research-article

Public Access

Discriminative Power of Typing Features on Desktops, Tablets, and Phones for User Identification

Authors:
Amith K. Belman

Syracuse University, NY, USA

Syracuse University, NY, USA

0000-0003-1008-3025
View Profile

,
Vir V. Phoha

Syracuse University, NY, USA

Syracuse University, NY, USA
View Profile

Authors Info & Claims

ACM Transactions on Privacy and Security Volume 23 Issue 1Article No.: 4pp 1–36https://doi.org/10.1145/3377404

Published:05 February 2020Publication History

ACM Transactions on Privacy and Security

Abstract

Research in Keystroke-Dynamics (KD) has customarily focused on temporal features without considering context to generate user templates that are used in authentication. Additionally, work on KD in hand-held devices such as smart-phones and tablets have shown that these features alone do not perform satisfactorily for authentication. In this work, we analyze the discriminatory power of the most-used conventional features found in the literature, propose a set of context-sensitive or word-specific features, and analyze the discriminatory power of proposed features using their classification results. To perform these tasks, we use the keystroke data consisting of over 650K keystrokes, collected from 20 unique users during different activities on desktops, tablets, and phones, over a span of two months. On an average, each user made 12.5K, 9K, and 10K keystrokes on desktop, tablet, and phone, respectively.

We find that the conventional features are not highly discriminatory on desktops and are only marginally better on hand-held devices for user identification. By using information of the context, a subset (derived after analysis) of our proposed word-specific features offers superior discrimination among users on all devices. We find that a majority of the classifiers, built using these features, perform user identification well with accuracies in the range of 90% to 97%, average precision and recall values of 0.914 and 0.901, respectively, on balanced test samples in 10-fold cross validation. We also find that proposed features work best on hand-held devices. This work calls for a shift from using conventional KD features to a set of context-sensitive or word-specific KD features that take advantage of known information such as context.

