to commit errors and hence becomes a security nightmare. Our view is that the security and usability share an inverse relation. If the usability of the system is low, the security features are mostly ignored by the users as that seems the most convenient thing to do. However, in case of UI with high usability factor, the designers have to compromise over a lot of security features to make it usable.
According to us, the missing link seems to be the absence or adaptation of a common standard for UI across the platforms. This study compares three most popular OS platforms for smart devices Android by Google, iOS by Apple and Windows by Microsoft on the basis of their usability factors in context of security features provided by them. This summary should help develop a model for future UI developers.
Hello, Guys, My name is Punit Pandey and i am pursuing an MCA and I am also a security expert for securing a network and computer. So, that i am gonna publish some PPT for understanding how to create a layer for security.
In this section, you can learn the introduction of the hardware authentication in a technology.
And it will be covering all the Hardware security-related things I think it is a very helpful for your learning process and easy to understand how to the hardware work.
Behavioural biometrics and cognitive security authentication comparison studyacijjournal
Behavioural
biometrics is a scien
tific study with the primary purpose of identifying the authenticity of a
user based on the way they interact with an authentication mechanism. While Association based password
authentication is a cognitive model of authentication system.
The work done shows the implementation of Keyboard Latency technique for Authentication,
implementation of Association Based Password authentication and comparison among two. There are
several forms of behavioural biometrics such as voice analysis, signat
ure verification, and keystroke
dynamics. In this study, evidence is presented indicating that keystroke dynamics is a viable method not
only for user verification, but also for identification as well. The work presented in this model borrows
ideas from th
e bioinformatics literature such as position specific scoring matrices (motifs) and multiple
sequence alignments to provide a novel approach to user verification and identification within the context
of a keystroke dynamics based user authentication system
. Similarly Cognitive approach can be defined in
many ways of which one is association based Technique for authentication
Similar to KeySens: Passive User Authentication Through Micro Behavior Modeling of Soft Keyboard Interaction (20)
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
2.
Tablet used for patient data
◦ Sensitive, private information
◦ Designed to be easily accessible
Urgent call from other room
◦ Nurse steps away
Bystander picks up tablet,
writes down patient data,
places it back
Results in identity theft
2
3.
Mobile devices are at high risk of theft
Relatively easy to break into
(Zahid 2009)
After phone’s pin is entered, secondary
authentication is rare
Users may take many minutes to realize their
phones are stolen
3
4.
Provides a way to passively authenticate while
using common, sensitive applications.
Allows for rapid detection of unauthorized
users
◦ Block their access as quickly as possible.
Uses a variety of sensors available on
common smartphones
4
5.
Ask for password at opening of every app
◦ Some don’t need it
◦ Gets annoying
Allow for usage under certain situations (at
work, at home)
◦ Prompt if deviations from normal routine
Rely on prompt calls from affected party
◦ Call up IT department to deactivate phone
◦ What if first thing is to turn on airplane mode?
5
6.
Keystroke Dynamics are a popular subject
◦ Many papers—focusing primarily on desktops
Great success for passwords, good success
for arbitrary text
Typing rate, key-to-key latencies are the
primary features
Once people are skilled at typing, they
develop natural rhythms (on desktops)
6
7.
Detecting keystroke patterns on mobile
phones is challenging
Focus on Desktop-like attributes
◦ Typing rate, timing, di-graphs, tri-graphs, etc.
Need to leverage wealth of smartphone
features
7
8.
Use background applications to ―sniff‖
keystrokes
◦ Without direct access to keyboard
Successful demonstrations using
accelerometers
Akin to microphone attacks on typing
8
9.
Frequent use
◦ Typically single user
Context awareness
◦ Protected applications vs Non-protected
◦ Current location, historical patterns
Touchscreens provide wealth of data
◦ Touch location, pressure, finger size, finger drift
Wide variety of other sensors
◦ Accelerometers, gyroscopes
9
10.
Limited computing power
◦ Need to use efficient algorithms
Finite battery life
◦ Users are sensitive to battery life impact
Highly mobile
◦ Typical usage: lying
down, sitting, walking, passenger in
car/train/subway system
◦ Need to behave gracefully
10
12.
Location pressed on key
Length of press (key down to key up)
Force of press
◦ Also, how force changes over key press
Size of finger
Drift of finger during press
Recent accelerometer history
Orientation (depreciated)
12
16.
Only use data from a single user’s phone
◦ Generative model rather than Discriminative
Respond quickly when unauthorized user
detected, yet avoid false positives
Work in open, unrestricted environments
◦ How to compensate for users sitting or laying down
16
17.
13 initial users after short recruiting drive
2 week long collection period
86,000 keystrokes
430,000 data points @ ~5/keystroke
Data split into training and testing:
Training Data for Model
50%
CV
15%
Training
for Keys
15%
CV for
Keys
10%
Final
Testing
15%
17
22.
Some users are harder to differentiate than
others
◦ Gaps between ROC curves
◦ Could use more investigation
Pretty good success in the absence of any
contextual information.
◦ Continuing work on incorporating meta-data
◦ With contextual knowledge, accuracy increases
22
23.
Addresses: How to block
unauthorized users from
protected applications?
Leverages a variety of sensors
(besides just keyboard)
Developed as part of a larger
behavioral analysis program
at Carnegie Mellon Univ.-SV
Led by Joy Zhang and Jiang Zhu
23
24.
Employees' phones
◦ Bring Your Own Device (BYOD)
Delivery persons
IT administrators
Parents with children
Social events
Business travelers
Nurses with mobile devices
for patient records
24
26.
