i sensed it was you: authenticating mobile users with...
TRANSCRIPT
I Sensed It Was You: Authenticating Mobile Userswith Sensor-enhanced Keystroke Dynamics
Cristiano Giuffrida Kamil Majdanik Mauro Conti Herbert Bos
VU University Amsterdam
11th Conference on Detection of Intrusions andMalware and Vulnerability Assessment
Egham, UKJuly 10-11, 2014
1 / 18I Sensed It Was You: Authenticating Mobile Users with Sensor-enhanced Keystroke Dynamics Cristiano Giuffrida
The Blossom of the Mobile Computing Era
2 / 18I Sensed It Was You: Authenticating Mobile Users with Sensor-enhanced Keystroke Dynamics Cristiano Giuffrida
Mobile Data
Presentations / briefing notes.
Address book information.
Personal photos, movies, and email.
Personal health, salary, and benefits information.
Access credentials for networks and applications.
Credit card and e-banking information.
3 / 18I Sensed It Was You: Authenticating Mobile Users with Sensor-enhanced Keystroke Dynamics Cristiano Giuffrida
Mobile Threats
4 / 18I Sensed It Was You: Authenticating Mobile Users with Sensor-enhanced Keystroke Dynamics Cristiano Giuffrida
Mobile Threats
4 / 18I Sensed It Was You: Authenticating Mobile Users with Sensor-enhanced Keystroke Dynamics Cristiano Giuffrida
Mobile Threats
4 / 18I Sensed It Was You: Authenticating Mobile Users with Sensor-enhanced Keystroke Dynamics Cristiano Giuffrida
Mobile Threats
4 / 18I Sensed It Was You: Authenticating Mobile Users with Sensor-enhanced Keystroke Dynamics Cristiano Giuffrida
Mobile Authentication
Password/PIN/Pattern-based authentication.
" Simple and widespread.
% No continuous authentication.
% Prone to guessing attacks (not mobile specific).
% Prone to smudge [WOOT’10] and shoulder-surfing [CCS’13] attacks.
Biometric authentication.
" A viable option for many mobile users.
" Amenable to continuous authentication.
" Several existing mechanisms: gaits, gestures, keystroke dynamics.
% Poor accuracy (> 5%EER) or prone to statistical attacks [CCS’13].
5 / 18I Sensed It Was You: Authenticating Mobile Users with Sensor-enhanced Keystroke Dynamics Cristiano Giuffrida
WWW: What We Want
High-accuracy biometric authentication for mobile devices.
Robustness against human attacks.
Robustness against statistical attacks.
Static authentication capabilities.
Continuous authentication capabilities.
Robustness against uncontrolled settings.
6 / 18I Sensed It Was You: Authenticating Mobile Users with Sensor-enhanced Keystroke Dynamics Cristiano Giuffrida
WWW: What We Want
" High-accuracy biometric authentication for mobile devices.
" Robustness against human attacks.
- Robustness against statistical attacks.
" Static authentication capabilities.
- Continuous authentication capabilities.
- Robustness against uncontrolled settings.
6 / 18I Sensed It Was You: Authenticating Mobile Users with Sensor-enhanced Keystroke Dynamics Cristiano Giuffrida
Sensor-enhanced Keystroke Dynamics
Soft keyboard on a mobile device
7 / 18I Sensed It Was You: Authenticating Mobile Users with Sensor-enhanced Keystroke Dynamics Cristiano Giuffrida
Sensor-enhanced Keystroke Dynamics
Scenario: User typing ’HELLO’
7 / 18I Sensed It Was You: Authenticating Mobile Users with Sensor-enhanced Keystroke Dynamics Cristiano Giuffrida
Sensor-enhanced Keystroke Dynamics
User 1 KeyDowns User 1 KeyUps
Keystroke dynamics
7 / 18I Sensed It Was You: Authenticating Mobile Users with Sensor-enhanced Keystroke Dynamics Cristiano Giuffrida
