Professional Documents
Culture Documents
available at www.sciencedirect.com
Article history: Recently, mobile devices are used in financial applications such as banking and stock
Received 26 November 2007 trading. However, unlike desktops and notebook computers, a 4-digit personal identifica-
Received in revised form tion number (PIN) is often adopted as the only security mechanism for mobile devices.
2 June 2008 Because of their limited length, PINs are vulnerable to shoulder surfing and systematic
Accepted 29 October 2008 trial-and-error attacks. This paper reports the effectiveness of user authentication using
keystroke dynamics-based authentication (KDA) on mobile devices. We found that a KDA
Keywords: system can be effective for mobile devices in terms of authentication accuracy. Use of
Mobile device artificial rhythms leads to even better authentication performance.
Keystroke dynamics ª 2008 Elsevier Ltd. All rights reserved.
Artificial rhythms
Tempo cues
Biometrics
User authentication
* Corresponding author. Tel.: þ82 2 880 6275; fax: þ82 2 889 8560.
E-mail addresses: hss9414@snu.ac.kr (S.-s. Hwang), zoon@snu.ac.kr (S. Cho), shpark82@snu.ac.kr (S. Park).
0167-4048/$ – see front matter ª 2008 Elsevier Ltd. All rights reserved.
doi:10.1016/j.cose.2008.10.002
86 computers & security 28 (2009) 85–93
Fig. 2 – Three steps of KDA framework: enrollment, classifier building, and user authentication.
generation synchronized IMT-2000 cellular system the positions and lengths of pauses. The more combinations
(CDMA2000 1xEV-DO) (Qualcomm). there are, the harder an impostor can guess it correctly.
In order to prevent pauses from being inconsistent, tempo
2.2. Improving data quality cues are provided (Cho and Hwang, 2006). Tempo cues (Fig. 6)
work like a metronome helping the user keep the beat. Given
One way to cope with the lack of data quantity is to improve the tempo beat, the user only needs to remember the number
data quality. Data quality in KDA can be measured in terms of of beats for each pause. Usually, they can be provided in three
uniqueness, consistency, and discriminability (Cho and modes: auditory, visual, and audio-visual. In addition, users
Hwang, 2006). Uniqueness is concerned with how different are allowed to choose the tempo of the cue. It has another
a valid user’s typing patterns used to build a classifier are from advantage of improving uniqueness since only the valid user
those of potential impostors’. Also, consistency is concerned knows the tempo.
with how similar a valid user’s access typing patterns are to Fig. 3 presents the timing vectors of password ‘‘5805’’ from
his enroll typing patterns. Finally, discriminability is con- strategies ‘‘Natural Rhythm without Cue’’ (Fig. 3a) and ‘‘Arti-
cerned with how well access typing patterns and impostor ficial Rhythms with Cues’’ (Fig. 3b). The dotted lines represent
typing patterns could be separated. The definition of the enroll patterns, x, while the solid line represents the
discriminability implies that two possible approaches exist to prototype, m. Note that the timing vectors depicted in Fig. 3
improve discriminability. The first is to improve uniqueness, were normalized, or divided by the two-norm. When
and the second is to improve consistency. comparing timing vectors between strategies, there are
As one way to improve uniqueness, it has been proposed to differences in terms of both uniqueness and consistency.
type a password with artificial rhythms reproducible by the First, observe the intervals between ‘5’ and ‘8’ from ‘‘Artificial
valid user only (Cho and Hwang, 2006). Table 1 represents Rhythms with Cues’’ are very large compared to those from
various artificial rhythms to increase typing uniqueness. In ‘‘Natural Rhythm without Cue.’’ An impostor’s pattern would
this paper, pauses are selected among various artificial be more similar to those from ‘‘Natural Rhythm without Cue’’
rhythms since they are simple and easy to control. A user and it is highly likely to be distinct from those from ‘‘Artificial
inserted a number of intervals where deemed necessary to Rhythms with Cues.’’ Same can be said for intervals between
make the timing vector unique. As shown in Fig. 3, ‘‘5805’’ can ‘0’ and ‘5.’ Thus, long intervals improve uniqueness of a user’s
be typed as ‘‘5_ _ _80_ _5’’ with a three beat long pause between patterns. Second, observe that the differences between the
‘5’ and ‘8’, and another two beat long pause between ‘0’ and ‘5.’ enroll patterns and the prototype are smaller from ‘‘Artificial
There are many combinations of inserting pauses in terms of Rhythms with Cues’’ than from ‘‘Natural Rhythm without
Cue.’’ Tempo cues improved the consistency of the patterns the FRR and the FAR are equal. In practice, a threshold has to
from ‘‘Artificial Rhythms with Cues.’’ be decided empirically. For a more detailed discussion of
proper threshold selection, see Fawcett (2006). Without KDA,
2.3. Mobile application an impostor could login as a valid user if he knows the pass-
word, FAR ¼ 100% results. On the other hand, the valid user
The experiments were performed on the third generation will always be able to log in, which corresponds to FRR ¼ 0%,
synchronized IMT-2000 cellular system (CDMA2000 1xEV-DO) i.e., FAR ¼ 100% and FRR ¼ 0%.
