Engineers Use Keyboard, Mouse and Mobile Device 'Fingerprints' to Protect Data

We've all typed in a password to access a computer network. But how secure is that? Passwords can be hacked or hijacked to get at sensitive personal, corporate or even national security data.

That reality has Iowa State engineers looking for methods beyond passwords to verify computer users and protect data. They started by tracking individual typing patterns; now they're working to identify and track individual patterns for using a mobile device or a computer mouse.

Morris Chang, an Iowa State University associate professor of electrical and computer engineering, says the patterns are unique to individuals.

"These pauses between words, searches for unusual characters and spellings of unfamiliar words, all have to do with our past experiences, our learning experiences," he said. "And so we call them 'cognitive fingerprints' which manifest themselves in typing rhythms."

Prototype software technology developed by Chang and his research team can identify differences in typing rhythms: In experiments at Iowa State involving more than 2,000 computer users, the technology recorded false acceptance and rejection rates of .5 percent.

"Our technology is able to distinguish legitimate users versus imposters, based on the large-scale experiments we've been able to conduct," Chang said.

He also said engineers can improve those accuracy rates by combining analysis of typing patterns with analysis of mouse or mobile device patterns.

The Defense Advanced Research Projects Agency (DARPA) of the U.S. Department of Defense has supported Chang's study of typing patterns with a one-year grant of $500,000. It is now supporting additional work in mobile device and mouse patterns with a two-year, $1.76 million grant.

Working with Chang to develop the cyber security technologies are Terry Fang, Kuan-Hsing Ho and Danny Shih, Iowa State graduate students in electrical and computer engineering.

Chang said studies of keystroke dynamics go all the way back to the Morse code days. But he said the earlier attempts weren't accurate enough to reliably identify users. The available technology just wasn't up to the job.

"The technology we use today helped us to facilitate our research approach," Chang said.

The engineers' Cognitive Typing Rhythm technology records and collects a computer user's typing patterns during a 90-minute typing exercise. That information is then loaded into the security system where it can be used to constantly monitor network users.

"The system can see if the same person or an imposter is coming in to hijack the computer," Chang said.

And when the system detects a hijacking, Chang said it could lock a user out of the network, restrict access to sensitive information or ask for another password.

The technology operates behind the scenes and is invisible to computer users. It doesn't require any additional hardware.

And it's now available for licensing from the Iowa State University Research Foundation.

"When you use a computer today, the user is typically only verified during the initial login," Chang said. "But DARPA wanted to know how we can assure the same person is using the computer as long as a session is still active. We had a hypothesis about how to do that, we implemented it and we proved it."

Featured

  • Why Communication is Key in an Emergency

    During an emergency, communication with the outside world can be a critical component when it comes to response time and saving lives. Emergency communications typically consist of alerts and warnings; directives about evacuating the premises; information about response status, and other matters that can impact response and recovery. Read Now

  • Trust But Verify

    Today’s world is built on software—whether it is third-party applications, open-source libraries, in-house developed tools, operating systems, containers or firmware. Organizations worldwide depend on these diverse software components to power their operations, connect with customers, and drive innovation. However, this reliance on software comes with hidden dangers: the blind trust placed in these software products. Many companies assume that the software they purchase, and use is secure and free from vulnerabilities, but recent high-profile software supply chain breaches have proven otherwise. The reality is that every piece of software, no matter how reputable the source, increases the organization’s attack surface and poses new risks. Read Now

  • Impact on Digital Transformation

    A 2023 Statista report projects that by 2030 there will be 30 billion Internet of Things (IoT) devices in use. That is three times as many as there were in 2020. The numbers continue to grow because connecting sensors and systems, especially across a business, promises big efficiency gains and new insights. As such, the IoT and IIoT (Industrial Internet of Things) have become a launching pad for digital transformation -- not only for individual organizations but for entire industries. Read Now

  • Optimizing Security and Business Performance with Clarity and Control

    In recent years, the security sector has experienced a significant influx of innovative technologies that have fundamentally transformed how organizations design, implement, and oversee their security programs. The widespread adoption of cloud-based infrastructure, edge processing, and AI or machine learning (ML) driven analytics has brought about revolutionary changes in applications such as access control, video surveillance and emerging areas like threat detection and drone identification. Read Now

Featured Cybersecurity

Webinars

New Products

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge. 3

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation. 3

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles. 3