Research Article
KeySens: Passive User Authentication through Micro-behavior Modeling of Soft Keyboard Interaction
@INPROCEEDINGS{10.1007/978-3-319-05452-0_14, author={Benjamin Draffin and Jiang Zhu and Joy Zhang}, title={KeySens: Passive User Authentication through Micro-behavior Modeling of Soft Keyboard Interaction}, proceedings={Mobile Computing, Applications, and Services. 5th International Conference, MobiCASE 2013, Paris, France, November 7-8, 2013, Revised Selected Papers}, proceedings_a={MOBICASE}, year={2014}, month={6}, keywords={Keystroke Dynamics User Authentication Passive Authentication Multi-factor Authentication Continuous Authentication Biometrics Micro-behavior Soft Keyboards Mobile Security Android}, doi={10.1007/978-3-319-05452-0_14} }
- Benjamin Draffin
Jiang Zhu
Joy Zhang
Year: 2014
KeySens: Passive User Authentication through Micro-behavior Modeling of Soft Keyboard Interaction
MOBICASE
Springer
DOI: 10.1007/978-3-319-05452-0_14
Abstract
Mobile devices have become almost ever-present in our daily lives and increasingly so in the professional workplace. Applications put company data, personal information and sensitive documents in the hands of busy nurses at hospitals, company employees on business trips and government workers at large conferences. Smartphones and tablets also not only store data on-device, but users are frequently authorized to access sensitive information in the cloud. Protecting the sensitivity of mobile devices yet not burdening users with complicated and cumbersome methods is of great importance to the security and convenience of mobile computing. In this paper, we propose a novel passive authentication method; we model the micro-behavior of mobile users’ interaction with their devices’ soft keyboard. We show that the way a user types—the specific location touched on each key, the drift from finger down to finger up, the force of touch, the area of press—reflects their unique physical and behavioral characteristics. We demonstrate that using these micro-behavior features without any contextual information, we can passively identify that a mobile device is being used by a non-authorized user within 5 keypresses 67.7% of the time. This comes with a False Acceptance Rate (FAR) of 32.3% and a False Rejection Rate (FRR) of only 4.6%. Our detection rate after 15 keypresses is 86% with a FAR of 14% and a FRR of only 2.2%.