(Qualcomm). The mobile device used is SAMSUNG SCH-V740
(Korean model number; Samsung Electronics website) as
shown in Fig. 4. The software authentication module was 3. Performance evaluation
implemented in WIPI (wireless Internet platform for interop-
erability), developed by the Mobile Platform Special Subcom- 3.1. Data collection
mittee of the Korea Wireless Internet Standardization Forum
(KWISF). These are standard specifications necessary for A total of 25 users aged from 22 to 33 (the average is 25.3)
providing an environment for mounting and implementing participated in our experiment in July 2006. In the experiment,
applications downloaded via the wireless Internet on the a 4-digit numeric PIN was used. Two strategies were
mobile communication terminal. For more details, see the employed: ‘‘Natural Rhythm without Cue’’ and ‘‘Artificial
WIPI website. Rhythms with Cues.’’ The same password for each user was
Any user authentication including KDA has two types of used in both strategies. Each user enrolled five typing patterns
error, i.e. false acceptance rate (FAR) and false rejection rate for each strategy. After enrollment, each user made 30 login
(FRR) (Golarelli et al., 1997). One type of error can be reduced at attempts using each strategy. Users were also given pass-
the expense of the other by varying a threshold. Thus, in order words of other users and told to act as ‘‘impostor’’ to those
to avoid effects of arbitrary threshold selection, the models passwords, i.e., typing it twice each. Since there are 24 ‘‘other’’
were compared in terms of the equal error rate (EER) where users, each user typed passwords 48 times. In summary, for
each password, we collected five enroll typing patterns, 30 candidate passwords used for the mobile handset is only
legitimate access typing patterns, and 48 impostor typing 10,000 (from 0000 to 9999). It is not difficult to guess a PIN
patterns. because an impostor might know the owner’s birth date or
The data above were collected from a scenario involving telephone number, and a PIN easy for one person to type
a virtual stock exchange (Fig. 5). A user designs one’s own would be also easy for another to type. For ‘‘Typing Hands,’’
artificial rhythm (Fig. 3) and chooses the type of tempo cues (see the fifth column of Table 2), 68% indicated ‘‘both hands’’
(Fig. 6). The tempo of the cue was fixed to 500 ms for while 32% indicated ‘‘one hand.’’ This implies that each user
convenience. might have a particular way to type on a mobile device as on
All users were asked the reason why a particular password a keyboard.
was chosen (Table 2). There are three different kinds of
reasons (see the fourth column of Table 2) for selecting 3.2. Experimental results
a password. First, familiar numbers were chosen such as
favorite combination, birth date, or telephone number. We introduced artificial rhythms and cues to improve data
Second, numbers that are easy to remember were selected. quality. Thus, we have to show from experiments that the
For instance, both users 09 and 19 chose ‘‘2580’’ because that quality actually improved. Hwang et al. (submitted for publi-
is an ‘‘easy’’ number for them although with different reasons. cation) showed that typing patterns from ‘‘Artificial Rhythms
The number keys used in ‘‘2580’’ are located in the middle with Cues’’ were significantly more unique and consistent
column of a keypad on the mobile phone, so it is easy to type. than those patterns from ‘‘Natural Rhythm without Cue.’’