Require use of the default Android keyboard
during password or sensitive text entry
Disable sensors while entering text into
password fields
Collaborate with context awareness groups or
side channel attack researchers
Consider research into swiping gestures
26
27.
KeySens
◦ Use keyboard interaction to
detect unauthorized users
SenSec
◦ Leverage keyboard and sensors
to block unauthorized users
Applications
Next Steps
27
28.
CyLab at Carnegie Mellon
Northrop Grumman Cybersecurity Research
Consortium
Cisco
◦ Research award for ―Privacy Preserved Personal Big
Data Analytics through Fog Computing''
Cybersecurity
Research Consortium
28
29. Passive User Authentication through Microbehavior Modeling of Soft Keyboard Interaction
Thank You
MobiCASE 2013
29
30.
Salil P. Banerjee and Damon L. Woodard. Biometric authentication and identification using
keystroke dynamics: A survey. Journal of Pattern Recognition Research, 2012.
Francesco Bergadano, Daniele Gunetti, and Claudia Picardi. User authentication through
keystroke dynamics. ACM Trans. Inf. Syst. Secur., 5(4):367–397, November 2002.
Liang Cai and Hao Chen. On the practicality of motion based keystroke inference attack. In
Stefan Katzenbeisser, Edgar Weippl, L.Jean Camp, Melanie Volkamer, Mike Reiter, and Xinwen
Zhang, editors, Trust and Trustworthy Computing, volume 7344 of Lecture Notes in Computer
Science, pages 273–290. Springer Berlin Heidelberg, 2012.
F. Cherifi, B. Hemery, R. Giot, M. Pasquet, and C. Rosenberger. Performance evaluation of
behavioral biometric systems. In Behavioral Biometrics for Human Identication: Intelligent
Applications, pages 57–74. IGI Global, 2010.
Richard O. Duda, Peter E. Hart, and David. G. Stork. Multi-layer neural networks. In Pattern
Classication, 2nd Edition, volume 2. John Wiley and Sons, Inc., 2001.
M. Frank, R. Biedert, E. Ma, I. Martinovic, and D. Song. Touchalytics: On the applicability of
touchscreen input as a behavioral biometric for continuous authentication. Information
Forensics and Security, IEEE Transactions on, 8(1):136–148, 2013.
Dawud Gordon, Jrgen Czerny, and Michael Beigl. Activity recognition for creatures of habit.
Personal and Ubiquitous Computing, pages 1–17, 2013.
Paul Holleis, Jussi Huhtala, and Jonna H¨akkil¨a. Studying applications for touch-enabled
mobile phone keypads. In Proceedings of the 2nd international conference on Tangible and
embedded interaction, TEI ’08, pages 15–18, New York, NY, USA, 2008. ACM.
Anil Jain, Lin Hong, and Sharath Pankanti. Biometric identification. Commun. ACM, 43(2):90–
98, February 2000.
30
31.
K.S. Killourhy and R.A. Maxion. Comparing anomaly-detection algorithms for keystroke
dynamics. In Dependable Systems Networks, 2009. DSN '09. IEEE/IFIP International Conference
on, pages 125–134, 2009.
Emanuele Maiorana, Patrizio Campisi, Noelia Gonz´alez-Carballo, and Alessandro Neri.
Keystroke dynamics authentication for mobile phones. In Proceedings of the 011 ACM
Symposium on Applied Computing, SAC ’11, pages 21–26, New York, NY, USA, 2011. ACM.
Emmanuel Owusu, Jun Han, Sauvik Das, Adrian Perrig, and Joy Zhang. Accessory: password
inference using accelerometers on smartphones. In Proceedings of the Twelfth Workshop on
Mobile Computing Systems & Applications, HotMobile ’12, pages 9:1–9:6, New
York, NY, USA, 2012. ACM.
A. Peacock, Xian Ke, and M. Wilkerson. Typing patterns: a key to user identification. Security
Privacy, IEEE, 2(5):40 –47, sept.-oct. 2004.
Elaine Shi, Yuan Niu, Markus Jakobsson, and Richard Chow. Implicit authentication through
learning user behavior. In Mike Burmester, Gene Tsudik, Spyros Magliveras, and Ivana
Ili, editors, Information Security, volume 6531 of Lecture Notes in Computer Science, pages
99–113. Springer Berlin Heidelberg, 2011.
Saira Zahid, Muhammad Shahzad, SyedAli Khayam, and Muddassar Farooq. Keystroke-based
user identification on smart phones. In Engin Kirda, Somesh Jha, and Davide
Balzarotti, editors, Recent Advances in Intrusion Detection, volume 5758 of Lecture Notes in
Computer Science, pages 224–243. Springer Berlin Heidelberg, 2009.
Jiang Zhu, Hao Hu, Sky Hu, Pang Wu, and Joy Ying Zhang. Mobile behaviometrics: Models and
applications. In Proceedings of the Second IEEE/CIC Inter- national Conference on
Communications in China (ICCC), Xi’An, China, August 12-14 2013.
Jiang Zhu, Pang Wu, Xiao Wang, Adrian Perrig, Jason Hong, and Joy Ying Zhang. Sensec: Mobile
application security through passive sensing. In Proceedings of International Conference on
Computing, Networking and Communications. (ICNC 2013), San Diego, CA, USA, January 2831 2013.
31
Editor's Notes
Nurse’s name is Nora
Models were trained with 3000 keystrokes from primary user and 2000 from each of 3 other users.
Models were trained with 3000 keystrokes from primary user and 2000 from each of 3 other users. These models were tested against [on average] 539 ‘primary user’ keystrokes and 489 keystrokes from a wide variety of other users (not used to train the model)