Iowa State engineers use keyboard, mouse and mobile device 'fingerprints' to protect data

Nov 19, 2013
Iowa State engineers use keyboard, mouse and mobile device 'fingerprints' to protect data
Iowa State's Morris Chang, Terry Fang and Danny Shih, left to right, are working to use typing, mouse and mobile device use patterns to secure networks and data. Credit: Amy Vinchattle.

We've all typed in a password to access a computer network. But how secure is that? Passwords can be hacked or hijacked to get at sensitive personal, corporate or even national security data.

That reality has Iowa State engineers looking for methods beyond passwords to verify computer users and protect data. They started by tracking individual typing patterns; now they're working to identify and track individual patterns for using a mobile device or a .

Morris Chang, an Iowa State University associate professor of electrical and computer engineering, says the patterns are unique to individuals.

"These pauses between words, searches for unusual characters and spellings of unfamiliar words, all have to do with our past experiences, our learning experiences," he said. "And so we call them 'cognitive fingerprints' which manifest themselves in typing rhythms."

Prototype software technology developed by Chang and his research team can identify differences in typing rhythms: In experiments at Iowa State involving more than 2,000 computer users, the technology recorded false acceptance and rejection rates of .5 percent.

"Our technology is able to distinguish legitimate users versus imposters, based on the large-scale experiments we've been able to conduct," Chang said.

He also said engineers can improve those accuracy rates by combining analysis of typing patterns with analysis of mouse or mobile device patterns.

A defense initiative

The Defense Advanced Research Projects Agency (DARPA) of the U.S. Department of Defense has supported Chang's study of typing patterns with a one-year grant of $500,000. It is now supporting additional work in mobile device and mouse patterns with a two-year, $1.76 million grant.

Working with Chang to develop the cyber security technologies are Terry Fang, Kuan-Hsing Ho and Danny Shih, Iowa State graduate students in electrical and .

Chang said studies of keystroke dynamics go all the way back to the Morse code days. But he said the earlier attempts weren't accurate enough to reliably identify users. The available technology just wasn't up to the job.

"The technology we use today helped us to facilitate our research approach," Chang said.

The engineers' Cognitive Typing Rhythm technology records and collects a computer user's typing patterns during a 90-minute typing exercise. That information is then loaded into the security system where it can be used to constantly monitor network users.

"The system can see if the same person or an imposter is coming in to hijack the computer," Chang said.

And when the system detects a hijacking, Chang said it could lock a user out of the network, restrict access to sensitive information or ask for another password.

The technology operates behind the scenes and is invisible to . It doesn't require any additional hardware. And it's now available for licensing from the Iowa State University Research Foundation.

"When you use a computer today, the user is typically only verified during the initial login," Chang said. "But DARPA wanted to know how we can assure the same person is using the computer as long as a session is still active. We had a hypothesis about how to do that, we implemented it and we proved it."

Explore further: Google relents—adds system password prompt before displaying web passwords

Related Stories

Individual typing style gives key to user authentication

May 16, 2012

Your typing style is as individual as your fingerprints. Being able to use typing style to identify a change in users could be a vital security and forensic support for organisations such as banks, the military ...

Better passwords get with the beat

May 17, 2011

No password is 100% secure. There are always ways and means for those with malicious intent to hack, crack or socially engineer access to a password. Indeed, there are more and more websites and databases compromised on a ...

Researcher sees new angles in visual search

Oct 26, 2011

Engineering professor Shih-Fu Chang is trying to make visual search technology as effortless as typing a keyword like “Morningside restaurants” into Google.

Recommended for you

User comments : 0

More news stories

Health care site flagged in Heartbleed review

People with accounts on the enrollment website for President Barack Obama's signature health care law are being told to change their passwords following an administration-wide review of the government's vulnerability to the ...

Airbnb rental site raises $450 mn

Online lodging listings website Airbnb inked a $450 million funding deal with investors led by TPG, a source close to the matter said Friday.

Under some LED bulbs whites aren't 'whiter than white'

For years, companies have been adding whiteners to laundry detergent, paints, plastics, paper and fabrics to make whites look "whiter than white," but now, with a switch away from incandescent and fluorescent lighting, different ...