KeySens: Passive User Authentication through Micro behavior Modeling of Soft Keyboard Interaction

1. MobiCASE 2013
6-7 November, Paris, France
Ben Draffin, Jiang Zhu, Joy Zhang
1

2. 
Tablet used for patient data
◦ Sensitive, private information
◦ Designed to be easily accessible

Urgent call from other room
◦ Nurse steps away


Bystander picks up tablet,
writes down patient data,
places it back
Results in identity theft
2

3. 
Mobile devices are at high risk of theft

Relatively easy to break into


(Zahid 2009)
After phone’s pin is entered, secondary
authentication is rare
Users may take many minutes to realize their
phones are stolen
3

4. 

Provides a way to passively authenticate while
using common, sensitive applications.
Allows for rapid detection of unauthorized
users
◦ Block their access as quickly as possible.

Uses a variety of sensors available on
common smartphones
4

5. 
Ask for password at opening of every app
◦ Some don’t need it
◦ Gets annoying

Allow for usage under certain situations (at
work, at home)
◦ Prompt if deviations from normal routine

Rely on prompt calls from affected party
◦ Call up IT department to deactivate phone
◦ What if first thing is to turn on airplane mode?
5

6. 
Keystroke Dynamics are a popular subject
◦ Many papers—focusing primarily on desktops



Great success for passwords, good success
for arbitrary text
Typing rate, key-to-key latencies are the
primary features
Once people are skilled at typing, they
develop natural rhythms (on desktops)
6

7. 

Detecting keystroke patterns on mobile
phones is challenging
Focus on Desktop-like attributes
◦ Typing rate, timing, di-graphs, tri-graphs, etc.
 Need to leverage wealth of smartphone
features
7

8. 
Use background applications to ―sniff‖
keystrokes
◦ Without direct access to keyboard


Successful demonstrations using
accelerometers
Akin to microphone attacks on typing
8

9. 
Frequent use
◦ Typically single user

Context awareness
◦ Protected applications vs Non-protected
◦ Current location, historical patterns

Touchscreens provide wealth of data
◦ Touch location, pressure, finger size, finger drift

Wide variety of other sensors
◦ Accelerometers, gyroscopes
9

10. 
Limited computing power
◦ Need to use efficient algorithms

Finite battery life
◦ Users are sensitive to battery life impact

Highly mobile
◦ Typical usage: lying
down, sitting, walking, passenger in
car/train/subway system
◦ Need to behave gracefully
10

11. 11

12. 


Location pressed on key
Length of press (key down to key up)
Force of press
◦ Also, how force changes over key press




Size of finger
Drift of finger during press
Recent accelerometer history
Orientation (depreciated)
12

13. 13

14. 14

15. 
From finger down to finger up
15

16. 
Only use data from a single user’s phone
◦ Generative model rather than Discriminative


Respond quickly when unauthorized user
detected, yet avoid false positives
Work in open, unrestricted environments
◦ How to compensate for users sitting or laying down
16

17. 
13 initial users after short recruiting drive
2 week long collection period
86,000 keystrokes
430,000 data points @ ~5/keystroke

Data split into training and testing:



Training Data for Model
50%
CV
15%
Training
for Keys
15%
CV for
Keys
10%
Final
Testing
15%
17

18. 18

19. 19

20. Intrusion Detection Rate: 67.7%
FAR:32.3%
FRR:4.6%
20

21. Intrustion Detection Rate:84.8%
FAR: 15.2%
FRR: 2.2%
21

22. 
Some users are harder to differentiate than
others
◦ Gaps between ROC curves
◦ Could use more investigation

Pretty good success in the absence of any
contextual information.
◦ Continuing work on incorporating meta-data
◦ With contextual knowledge, accuracy increases
22

23. 



Addresses: How to block
unauthorized users from
protected applications?
Leverages a variety of sensors
(besides just keyboard)
Developed as part of a larger
behavioral analysis program
at Carnegie Mellon Univ.-SV
Led by Joy Zhang and Jiang Zhu
23

24. 
Employees' phones
◦ Bring Your Own Device (BYOD)






Delivery persons
IT administrators
Parents with children
Social events
Business travelers
Nurses with mobile devices
for patient records
24

25. 25

26. 



Require use of the default Android keyboard
during password or sensitive text entry
Disable sensors while entering text into
password fields
Collaborate with context awareness groups or
side channel attack researchers
Consider research into swiping gestures
26

27. 
KeySens
◦ Use keyboard interaction to
detect unauthorized users

SenSec
◦ Leverage keyboard and sensors
to block unauthorized users


Applications
Next Steps
27

28. 