‘‘2580’’ is also the title of a very popular TV investigative show Thus, we instead here show that the authentication accuracy
in Korea, similar to ‘‘60 Minutes’’ in the US. Thus, it is easy to improves.
remember. Third, certain passwords were chosen for no Table 3 presents the authentication results from two
particular reason at all. Of all users, 44% indicated ‘‘Famil- strategies ‘‘Natural Rhythm without Cue’’ and ‘‘Artificial
iarity,’’ and 32% indicated ‘‘Ease,’’ while only 24% indicated Rhythms with Cues.’’ Out of 25 users, 19 users’ EER decreased
‘‘Randomness.’’ This clearly suggests that introduction of 19% on average while six users’ EER increased 4% on average.
artificial rhythms and tempo cues could enhance security. Four users’ EER decreased to zero. Especially, the EERs of user
A PIN has been fixed to 4-digits for decades and the number of 03 and 14 were dramatically decreased, both from 40% to 0%
90 computers & security 28 (2009) 85–93
Fig. 6 – Various tempo cues. three lines change in (b). Both login and enroll distances are
very small while impostor distances are quite large. This
separation of login distances from impostor distances
accounts for perfect discrimination between legitimate user
and 34% to 0%, respectively. The overall EER decreased from
and impostors.
13% to 4% by using ‘‘Artificial Rhythms with Cues.’’
Recently, Hwang et al. (submitted for publication) found
Fig. 7 shows a detailed picture of what really happened.
that artificial rhythms and cues were particularly useful to
First, note that the classifier in our study is a very simple
distance based one. A prototype of a user’ enroll patterns is
calculated and stored. When a new keystroke pattern is pre-
sented, the distance between the pattern and the prototype is
computed. If it is small enough, access is granted. If not, it is Table 3 – The equal error rate (%) from two strategies.
not granted. In order to gain good authentication perfor- User Natural Artificial User Natural Artificial
mance, three conditions have to be met. First, enroll patterns Rhythm Rhythm Rhythms Rhythms
have to be consistent, or the ‘‘enroll distances’’ between the without with without with
prototype and the enroll patterns have to be small. Second, Cue Cues Cue Cues
login patterns have to be close to the enroll prototype, or the User 01 14 0 User 15 18 4
‘‘login distances’’ between the enroll prototype and the login User 02 0 3 User 16 6 3
patterns have to be small. Third, enroll patterns have to be User 03 40 0 User 17 8 11
unique, or the ‘‘impostor distances’’ between the enroll User 04 15 2 User 18 6 4
User 05 0 4 User 19 30 3
prototype and impostor patterns have to be large better. User
User 06 16 3 User 20 4 3
03 reduced EER dramatically through use of ‘‘Artificial User 07 4 0 User 21 12 15
Rhythms and Cues.’’ Thus, we show in Fig. 7 the cumulative User 08 18 2 User 22 28 8
distributions of the three kinds of distances, ‘‘enroll,’’ ‘‘login,’’ User 09 6 3 User 23 8 4
and ‘‘impostor.’’ In (a), login distances (black) are larger than User 10 5 3 User 24 21 2
enroll distances (blue), which means the user’s login patterns User 11 18 3 User 25 1 3
User 12 0 7 Average 13 4
are somewhat different from the enrolled patterns. The real
User 13 23 8 Min 0 0
reason for user 3’s large error comes from the fact that
User 14 34 0 Max 40 15
impostor distances are not large (red). Now see how these
computers & security 28 (2009) 85–93 91
authentication. It was found from the results that the use of references
‘‘Artificial Rhythms with Cues’’ improves the accuracy for user
authentication.
Table 7 compares the performance with related works. The Chen GD, Chang CK, Wang CY. Ubiquitous learning website:
experiments of Clarke and Furnell (2005, 2007a,b) involving 4- scaffold learners by mobile devices with information-aware
digit PINs resulted in EERs ranging from 9% to 16%. When the techniques. Computers & Education 2008;50(1):77–90.
users adopted the ‘‘Natural Rhythm without Cue,’’ we Cho S, Hwang S. Artificial rhythms and cues for keystroke
dynamics-based authentication. Lecture Notes in Computer
obtained the EER of 13%, which is similar to the ones from
Science (LNCS) 2006;3832:626–32.
Clarke and Furnell. When they employed ‘‘Artificial Rhythms Clarke N, Furnell S. Authentication of users on mobile telephones
with Cues,’’ however, we found that the error was reduced to – a survey of attitudes and practices. Computers & Security
3%. Given the very small number of patterns for training (or 2005;24(7):519–27.
validation), we found that ‘‘Artificial Rhythms with Cues’’ did Clarke N, Furnell S. Advanced user authentication for mobile
improve authentication accuracies significantly. devices. Computers & Security 2007a;26(2):109–19.
