Combining Keystroke Patterns and Movement Data for Authentication
As more of us use smart phones to store personal data ranging from credit card information to personal records and communications, securing them is increasingly important. But either out of convenience or lack of diligence, we often leave our information vulnerable. Password authentication isn’t perfect: it can be hacked or obtained by an observer, or deliberately turned off by a user annoyed with the need to key one in on every use. Finger print passwords seem to be a good solution, but researchers have found that they are not hack-proof and can be accessed with fake fingerprints.
Heather Crawford, an assistant professor at Florida Tech’s Harris Institute for Assured Information and research assistant Ebad Ahmadzadeh are working on new ways to authenticate smart phone users. They recently did an experiment to show how the combination of key stroke pattern data and gyroscope information on a smart phone can be used make them more secure.
Crawford and Ahmadzadeh’s method is unique because it combines two layers of identification. Keystroke pattern data on its own can add a level of security but doesn’t provide the needed accuracy when the typist and keyboard itself are on the go. That is where the gyroscope data comes in. Crawford and Ahmadzadeh’s approach uses movement data from the phone to classify the user in one of three categories: seated, standing, or walking. Next, the keystroke dynamics for the determined category, based off previously built models, is used to identify the user.
Participants in the experiment were given a custom-built Android app and typed provided phrases prompted by the experimenter while they held the device in a given orientation (portrait or landscape) and typed while either seated, standing or walking. The participants were told to type as they usually did; specifically, the speed of their typing was not restricted.
Analysis of the data showed that the combination of keystroke and gyroscope data brought user identification accuracy up to 98 percent versus 52 percent found in an experiment using keystroke pattern information only.
Crawford presented their findings this summer at the Symposium On Useable Privacy and Security (SOUPS), one of the premiere conferences in the field of human factors and useable privacy and security. You can read the details of the methodology and the results of the experiment in the paper presented by Crawford at SOUPS here.