References

Ahmed A. Ahmed and Issa Traore. 2014. Biometric recognition based on free-text keystroke dynamics. IEEE Trans. Cyber. 44, 4 (2014).Google ScholarCross Ref
Kamran Ali, Alex X. Liu, Wei Wang, and Muhammad Shahzad. 2015. Keystroke recognition using Wi-Fi signals. In Proceedings of the 21st International Conference on Mobile Computing and Networking (MobiCom’15). ACM, New York, NY, 90--102. DOI:https://doi.org/10.1145/2789168.2790109Google ScholarDigital Library
Md Liakat Ali, John V. Monaco, Charles C. Tappert, and Meikang Qiu. 2017. Keystroke biometric systems for user authentication. J. Sig. Proc. Syst. 86, 2 (1 Mar. 2017), 175--190. DOI:https://doi.org/10.1007/s11265-016-1114-9Google Scholar
Orcan Alpar. 2017. Frequency spectrograms for biometric keystroke authentication using neural network based classifier. Knowledge-Based Systems 116 (2017), 163--171. DOI:https://doi.org/10.1016/j.knosys.2016.11.006Google ScholarDigital Library
Arwa Alsultan, Kevin Warwick, and Hong Wei. 2017. Non-conventional keystroke dynamics for user authentication. Pattern Recog. Lett. 89, C (2017).Google Scholar
Dmitri Asonov and Rakesh Agrawal. 2004. Keyboard acoustic emanations. In Proceedings of the IEEE Symposium on Security and Privacy (S8P’04). 3--11. DOI:https://doi.org/10.1109/SECPRI.2004.1301311Google ScholarCross Ref
Gabriel L. F. B. G. Azevedo, George D. C. Cavalcanti, and Edson C. B. Carvalho Filho. 2007. An approach to feature selection for keystroke dynamics systems based on PSO and feature weighting. In Proceedings of the IEEE Congress on Evolutionary Computation (CEC’07). IEEE, 3577--3584.Google Scholar
Kiran Balagani, Vir Phoha, Asok Ray, and Shashi Phoha. 2011. On the discriminability of keystroke feature vectors used in fixed text keystroke authentication. Pattern Recog. Lett. 32, 7 (2011).Google ScholarDigital Library
Jorge Blasco, Thomas M. Chen, Juan Tapiador, and Pedro Peris-Lopez. 2016. A survey of wearable biometric recognition systems. ACM Comput. Surv. 49, 3, Article 43 (Sept. 2016), 35 pages. DOI:https://doi.org/10.1145/2968215Google Scholar
David Guy Brizan, Adam Goodkind, Patrick Koch, Kiran Balagani, Vir V. Phoha, and Andrew Rosenberg. 2015. Utilizing linguistically enhanced keystroke dynamics to predict typist cognition and demographics. Int. J. Hum.-Comput. Stud. 82 (2015), 57--68. DOI:https://doi.org/10.1016/j.ijhcs.2015.04.005Google ScholarDigital Library
Nitesh V. Chawla, Kevin W. Bowyer, Lawrence O. Hall, and W. Philip Kegelmeyer. 2002. SMOTE: Synthetic minority over-sampling technique. J. Artif. Int. Res. 16, 1 (June 2002), 321--357. Retrieved from: http://dl.acm.org/citation.cfm?id=1622407.1622416.Google ScholarDigital Library
Y. Chen, T. Li, R. Zhang, Y. Zhang, and T. Hedgpeth. 2018. EyeTell: Video-assisted touchscreen keystroke inference from eye movements. In Proceedings of the IEEE Symposium on Security and Privacy (SP’18). 144--160. DOI:https://doi.org/10.1109/SP.2018.00010Google Scholar
F. Ciuffo and G. M. Weiss. 2017. Smartwatch-based transcription biometrics. In Proceedings of the IEEE 8th Ubiquitous Computing, Electronics and Mobile Communication Conference (UEMCON’17). 145--149. DOI:https://doi.org/10.1109/UEMCON.2017.8249014Google Scholar
N. L. Clarke and S. M. Furnell. 2006. Authenticating mobile phone users using keystroke analysis. Int. J. Inf. Secur. 6, 1 (2006).Google ScholarDigital Library
Mark Davies. 2010. Corpus of contemporary American English. Retrieved from: https://www.english-corpora.org/coca/.Google Scholar
H. Davoudi and E. Kabir. 2009. A new distance measure for free text keystroke authentication. In Proceedings of the 14th International CSI Computer Conference. 570--575. DOI:https://doi.org/10.1109/CSICC.2009.5349640Google Scholar
K. Delac and M. Grgic. 2004. A survey of biometric recognition methods. In Proceedings of the 46th International Symposium on Electronics in Marine (Elmar’04). 184--193.Google Scholar
Song Fang, Ian Markwood, Yao Liu, Shangqing Zhao, Zhuo Lu, and Haojin Zhu. 2018. No training hurdles: Fast training-agnostic attacks to infer your typing. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. ACM, 1747--1760.Google ScholarDigital Library
Adam Goodkind, David Guy Brizan, and Andrew Rosenberg. 2017. Utilizing overt and latent linguistic structure to improve keystroke-based authentication. Image Vis. Comput. 58 (2017), 230--238. DOI:https://doi.org/10.1016/j.imavis.2016.06.003Google ScholarDigital Library
Daniele Gunetti and Claudia Picardi. 2005. Keystroke analysis of free text. ACM Trans. Inf. Syst. Secur. 8, 3 (Aug. 2005), 312--347. DOI:https://doi.org/10.1145/1085126.1085129Google ScholarDigital Library
Daniele Gunetti, Claudia Picardi, and Giancarlo Ruffo. 2005. Dealing with different languages and old profiles in keystroke analysis of free text. In AI*IA 2005: Advances in Artificial Intelligence. Springer Berlin Heidelberg, 347–358.Google Scholar