Sensor-enhanced Keystroke Dynamics
User 1 KeyDowns User 1 KeyUps
Keystroke dynamics
7 / 18I Sensed It Was You: Authenticating Mobile Users with Sensor-enhanced Keystroke Dynamics Cristiano Giuffrida
Sensor-enhanced Keystroke Dynamics
User 1 KeyDowns User 1 KeyUps
Keystroke dynamics
7 / 18I Sensed It Was You: Authenticating Mobile Users with Sensor-enhanced Keystroke Dynamics Cristiano Giuffrida
Sensor-enhanced Keystroke Dynamics
User 1 KeyDowns User 1 KeyUps
Keystroke dynamics
7 / 18I Sensed It Was You: Authenticating Mobile Users with Sensor-enhanced Keystroke Dynamics Cristiano Giuffrida
Sensor-enhanced Keystroke Dynamics
User 1 KeyDowns User 1 KeyUps
Keystroke dynamics
7 / 18I Sensed It Was You: Authenticating Mobile Users with Sensor-enhanced Keystroke Dynamics Cristiano Giuffrida
Sensor-enhanced Keystroke Dynamics
User 1 KeyDowns User 1 KeyUps
Keystroke dynamics
7 / 18I Sensed It Was You: Authenticating Mobile Users with Sensor-enhanced Keystroke Dynamics Cristiano Giuffrida
Sensor-enhanced Keystroke Dynamics
User 1 KeyDowns User 1 KeyUps
Keystroke dynamics
7 / 18I Sensed It Was You: Authenticating Mobile Users with Sensor-enhanced Keystroke Dynamics Cristiano Giuffrida
Sensor-enhanced Keystroke Dynamics
User 1 KeyDowns User 1 KeyUps
Keystroke dynamics
7 / 18I Sensed It Was You: Authenticating Mobile Users with Sensor-enhanced Keystroke Dynamics Cristiano Giuffrida
Sensor-enhanced Keystroke Dynamics
User 1 KeyDowns User 1 KeyUps
Keystroke dynamics
7 / 18I Sensed It Was You: Authenticating Mobile Users with Sensor-enhanced Keystroke Dynamics Cristiano Giuffrida
Sensor-enhanced Keystroke Dynamics
User 1 KeyDowns User 1 KeyUps
Keystroke dynamics
7 / 18I Sensed It Was You: Authenticating Mobile Users with Sensor-enhanced Keystroke Dynamics Cristiano Giuffrida
Sensor-enhanced Keystroke Dynamics
User 1 KeyDowns User 1 KeyUps
Keystroke dynamics
7 / 18I Sensed It Was You: Authenticating Mobile Users with Sensor-enhanced Keystroke Dynamics Cristiano Giuffrida
Sensor-enhanced Keystroke Dynamics
User 1 KeyDowns User 1 KeyUps
Keystroke dynamics
7 / 18I Sensed It Was You: Authenticating Mobile Users with Sensor-enhanced Keystroke Dynamics Cristiano Giuffrida
Sensor-enhanced Keystroke Dynamics
User 1 User 1 KeyDowns User 1 KeyUps
-0,10
-0,05
0,00
0,05
0,10
Val
ue
Gyr
osc
op
e
Sensor-enhanced keystroke dynamics
7 / 18I Sensed It Was You: Authenticating Mobile Users with Sensor-enhanced Keystroke Dynamics Cristiano Giuffrida
Sensor-enhanced Keystroke Dynamics
User 1 User 1 KeyDowns User 1 KeyUps
-0,10
-0,05
0,00
0,05
0,10
Val
ue
Gyr
osc
op
e
Sensor-enhanced keystroke dynamics
7 / 18I Sensed It Was You: Authenticating Mobile Users with Sensor-enhanced Keystroke Dynamics Cristiano Giuffrida
Sensor-enhanced Keystroke Dynamics
User 1 User 1 KeyDowns User 1 KeyUps
-0,10
-0,05
0,00
0,05
0,10
Val
ue
Gyr
osc
op
e
Sensor-enhanced keystroke dynamics
7 / 18I Sensed It Was You: Authenticating Mobile Users with Sensor-enhanced Keystroke Dynamics Cristiano Giuffrida
Sensor-enhanced Keystroke Dynamics
User 1 User 1 KeyDowns User 1 KeyUps
-0,10
-0,05
0,00
0,05
0,10
Val
ue
Gyr
osc
op
e
Sensor-enhanced keystroke dynamics
7 / 18I Sensed It Was You: Authenticating Mobile Users with Sensor-enhanced Keystroke Dynamics Cristiano Giuffrida
Sensor-enhanced Keystroke Dynamics
User 1 User 1 KeyDowns User 1 KeyUps
-0,10
-0,05
0,00
0,05
0,10
Val
ue
Gyr
osc
op
e
Sensor-enhanced keystroke dynamics
7 / 18I Sensed It Was You: Authenticating Mobile Users with Sensor-enhanced Keystroke Dynamics Cristiano Giuffrida
Sensor-enhanced Keystroke Dynamics
User 1 User 1 KeyDowns User 1 KeyUps
-0,10
-0,05
0,00
0,05
0,10
Val
ue
Gyr
osc
op
e
Sensor-enhanced keystroke dynamics
7 / 18I Sensed It Was You: Authenticating Mobile Users with Sensor-enhanced Keystroke Dynamics Cristiano Giuffrida
Sensor-enhanced Keystroke Dynamics
User 1 User 1 KeyDowns User 1 KeyUps
-0,10
-0,05
0,00
0,05
0,10
Val
ue
Gyr
osc
op
e
Sensor-enhanced keystroke dynamics
7 / 18I Sensed It Was You: Authenticating Mobile Users with Sensor-enhanced Keystroke Dynamics Cristiano Giuffrida
Sensor-enhanced Keystroke Dynamics
User 1 User 1 KeyDowns User 1 KeyUps
-0,10
-0,05
0,00
0,05
0,10
Val
ue
Gyr
osc
op
e
Sensor-enhanced keystroke dynamics
7 / 18I Sensed It Was You: Authenticating Mobile Users with Sensor-enhanced Keystroke Dynamics Cristiano Giuffrida
Sensor-enhanced Keystroke Dynamics
User 1 User 1 KeyDowns User 1 KeyUps
-0,10
-0,05
0,00
0,05
0,10
Val
ue
Gyr
osc
op
e
Sensor-enhanced keystroke dynamics
7 / 18I Sensed It Was You: Authenticating Mobile Users with Sensor-enhanced Keystroke Dynamics Cristiano Giuffrida
Sensor-enhanced Keystroke Dynamics
User 1 User 1 KeyDowns User 1 KeyUps
-0,10
-0,05
0,00
0,05
0,10
Val
ue
Gyr
osc
op
e
Sensor-enhanced keystroke dynamics
7 / 18I Sensed It Was You: Authenticating Mobile Users with Sensor-enhanced Keystroke Dynamics Cristiano Giuffrida
Sensor-enhanced Keystroke Dynamics
User 1 User 1 KeyDowns User 1 KeyUps
-0,10
-0,05
0,00
0,05
0,10
Val
ue
Gyr
osc
op
e
Sensor-enhanced keystroke dynamics
7 / 18I Sensed It Was You: Authenticating Mobile Users with Sensor-enhanced Keystroke Dynamics Cristiano Giuffrida
Sensor-enhanced Keystroke Dynamics
User 1 User 1 KeyDowns User 1 KeyUps
-0,10
-0,05
0,00
0,05
0,10
Val
ue
Gyr
osc
op
e
Sensor-enhanced keystroke dynamics
7 / 18I Sensed It Was You: Authenticating Mobile Users with Sensor-enhanced Keystroke Dynamics Cristiano Giuffrida
Unagi
2l 3l 4l 5l 6l 7l 8l 9l 0l1l
Ql Wl Ul Il OlEl Rl Tl Yl Pl
Al Sl Dl Fl Gl Hl Jl Kl Ll Dell
Zl Xl Cl Vl Bl Nl MlShiftl
Sensor
samples
Keystroke
events
KD
Feature extractionmodule
Trainingmodule
Detectionmodule
8 / 18I Sensed It Was You: Authenticating Mobile Users with Sensor-enhanced Keystroke Dynamics Cristiano Giuffrida
Gathering Keystroke Events
Modified Android keyboard intercepts and records keystroke events.
Records only events of interest (i.e., alphanumeric characters).
KD time: Timestamp associated to key-down events.
KU time: Timestamp associated to key-up events.
9 / 18I Sensed It Was You: Authenticating Mobile Users with Sensor-enhanced Keystroke Dynamics Cristiano Giuffrida
Gathering Sensor Data
Gyroscope Accelerometer
Relies on the Android API to record sensor values while typing.
Can sample sensor values at a high frequency (e.g., 17 Hz).
Gyroscope: measures device orientation on the 3 axes.
Accelerometer: measures device acceleration on the 3 axes.
10 / 18I Sensed It Was You: Authenticating Mobile Users with Sensor-enhanced Keystroke Dynamics Cristiano Giuffrida
Feature Extraction
A A A
A B C
KD-KD
KD-KU
KU-KU
KU-KD
Traditional keystroke dynamics
11 / 18I Sensed It Was You: Authenticating Mobile Users with Sensor-enhanced Keystroke Dynamics Cristiano Giuffrida
Feature Extraction
A A A
A B C
0.5-graph
1-graph
1.5-graph
Complete word
KUKD KUKD KUKD
1 feature for each n-graph between KD/KU events.