CyLab at Carnegie Mellon
Northrop Grumman Cybersecurity Research
Consortium
Cisco
◦ Research award for ―Privacy Preserved Personal Big
Data Analytics through Fog Computing''
Cybersecurity
Research Consortium
28

29. Passive User Authentication through Microbehavior Modeling of Soft Keyboard Interaction
Thank You
MobiCASE 2013
29

30. 








Salil P. Banerjee and Damon L. Woodard. Biometric authentication and identification using
keystroke dynamics: A survey. Journal of Pattern Recognition Research, 2012.
Francesco Bergadano, Daniele Gunetti, and Claudia Picardi. User authentication through
keystroke dynamics. ACM Trans. Inf. Syst. Secur., 5(4):367–397, November 2002.
Liang Cai and Hao Chen. On the practicality of motion based keystroke inference attack. In
Stefan Katzenbeisser, Edgar Weippl, L.Jean Camp, Melanie Volkamer, Mike Reiter, and Xinwen
Zhang, editors, Trust and Trustworthy Computing, volume 7344 of Lecture Notes in Computer
Science, pages 273–290. Springer Berlin Heidelberg, 2012.
F. Cherifi, B. Hemery, R. Giot, M. Pasquet, and C. Rosenberger. Performance evaluation of
behavioral biometric systems. In Behavioral Biometrics for Human Identication: Intelligent
Applications, pages 57–74. IGI Global, 2010.
Richard O. Duda, Peter E. Hart, and David. G. Stork. Multi-layer neural networks. In Pattern
Classication, 2nd Edition, volume 2. John Wiley and Sons, Inc., 2001.
M. Frank, R. Biedert, E. Ma, I. Martinovic, and D. Song. Touchalytics: On the applicability of
touchscreen input as a behavioral biometric for continuous authentication. Information
Forensics and Security, IEEE Transactions on, 8(1):136–148, 2013.
Dawud Gordon, Jrgen Czerny, and Michael Beigl. Activity recognition for creatures of habit.
Personal and Ubiquitous Computing, pages 1–17, 2013.
Paul Holleis, Jussi Huhtala, and Jonna H¨akkil¨a. Studying applications for touch-enabled
mobile phone keypads. In Proceedings of the 2nd international conference on Tangible and
embedded interaction, TEI ’08, pages 15–18, New York, NY, USA, 2008. ACM.
Anil Jain, Lin Hong, and Sharath Pankanti. Biometric identification. Commun. ACM, 43(2):90–
98, February 2000.
30

31. 







K.S. Killourhy and R.A. Maxion. Comparing anomaly-detection algorithms for keystroke
dynamics. In Dependable Systems Networks, 2009. DSN '09. IEEE/IFIP International Conference
on, pages 125–134, 2009.
Emanuele Maiorana, Patrizio Campisi, Noelia Gonz´alez-Carballo, and Alessandro Neri.
Keystroke dynamics authentication for mobile phones. In Proceedings of the 011 ACM
Symposium on Applied Computing, SAC ’11, pages 21–26, New York, NY, USA, 2011. ACM.
Emmanuel Owusu, Jun Han, Sauvik Das, Adrian Perrig, and Joy Zhang. Accessory: password
inference using accelerometers on smartphones. In Proceedings of the Twelfth Workshop on
Mobile Computing Systems & Applications, HotMobile ’12, pages 9:1–9:6, New
York, NY, USA, 2012. ACM.
A. Peacock, Xian Ke, and M. Wilkerson. Typing patterns: a key to user identification. Security
Privacy, IEEE, 2(5):40 –47, sept.-oct. 2004.
Elaine Shi, Yuan Niu, Markus Jakobsson, and Richard Chow. Implicit authentication through
learning user behavior. In Mike Burmester, Gene Tsudik, Spyros Magliveras, and Ivana
Ili, editors, Information Security, volume 6531 of Lecture Notes in Computer Science, pages
99–113. Springer Berlin Heidelberg, 2011.
Saira Zahid, Muhammad Shahzad, SyedAli Khayam, and Muddassar Farooq. Keystroke-based
user identification on smart phones. In Engin Kirda, Somesh Jha, and Davide
Balzarotti, editors, Recent Advances in Intrusion Detection, volume 5758 of Lecture Notes in
Computer Science, pages 224–243. Springer Berlin Heidelberg, 2009.
Jiang Zhu, Hao Hu, Sky Hu, Pang Wu, and Joy Ying Zhang. Mobile behaviometrics: Models and
applications. In Proceedings of the Second IEEE/CIC Inter- national Conference on
Communications in China (ICCC), Xi’An, China, August 12-14 2013.
Jiang Zhu, Pang Wu, Xiao Wang, Adrian Perrig, Jason Hong, and Joy Ying Zhang. Sensec: Mobile
application security through passive sensing. In Proceedings of International Conference on
Computing, Networking and Communications. (ICNC 2013), San Diego, CA, USA, January 2831 2013.
31