Does your mouse know it’s you? Researchers claim patterns can “fingerprint” users – and lock out imposters

When any computer user types on a keyboard, the pattern of keystrokes and pauses is unique – like a fingerprint. When using a mouse, or touchscreen, the patterns for each user are just as different – and Iowa State engineers aim to combine these “patterns” to identify people, instead of using usernames and passwords.

Describing the patterns as “cognitive fingerprints”, the Iowa State team can identify users via their typing rhythms with very high accuracy – false acceptance and rejection rates of just 0.5%, reports.

The experiments conducted by Morris Chang, associate professor of electrical and computer engineering, are large-scale – using more than 2,000 users, according to Iowa State’s report.

Chang says he can improve the accuracy rates by combining typing patterns with analysis of mouse or mobile device patterns.

“These pauses between words, searches for unusual characters and spellings of unfamiliar words, all have to do with our past experiences, our learning experiences,” Chang says. “We call them ‘cognitive fingerprints’ which manifest themselves in typing rhythms. Our technology is able to distinguish legitimate users versus imposters, based on the large-scale experiments we’ve been able to conduct.”

Chang’s work is supported by the Defense Advanced Research Projects Agency (DARPA).

The software – Cognitive Typing Rhythm – collects a user’s typing patterns during a 90-minute exercise. The pattern is loaded into a network’s security system, where it’s used to monitor users constantly.

“The system can see if the same person or an imposter is coming in to hijack the computer,” Chang said. If the system detects an unauthorized user, it can lock users out of a network, restrict access or ask for another password.

“When you use a computer today, the user is typically only verified during the initial login,” Chang said. “But DARPA wanted to know how we can assure the same person is using the computer as long as a session is still active. We had a hypothesis about how to do that, we implemented it and we proved it.”

Other researchers are creating similar systems that rely on identifying users by unconscious habits – as reported by We Live Security here.

SilentSense, announced in the wake of iPhone 5, can identify a user within 10 taps of the touchscreen with 99% accuracy, according to Cheng Bo of the Illinois Institute of Technology. The system works with a smartphone’s gyroscope and accelerometer to identify users, and even takes account of their gait as they walk, as reported by New Scientist.

“While using mobile devices, most people may follow certain individual habits unconsciously. Running as a background service,SilentSense exploits the user’s app usage and interacting behavior with each app, and uses the motion sensors to measure the device’s reaction,” says Bo.

Author , We Live Security

  • Ghost

    Impossible, sometimes people are concentrated and can type fast, but sometimes we are doing two or more things at the same time such as watching TV and surfing the internet and smoking or drinking something and the third Problem when the batteries in the keyboard are near the end or for some other reason the keyboard does not respond Correctly repeating some keys or not writing some keys.
    We are not robots to make everything of same way all the time.
    I never do the same thing exactly.

    • EyingTheLies

      Yes but you do do it in an identifiable way even though how you see yourself interacting with it changing over time!

Follow us

Copyright © 2017 ESET, All Rights Reserved.