The rhythm, timing and tactile characteristics of how a person types on a computer keyboard or presses keys on a smartphone screen can be used to verify identify and prevent hacking and computer fraud, according to an ongoing project with the Pentagon’s research arm and Louisiana Tech University.
Computer scientists with Louisiana Tech University are working on a collaborative project with the Defense Advanced Projects Research Agency, or DARPA, to refine algorithms able to authenticate computer and smartphone users. This is the sort of project that could release the military from having to use Common Access Cards to access government computers.
“We build a digital signature for someone. That digital signature captures the way a person interacts with the device. As you use the keyboard, algorithms that we have and software that we have verifies that you are the person using the keyboard. We can continuously authenticate,” said Michael O’Neal, a professor of computer science at Louisiana Tech University.
Louisiana Tech is six months into the program with DARPA, but computer scientists there have spent more than 10 years working on the theoretical foundation for the technology.
“One way to think about it is my hand and your hand are different. My muscle memory and your muscle memory are different — so if I type the word ‘the,’ I will hold down the ‘T’ for a different amount of time. The timing and the spacing between the ‘T’ and the ‘H’ when I type will be different than when you type. We use those low level characteristics to build a model of how you interact with the keyboard,” O’Neal said.
O’Neal said the technology, which is currently about 95-perecent accurate, could have implications for securing military computers or even something like online banking.
“Passwords are too insecure. This is another way of authenticating that a person is the person who is using the device,” he added.
Similar technology is also being applied to smartphones, wherein a user’s swiping, typing, holding and even walking patterns can all be used to verify identify and therefore increase security.
In fact, the way someone holds a smartphone and types and swipes on the screen can all become part of security-minded algorithms designed to prevent the wrong person from using the device, said O’Neal and Vir Phoha, a computer science professor at Louisiana Tech University.
The algorithms can even calculate the precise gait and step with which a person walks in order to establish that the right person is walking with the phone. The algorithms are engineered to store the speed, timing and direction of swiping patterns as well as typing patterns and movements such holding the phone and even walking, Phoha explained.
“With mobile devices you can use the accelerometer and gyroscope to look at the way a person holds a phone and how they move the phone. In about 10 to 15 steps we can determine that you were not walking with your phone,” Phoha said. “The system is very robust against attacks.”
Referred to as behavioral biometrics based on behavior patterns, this type of authentication is designed to provide security without needing an external or physical device such as an iris scanner or fingerprint machine technology.
“We’re looking to find partners that are interested in this technology. We’re ready now to start building systems to utilize the technology,” Phoha said.