Jiacang Ho and Dae-Ki Kang. 2017. Mini-batch bagging and attribute ranking for accurate user authentication in keystroke dynamics. Pattern Recog. 70 (2017), 139--151. DOI:https://doi.org/10.1016/j.patcog.2017.05.002Google ScholarDigital Library
J. Huang, D. Hou, and S. Schuckers. 2017. A practical evaluation of free-text keystroke dynamics. In Proceedings of the IEEE International Conference on Identity, Security and Behavior Analysis (ISBA’17). 1--8. DOI:https://doi.org/10.1109/ISBA.2017.7947695Google Scholar
Jiaju Huang, Daqing Hou, Stephanie Schuckers, and Shambhu Upadhyaya. 2016. Effects of text filtering on authentication performance of keystroke biometrics. In Proceedings of the IEEE International Workshop on Information Forensics and Security (WIFS’16).Google ScholarCross Ref
Rajkumar Janakiraman and Terence Sim. 2007. Keystroke dynamics in a general setting. In Advances in Biometrics, Seong-Whan Lee and Stan Z. Li (Eds.). Springer Berlin, 584--593.Google Scholar
K. Jin, S. Fang, C. Peng, Z. Teng, X. Mao, L. Zhang, and X. Li. 2017. ViViSnoop: Someone is snooping your typing without seeing it! In Proceedings of the IEEE Conference on Communications and Network Security (CNS’17). 1--9. DOI:https://doi.org/10.1109/CNS.2017.8228624Google Scholar
Rick Joyce and Gopal Gupta. 1990. Identity authentication based on keystroke latencies. Commun. ACM 33, 2 (Feb. 1990), 168--176. DOI:https://doi.org/10.1145/75577.75582Google ScholarDigital Library
Hassan Khan, Urs Hengartner, and Daniel Vogel. 2018. Augmented reality-based mimicry attacks on behaviour-based smartphone authentication. In Proceedings of the 16th International Conference on Mobile Systems, Applications, and Services (MobiSys’18). ACM, New York, NY, 41--53. DOI:https://doi.org/10.1145/3210240.3210317Google ScholarDigital Library
H. S. Lee, T. S. Lau, W. K. Lai, Y. C. King, and L. L. Lim. 2017. User identification of numerical keypad typing patterns with subtractive clustering fuzzy inference. In Proceedings of the IEEE 15th Student Conference on Research and Development (SCOReD’17). 83--88. DOI:https://doi.org/10.1109/SCORED.2017.8305416Google Scholar
Jian Liu, Yan Wang, Gorkem Kar, Yingying Chen, Jie Yang, and Marco Gruteser. 2015. Snooping Keystrokes with Mm-level audio ranging on a single phone. In Proceedings of the 21st International Conference on Mobile Computing and Networking (MobiCom’15). ACM, New York, NY, 142--154. DOI:https://doi.org/10.1145/2789168.2790122Google ScholarDigital Library
L. Lu, J. Yu, Y. Chen, Y. Zhu, X. Xu, G. Xue, and M. Li. 2019. KeyLiSterber: Inferring keystrokes on QWERTY keyboard of touch screen through acoustic signals. In Proceedings of the IEEE Conference on Computer Communications (INFOCOM’19). 775--783. DOI:https://doi.org/10.1109/INFOCOM.2019.8737591Google Scholar
A. Maiti, M. Jadliwala, J. He, and I. Bilogrevic. 2018. Side-channel inference attacks on mobile keypads using smartwatches. IEEE Trans. Mob. Comput. 17, 9 (Sept. 2018), 2180--2194. DOI:https://doi.org/10.1109/TMC.2018.2794984Google ScholarCross Ref
Merylin Monaro, Chiara Galante, Riccardo Spolaor, Qian Qian Li, Luciano Gamberini, Mauro Conti, and Giuseppe Sartori. 2018. Covert lie detection using keyboard dynamics. Sci. Rep. 8, 1 (2018), 1976. DOI:https://doi.org/10.1038/s41598-018-20462-6Google Scholar
S. Mondal and P. Bours. 2017. Person identification by keystroke dynamics using pairwise user coupling. IEEE Trans. Inf. Forens. Secur. 12, 6 (June 2017), 1319--1329. DOI:https://doi.org/10.1109/TIFS.2017.2658539Google ScholarDigital Library
Soumik Mondal and Patrick Bours. 2017. A study on continuous authentication using a combination of keystroke and mouse biometrics. Neurocomputing 230 (2017), 1--22. DOI:https://doi.org/10.1016/j.neucom.2016.11.031Google ScholarDigital Library
Fabian Monrose and Aviel Rubin. 1997. Authentication via keystroke dynamics. In Proceedings of the 4th ACM Conference on Computer and Communications Security (CCS’97). ACM, New York, NY, 48--56. DOI:https://doi.org/10.1145/266420.266434Google ScholarDigital Library
Tuan Nguyen and Jonathan Voris. 2017. Touchscreen biometrics across multiple devices. In Proceedings of the USENIX Symposium on Usable Privacy and Security (SOUPS’17).Google Scholar
M. Obaidat and Balqies Sadoun. 1997. Verification of computer users using keystroke dynamics. IEEE Trans. Syst. Man Cyber. Part B: Cyber. 27, 2 (1997)Google ScholarDigital Library
Avar Pentel. 2019. Predicting user age by keystroke dynamics. In Artificial Intelligence and Algorithms in Intelligent Systems, Radek Silhavy (Ed.). Springer International Publishing, Cham, 336--343.Google Scholar
Paulo Henrique Pisani and Ana Carolina Lorena. 2013. A systematic review on keystroke dynamics. J. Braz. Comput. Soc. 19, 4 (1 Nov. 2013), 573--587. DOI:https://doi.org/10.1007/s13173-013-0117-7Google ScholarCross Ref
