view counter

Data protectionUsing keyboard, mouse, and mobile device “fingerprints” to protect data

Published 21 November 2013

Passwords are not secure because they can be hacked or hijacked to get at sensitive personal, corporate, or even national security data. Researchers suggest a more secure way to verify computer users and protect data: tracking individual typing patterns. The researchers are now working on developing ways to identify and track individual patterns of using a mobile device or a computer mouse.

We have all typed in a password to access a computer network. How secure is that, however? Passwords can be hacked or hijacked to get at sensitive personal, corporate or even national security data.

That reality has Iowa State engineers looking for methods beyond passwords to verify computer users and protect data. An Iowa State University release reports that they started by tracking individual typing patterns; now they are working to identify and track individual patterns for using a mobile device or a computer mouse.

Morris Chang, an Iowa State University associate professor of electrical and computer engineering, says the patterns are unique to individuals.

“These pauses between words, searches for unusual characters and spellings of unfamiliar words, all have to do with our past experiences, our learning experiences,” he said. “And so we call them ‘cognitive fingerprints’ which manifest themselves in typing rhythms.”

Prototype software technology developed by Chang and his research team can identify differences in typing rhythms: In experiments at Iowa State involving more than 2,000 computer users, the technology recorded false acceptance and rejection rates of 0.5 percent.

“Our technology is able to distinguish legitimate users versus imposters, based on the large-scale experiments we’ve been able to conduct,” Chang said.

He also said engineers can improve those accuracy rates by combining analysis of typing patterns with analysis of mouse or mobile device patterns.

A defense initiative
The Defense Advanced Research Projects Agency (DARPA) of the U.S. Department of Defense has supported Chang’s study of typing patterns with a one-year grant of $500,000. It is now supporting additional work in mobile device and mouse patterns with a two-year, $1.76 million grant.

Working with Chang to develop the cyber security technologies are Terry Fang, Kuan-Hsing Ho and Danny Shih, Iowa State graduate students in electrical and computer engineering.

Chang said studies of keystroke dynamics go all the way back to the Morse code days. He said, however, that the earlier attempts weren’t accurate enough to reliably identify users. The available technology just wasn’t up to the job.

“The technology we use today helped us to facilitate our research approach,” Chang said.

The engineers’ Cognitive Typing Rhythm technology records and collects a computer user’s typing patterns during a 90-minute typing exercise. That information is then loaded into the

security system where it can be used to constantly monitor network users.

“The system can see if the same person or an imposter is coming in to hijack the computer,” Chang said.

When the system detects a hijacking, Chang said it could lock a user out of the network, restrict access to sensitive information or ask for another password.

The technology operates behind the scenes and is invisible to computer users. It does not require any additional hardware. It is now available for licensing from the Iowa State University Research Foundation.

“When you use a computer today, the user is typically only verified during the initial login,” Chang said. “But DARPA wanted to know how we can assure the same person is using the computer as long as a session is still active. We had a hypothesis about how to do that, we implemented it and we proved it.”

view counter
view counter