Home » Cyber » DARPA Develops Keyboard Security System

DARPA Develops Keyboard Security System

by Kris Osborn on May 28, 2014

KeyboardThe rhythm, timing and tactile characteristics of how a person types on a computer keyboard or presses keys on a smartphone screen can be used to verify identify and prevent hacking and computer fraud, according to an ongoing project with the Pentagon’s research arm and Louisiana Tech University.

Computer scientists with Louisiana Tech University are working on a collaborative project with the Defense Advanced Projects Research Agency, or DARPA, to refine algorithms able to authenticate computer and smartphone users. This is the sort of project that could release the military from having to use Common Access Cards to access government computers.

“We build a digital signature for someone. That digital signature captures the way a person interacts with the device. As you use the keyboard, algorithms that we have and software that we have verifies that you are the person using the keyboard. We can continuously authenticate,” said Michael O’Neal, a professor of computer science at Louisiana Tech University.

Louisiana Tech is  six months into the program with DARPA, but computer scientists there have spent more than 10 years working on the theoretical foundation for the technology.

“One way to think about it is my hand and your hand are different. My muscle memory and your muscle memory are different — so if I type the word ‘the,’ I will hold down the ‘T’ for a different amount of time. The timing and the spacing between the ‘T’ and the ‘H’ when I type will be different than when you type. We use those low level characteristics to build a model of how you interact with the keyboard,” O’Neal said.

O’Neal said the technology, which is currently about 95-perecent accurate, could have implications for securing military computers or even something like online banking.

“Passwords are too insecure. This is another way of authenticating that a person is the person who is using the device,” he added.

Similar technology is also being applied to smartphones, wherein a user’s swiping, typing, holding and even walking patterns can all be used to verify identify and therefore increase security.

In fact, the way someone holds a smartphone and types and swipes on the screen can all become part of security-minded algorithms designed to prevent the wrong person from using the device, said O’Neal and Vir Phoha, a computer science professor at Louisiana Tech University.

The algorithms can even calculate the precise gait and step with which a person walks in order to establish that the right person is walking with the phone. The algorithms are engineered to store the speed, timing and direction of swiping patterns as well as typing patterns and movements such holding the phone and even walking, Phoha explained.

“With mobile devices you can use the accelerometer and gyroscope to look at the way a person holds a phone and how they move the phone. In about 10 to 15 steps we can determine that you were not walking with your phone,” Phoha said. “The system is very robust against attacks.”

Referred to as behavioral biometrics based on behavior patterns, this type of authentication is designed to provide security without needing an external or physical device such as an iris scanner or fingerprint machine technology.

“We’re looking to find partners that are interested in this technology. We’re ready now to start building systems to utilize the technology,” Phoha said.

Share |

{ 17 comments… read them below or add one }

Uncle Bill May 28, 2014 at 6:37 pm

Game changer. Again, increasing processing power has changed the rules.

Reply

William A. Peterson May 30, 2014 at 10:19 am

Uhmm, maybe, but more likely a disaster. Sure, it might work well 98% of the time, in peacetime, in most non-combat situations… and that's worthwhile! But…
What happens, in a combat situation, where the user is wounded, and the pain is throwing off his typing rythym? Is he left unable to identify himself, to call for help, or to report his position? For that matter, what happens if the peacetime soldier tries using it while suffering from a hangover? Not saying it's doomed, just saying these questions need to be answered…

Reply

Nah June 3, 2014 at 9:47 pm

Here's the change: the tax payers just got screwed out of yet another pile of hard earned money. Got that Uncle BillS?

Reply

hibeam May 29, 2014 at 12:35 am

Can this new keyboard analysis software detect when a bonehead is putting the name of a CIA agent in an open e-mail? That would be a very useful feature in this administration.

Reply

NathanS May 29, 2014 at 1:46 am

Would you really want to put a list of all CIA agents into a program and roll it out to all devices on your network? By closing a small security risk, you're creating a much bigger one.

Reply

Will May 29, 2014 at 9:30 am

I believe he's joking, Nathan.

Reply

Beno May 29, 2014 at 4:16 am

That is Idiotic. I cut my finger yesterday and cant use my fingerprint scanner with that finger. Can you imagin how a sprained wrist, or tennis elbow, never mind phycological effects of engament will mess with you typing rhythem !?!?!? what !

Reply

spec May 29, 2014 at 2:16 pm

It's not the first nor the last brainless contraption you should expect from the idiots in the increasingly stupid and pathetic pool of US engineers.

Reply

Dr. Judson May 29, 2014 at 6:37 am

I agree with Beno regarding "DARPA Develops Keyboard Security System" DARPA should have more important items to research than keyboard usage style.

Reply

Riceball May 29, 2014 at 1:11 pm

This is pretty cool, sort of reminds me of how back in the days of MORSE each operator had his/her own distinct "signature" in the way they tapped out their messages. I think that this tech has some real potential.

Reply

JohnB May 29, 2014 at 4:42 pm

A keyboard that can smell people 's odor would be more useful.

Reply

Isoroku Yamamoto June 2, 2014 at 6:15 am

Seat-bottom sensor?

Reply

Chris May 29, 2014 at 8:15 pm

just like the old CW or Morse you could tell who was sending when you got good at it, this does look good

Reply

Mary ringo June 1, 2014 at 7:51 am

All the posts you have received are excellent, this has been tried before with poor results, we are each unique – encryption….counting, rythm, and mechanicalism is done by the brain, if you can keep the brain from maniuplating our hands then you may have something, there is an algorithm with the subconscious.

Reply

Isoroku Yamamoto June 2, 2014 at 6:14 am

If this "works" as well as predictive text we are doomed!

Reply

beage June 2, 2014 at 11:41 am

there are still cyber hackers.. and how would you know who was compromised if there was a breach?

Reply

William June 5, 2014 at 8:06 am

The real question is how hard is it to duplicate someone else's patterns or more seriously how hard is it to write some code that "tries all the patterns". It would seem to be subject to the same brute force attacks that try all the possible passwords.

Reply

Leave a Comment

Previous post:

Next post: