Iowa State engineers use keyboard, mouse and mobile device 'fingerprints' to protect data

November 19, 2013
Iowa State engineers use keyboard, mouse and mobile device 'fingerprints' to protect data
Iowa State's Morris Chang, Terry Fang and Danny Shih, left to right, are working to use typing, mouse and mobile device use patterns to secure networks and data. Credit: Amy Vinchattle.

We've all typed in a password to access a computer network. But how secure is that? Passwords can be hacked or hijacked to get at sensitive personal, corporate or even national security data.

That reality has Iowa State engineers looking for methods beyond passwords to verify computer users and protect data. They started by tracking individual typing patterns; now they're working to identify and track individual patterns for using a mobile device or a .

Morris Chang, an Iowa State University associate professor of electrical and computer engineering, says the patterns are unique to individuals.

"These pauses between words, searches for unusual characters and spellings of unfamiliar words, all have to do with our past experiences, our learning experiences," he said. "And so we call them 'cognitive fingerprints' which manifest themselves in typing rhythms."

Prototype software technology developed by Chang and his research team can identify differences in typing rhythms: In experiments at Iowa State involving more than 2,000 computer users, the technology recorded false acceptance and rejection rates of .5 percent.

"Our technology is able to distinguish legitimate users versus imposters, based on the large-scale experiments we've been able to conduct," Chang said.

He also said engineers can improve those accuracy rates by combining analysis of typing patterns with analysis of mouse or mobile device patterns.

A defense initiative

The Defense Advanced Research Projects Agency (DARPA) of the U.S. Department of Defense has supported Chang's study of typing patterns with a one-year grant of $500,000. It is now supporting additional work in mobile device and mouse patterns with a two-year, $1.76 million grant.

Working with Chang to develop the cyber security technologies are Terry Fang, Kuan-Hsing Ho and Danny Shih, Iowa State graduate students in electrical and .

Chang said studies of keystroke dynamics go all the way back to the Morse code days. But he said the earlier attempts weren't accurate enough to reliably identify users. The available technology just wasn't up to the job.

"The technology we use today helped us to facilitate our research approach," Chang said.

The engineers' Cognitive Typing Rhythm technology records and collects a computer user's typing patterns during a 90-minute typing exercise. That information is then loaded into the security system where it can be used to constantly monitor network users.

"The system can see if the same person or an imposter is coming in to hijack the computer," Chang said.

And when the system detects a hijacking, Chang said it could lock a user out of the network, restrict access to sensitive information or ask for another password.

The technology operates behind the scenes and is invisible to . It doesn't require any additional hardware. And it's now available for licensing from the Iowa State University Research Foundation.

"When you use a computer today, the user is typically only verified during the initial login," Chang said. "But DARPA wanted to know how we can assure the same person is using the computer as long as a session is still active. We had a hypothesis about how to do that, we implemented it and we proved it."

Explore further: Google relents—adds system password prompt before displaying web passwords

Related Stories

Individual typing style gives key to user authentication

May 16, 2012

Your typing style is as individual as your fingerprints. Being able to use typing style to identify a change in users could be a vital security and forensic support for organisations such as banks, the military and universities, ...

Better passwords get with the beat

May 17, 2011

No password is 100% secure. There are always ways and means for those with malicious intent to hack, crack or socially engineer access to a password. Indeed, there are more and more websites and databases compromised on a ...

Researcher sees new angles in visual search

October 26, 2011

Engineering professor Shih-Fu Chang is trying to make visual search technology as effortless as typing a keyword like “Morningside restaurants” into Google.

Recommended for you

Android's Nougat update isn't flashy, but still pretty handy

September 28, 2016

Nougat, Google's latest update of its Android smartphone software, isn't particularly flashy; you might not even notice what's different about it at first. But it offers a number of practical time-saving features, plus a ...

Disabled man gets license, shows driverless tech's potential

September 28, 2016

Former Indy Racing League driver Sam Schmidt has done a lot in the 16 years since an accident left him paralyzed from the neck down. He runs a racing team and a foundation. He's raced a sailboat using his chin. But the man ...

Hyperloop pushes dream of low-cost futuristic transport

September 23, 2016

Is it a plane, is it a train? No, say supporters of Hyperloop, a futuristic mode of transport floated by Silicon Valley billionaire Elon Musk that promises high-tech, high-speed and cheap travel over long distances.

MIT's flea market specializes in rare, obscure electronics

September 25, 2016

Once a month in the summer, a small parking lot on the Massachusetts Institute of Technology's campus transforms into a high-tech flea market known for its outlandish offerings. Tables overflow with antique radio equipment, ...

First test of driverless minibus in Paris Saturday

September 24, 2016

The French capital's transport authority will on Saturday carry out its first test of a driverless minibus, in the hope that regular routes for the hi-tech vehicles will be up and running within two years.

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.