Clarke N, Furnell S. Authenticating mobile phone users using
keystroke analysis. International Journal of Information
Security 2007b;6(1):1–14.
4. Discussion and conclusions Fawcett T. An introduction to ROC analysis. Pattern Recognition
Letters 2006;27(8):861–74.
For decades, the mobile environment has stabilized with Gaines R, Lisowski W, Press S, Shapiro N. Authentication by
stunning speed. Accordingly use of mobile devices, such as keystroke timing: some preliminary results. Rand Report
R-256-NSF. Rand Corporation; 1980.
cell phones and personal digital assistants (PDAs), is diversi-
Golarelli M, Maio D, Maltoni D. On the error reject trade-off in
fied. However, PINs are still adopted as the only security
biometric verification systems. IEEE Transactions on Pattern
mechanism for those mobile devices. Because of their limited Analysis and Machine Intelligence 1997;19(7):786–96.
length and alphabet, PINs are susceptible to shoulder surfing Hwang S, Cho S, Park S. Mobile User authentication using
and systematic trial-and-error attacks. This paper investi- keystroke dynamics analysis. In: Proceedings of the Korean
gated the effectiveness of user authentication using keystroke Operations Research and Management Science Society
dynamics-based authentication (KDA) on mobile devices. In (KORMS) conference, Seoul, Korea, 17 November, 2007; 2007a,
p. 652–655.
particular, we utilized artificial rhythms and tempo cues to
Hwang S, Lee H, Cho S. Improving authentication accuracy using
overcome problems resulting from short PIN length. Through
artificial rhythms and cues for keystroke dynamics-based
the experiments involving human subjects, we found that the authentication, submitted for publication.
proposed strategy reduced the error from 13% to 4%. International Biometric Group. How is biometrics defined? http://
A few limitations and future directions need to be www.biometricgroup.com/reports/public/reports/biometric_
addressed. First, comparison research for various mobile definition.html.
devices is needed to enhance the usability of KDA. Second, we Kowalski S, Goldstein M. Consumers awareness of, attitudes
towards and adoption of mobile phone security. In: 20th
have to apply to a more diverse group of users. Although most
international symposium on human factors in
people make use of mobile devices, various usage-patterns telecommunication, Sophia-Antipolis, France, 20–23 March
may exist. Third, we measured performance in terms of EER. 2006.
Thus, the error rates presented in the paper should be taken Qualcomm. CDMA2000 1xEV-DO overview. Available from: http://
only as a reference. In practice, depending on applications, www.cdmatech.com/download_library/pdf/QCOM_1xEV-DO.
FAR may be more important than FRR or vice versa. The issue pdf.
SAMSUNG Electronics website. http://www.samsung.com.
could be addressed by proper threshold selection.
Umphress D, Williams G. Identity verification through keyboard
characteristics. International Journal of Man Machine Studies
1985;23:263–73.
Acknowledgement WIPI website. http://www.wipi.or.kr/English/index.html.
This work was supported by grant no. R01-2005-000-103900- Seong-seob Hwang is currently a PhD candidate in the
0 from Basic Research Program of the Korea Science and Department of Industrial Engineering, Seoul National
Engineering Foundation, the Brain Korea 21 program in 2006 University, Korea. Before entering graduate school, He worked
and partially supported by Engineering Research Institute of as a system engineer at SAMSUNG SDS. His research interests
SNU.
computers & security 28 (2009) 85–93 93
include data mining, pattern recognition, and their journals and proceedings. He also holds a US patent and
applications. a Korean patent concerned with keystroke-based user
authentication.
Sungzoon Cho is a professor in the Department of Industrial
Engineering, College of Engineering, Seoul National Univer- Sunghoon Park received BS of Computer Science in 2005, and
sity, Korea. His research interests are neural network, pattern is currently a PhD candidate in the Department of Industrial
recognition, data mining, and their applications in various Engineering, College of Engineering, Seoul National Univer-
areas such as response modeling and keystroke-based sity, Korea. His research interests include financial engi-
authentication. He published over 100 papers in various neering and marketing applications.