Keystroke dynamics: time interval associated to each n-graph.
Sensor dynamics: statistical metrics associated to each n-graph.
11 / 18I Sensed It Was You: Authenticating Mobile Users with Sensor-enhanced Keystroke Dynamics Cristiano Giuffrida
Detection
Features gathered in a labeled vector and normalized.
Feature vectors used to train a binary classification algorithm.
Algorithms:Once-class Support Vector Machines (SVM).Naive Bayes.k-Nearest Neighbors (kNN).Mean algorithm.
Distance metrics:Euclidean.Euclidean normed.Manhattan.Manhattan scaled.Mahalanobis.
12 / 18I Sensed It Was You: Authenticating Mobile Users with Sensor-enhanced Keystroke Dynamics Cristiano Giuffrida
Experimental Setup
Fixed-text authentication system in a controlled setting.
2 predetermined passwords: “internet” and “satellite”.
20 test subjects, 40 (typo-free) password repetitions.
Samsung Nexus S with a soft landscape keyboard.
Trained detector for each user using leave-one-out cross-validation.
Measured FAR, FRR, EER and averaged results across users.
Factors considered: window size, algorithm, sampling frequency.
13 / 18I Sensed It Was You: Authenticating Mobile Users with Sensor-enhanced Keystroke Dynamics Cristiano Giuffrida
Accuracy vs. Window Size
4,00%
5,00%
6,00%
7,00%
8,00%
9,00%
10,00%
0.5-graph 0.5-graph &1.0-graph
1.5-graph &0.5-graph &1.0-graph
2.0-graph &0.5-graph &1.0-graph
2.5-graph &0.5-graph &1.0-graph
3.0-graph &0.5-graph &1.0-graph
3.5-graph &0.5-graph &1.0-graph
4.0-graph &0.5-graph &1.0-graph
4.5-graph &0.5-graph &1.0-graph
EE
R
internet (min) satellite (min)
0,00%
0,05%
0,10%
0,15%
0,20%
0,25%
0,30%
1.0-graph 1.5-graph 2.0-graph 2.5-graph 3.0-graph 3.5-graph 4.0-graph 4.5-graph whole word
EE
R
internet (min) satellite (min)
14 / 18I Sensed It Was You: Authenticating Mobile Users with Sensor-enhanced Keystroke Dynamics Cristiano Giuffrida
Accuracy vs. Detection Algorithm
0,00%
0,20%
0,40%
0,60%
0,80%
1,00%
1,20%
1,40%
EER
sensors sensors & timings
15 / 18I Sensed It Was You: Authenticating Mobile Users with Sensor-enhanced Keystroke Dynamics Cristiano Giuffrida
Accuracy vs. Sampling Frequency
0,00%
0,50%
1,00%
1,50%
2,00%
2,50%
3,00%
3,50%
4,00%
0,03 0,09 0,17 0,34 0,85 1,70 3,40 4,25 5,67 8,50 11,33 12,75 13,60 15,30 16,15 16,66 16,83 16,92 16,97 17,00
EE
R
Frequency (Hz)
16 / 18I Sensed It Was You: Authenticating Mobile Users with Sensor-enhanced Keystroke Dynamics Cristiano Giuffrida
Summary
Sensor-enhanced Keystroke Dynamics (SKD): A new biometricauthentication mechanism for mobile devices.
Unagi: A fixed-text authentication system based on SKD.
Key results:
Movement sensors are suitable for biometric authentication purposes.
Sensors can drastically enhance keystroke dynamics accuracy.
Effective even with short passwords and low sampling frequencies.
Future work:
Applicability to free-text authentication and uncontrolled settings.
Robustness against statistical attacks.
17 / 18I Sensed It Was You: Authenticating Mobile Users with Sensor-enhanced Keystroke Dynamics Cristiano Giuffrida
I Sensed It Was You: Authenticating Mobile Userswith Sensor-enhanced Keystroke Dynamics
Thank you!Any questions?
Cristiano Giuffrida, Kamil Majdanik, Mauro Conti, Herbert Bos{giuffrida,k.majdanik,mconti,herbertb}@cs.vu.nl
VU University Amsterdam