Oxford University Press. 2011. The Oxford English corpus: Facts about the language. OxfordDictionaries.com. Retrieved from https://web.archive.org/web/20111226085859/ Retrieved from http://oxforddictionaries.com/words/the-oec-facts-about-the-language.Google Scholar
K. A. Rahman, K. S. Balagani, and V. V. Phoha. 2013. Snoop-forge-replay attacks on continuous verification with keystrokes. IEEE Trans. Inf. Forens. Sec. 8, 3 (Mar. 2013), 528--541. DOI:https://doi.org/10.1109/TIFS.2013.2244091Google ScholarDigital Library
Kenneth Revett, Sérgio Tenreiro de Magalhães, and Henrique M. D. Santos. 2005. Enhancing login security through the use of keystroke input dynamics. In Advances in Biometrics, David Zhang and Anil K. Jain (Eds.). Springer Berlin, 661--667.Google Scholar
Seong seob Hwang, Sungzoon Cho, and Sunghoon Park. 2009. Keystroke dynamics-based authentication for mobile devices. Comput. Sec. 28, 1 (2009), 85--93. DOI:https://doi.org/10.1016/j.cose.2008.10.002Google ScholarDigital Library
Abdul Serwadda and Vir V. Phoha. 2013. Examining a large keystroke biometrics dataset for statistical-attack openings. ACM Trans. Inf. Syst. Sec. 16, 2, Article 8 (Sept. 2013), 30 pages. DOI:https://doi.org/10.1145/2516960Google Scholar
Yong Sheng, Vir Phoha, and S. M. Rovnyak. 2005. A parallel decision tree-based method for user authentication based on keystroke patterns. IEEE Trans. Syst. Man Cyber. Part B: Cyber. 35 (9 2005), 826--833. DOI:https://doi.org/10.1109/TSMCB.2005.846648Google Scholar
D. Shukla and V. V. Phoha. 2019. Stealing passwords by observing hands movement. IEEE Trans. Inf. Forens. Sec. 14, 12 (Dec. 2019), 3086--3101. DOI:https://doi.org/10.1109/TIFS.2019.2911171Google ScholarCross Ref
T. Sim and R. Janakiraman. 2007. Are digraphs good for free-text keystroke dynamics? In Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition. 1--6. DOI:https://doi.org/10.1109/CVPR.2007.383393Google Scholar
D. Stefan and D. Yao. 2010. Keystroke-dynamics authentication against synthetic forgeries. In Proceedings of the 6th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom’10). 1--8. DOI:https://doi.org/10.4108/icst.collaboratecom.2010.16Google Scholar
A. E. Sulavko, A. V. Eremenko, and A. A. Fedotov. 2017. Users’ identification through keystroke dynamics based on vibration parameters and keyboard pressure. In Proceedings of the Dynamics of Systems, Mechanisms and Machines Conference (Dynamics’17). 1--7. DOI:https://doi.org/10.1109/Dynamics.2017.8239514Google Scholar
A. Sulong, Wahyudi, and M. U. Siddiqi. 2009. Intelligent keystroke pressure-based typing biometrics authentication system using radial basis function network. In Proceedings of the 5th International Colloquium on Signal Processing and Its Applications. 151--155. DOI:https://doi.org/10.1109/CSPA.2009.5069206Google Scholar
Yan Sun, H. Ceker, and S. Upadhyaya. 2017. Anatomy of secondary features in keystroke dynamics —achieving more with less. In Proceedings of the IEEE International Conference on Identity, Security and Behavior Analysis (ISBA’17). 1--6. DOI:https://doi.org/10.1109/ISBA.2017.7947691Google Scholar
Pin Shen Teh, Andrew Beng Jin Teoh, and Shigang Yue. 2013. A survey of keystroke dynamics biometrics. Sci. World J. (Sept. 2013). DOI:https://doi.org/10.1155/2013/408280Google Scholar
Ioannis Tsimperidis, Avi Arampatzis, and Alexandros Karakos. 2018. Keystroke dynamics features for gender recognition. Dig. Investig. 24 (2018), 4--10. DOI:https://doi.org/10.1016/j.diin.2018.01.018Google ScholarCross Ref
Mindaugas Ulinskas, Robertas Damaševičius, Rytis Maskeliūnas, and Marcin Woźniak. 2018. Recognition of human daytime fatigue using keystroke data. Procedia Comput. Sci. 130 (2018), 947--952. DOI:https://doi.org/10.1016/j.procs.2018.04.094Google ScholarDigital Library
Umphress and G. Williams. 1985. Identity verification through keyboard characteristics. Int. J. Man-Mach. Stud. 23, 3 (1985), 263–273.Google ScholarCross Ref
Changsheng Wu, Wenbo Ding, Ruiyuan Liu, Jiyu Wang, Aurelia C. Wang, Jie Wang, Shengming Li, Yunlong Zi, and Zhong Lin Wang. 2018. Keystroke dynamics enabled authentication and identification using triboelectric nanogenerator array. Mater. Today 21, 3 (2018), 216--222. DOI:https://doi.org/10.1016/j.mattod.2018.01.006Google ScholarCross Ref
Tong Zhu, Qiang Ma, Shanfeng Zhang, and Yunhao Liu. 2014. Context-free attacks using keyboard acoustic emanations. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS’14). ACM, New York, NY, 453--464. DOI:https://doi.org/10.1145/2660267.2660296Google ScholarDigital Library
John Zulueta, Piscitello Andrea, Mladen Rasic, Rebecca Easter, Pallavi Babu, Scott Langenecker, Melvin McInnis, Olusola Ajilore, Peter Nelson, Kelly Ryan, and Alex Leow. 2017. Predicting mood disturbance severity in bipolar subjects with mobile phone keystroke dynamics and metadata. Bio. Psych. 81, 10 (May 2017).Google Scholar

