Logging into any online account comes with the built-in security of a password, but what happens if someone gets past this line of defense?
Three professors at Clarkson University have been granted $75,000 through Facebook’s Secure the Internet Grants program to continue research on post password authentication, which can help determine whether someone else is using your profile.
Daqing Hou, Professor and Director of Software Engineering, and Stephanie Schuckers, Paynter-Krigman Endowed Professor in Engineering Science, have teamed up with Electrical and Computer Engineering Assistant Professor Mahesh Banavar to develop a process by which users on a platform, such as Facebook, can be identified based on their key-strokes, mouse movements, and even the pressure and swipes on a mobile device.
“If you use Facebook on your phone, for instance, and an attacker were to unlock your phone and open Facebook, and you were already signed in,” Banavar said. “In case that happens on your phone, computer or tablet, we want to know very quickly if it is really you or if it is somebody else.”
Hou explained that the key idea for this process is to watch a user’s history of behavior when interacting with a website or app and compare it to what is happening during each use.
“Any interaction with Facebook, we want to capture all of that data and we compute a similarity score of the behavior to your previous behavior,” Hou said. “We have authentic behavior and we compute the distance between the current behavior and the recorded authentic behavior. If it is too far off, that is one insight that someone else is using your app.”
Previously available data collected for similar research was derived from a controlled environment, which is less helpful when building a profile. For a separate NSF project, Hou and Schuckers have been collecting data authentically from more than 100 people, and now has the largest dataset in the world, with more than 13 million keystrokes.
“We are trying to get a bunch of these individual markers and build a description, a model, that says if you had done all of this before, the current user is very likely you,” Banavar said.
Supported by NSF and other sources, Schuckers and Hou have been working on research in keystroke dynamics for seven years, and recently joined forces with Banavar to include his work with mobile devices. The group previously won the Nicklas-Ignite Research Fellowship for $125,000 in funding, which was the kick-start to their research.