Index Terms

Discriminative Power of Typing Features on Desktops, Tablets, and Phones for User Identification
1. Human-centered computing
  1. Human computer interaction (HCI)
    1. HCI design and evaluation methods
      1. Heuristic evaluations
    2. Interaction techniques
      1. Text input
2. Security and privacy
  1. Security services
    1. Authentication
      1. Biometrics

Recommendations

User authentication through typing biometrics features

This paper uses a static keystroke dynamics in user authentication. The inputs are the key down and up times and the key ASCII codes captured while the user is typing a string. Four features (key code, two keystroke latencies, and key duration) were ...
Read More
Continuous user authentication using multi-modal biometrics

As modern mobile devices increase in their capability and accessibility, they introduce additional demands in terms of security - particularly authentication. With the widely documented poor use of PINs, Active Authentication is designed to overcome the ...
Read More
Mobile user identification through authentication using keystroke dynamics and accelerometer biometrics
MOBILESoft '16: Proceedings of the International Conference on Mobile Software Engineering and Systems

Biometrics is everything that can be measured in a human being. It has two types; behavioral and physiological. This paper discusses the use of keystroke dynamics, a form of behavioral biometrics that deals with the measure of how a person types, and ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM Transactions on Privacy and Security Volume 23, Issue 1
February 2020
209 pages
ISSN:2471-2566
EISSN:2471-2574
DOI:10.1145/3382042
Editor:
David Basin
ETH Zurich, Switzerland
Issue’s Table of Contents
Copyright © 2020 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 5 February 2020
- Accepted: 1 December 2019
- Revised: 1 September 2019
- Received: 1 July 2018
Published in tops Volume 23, Issue 1

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Keystroke dynamics
context-sensitive features
desktop
discriminative power
phone
tablet
typing
Qualifiers
- research-article
- Research
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 8
  Total Citations
  View Citations
- 785
  Total Downloads
- Downloads (Last 12 months)142
- Downloads (Last 6 weeks)22
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format .

View HTML Format

Discriminative Power of Typing Features on Desktops, Tablets, and Phones for User Identification

ACM Transactions on Privacy and Security

Abstract

References

Cited By

Index Terms

Recommendations

User authentication through typing biometrics features

Continuous user authentication using multi-modal biometrics

Mobile user identification through authentication using keystroke dynamics and accelerometer biometrics