Skip to main content
SpringerLink
Log in

TOKEN: Trustable Keystroke-Based Authentication for Web-Based Applications on Smartphones

  • Conference paper
Information Security and Assurance (ISA 2010)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 76))

Included in the following conference series:

Abstract

Smartphones are increasingly being used to store personal information as well as to access sensitive data from the Internet and the cloud. Establishment of the identity of a user requesting information from smartphones is a prerequisite for secure systems in such scenarios. In the past, keystroke-based user identification has been successfully deployed on production-level mobile devices to mitigate the risks associated with naïve username/password based authentication. However, these approaches have two major limitations: they are not applicable to services where authentication occurs outside the domain of the mobile device – such as web-based services; and they often overly tax the limited computational capabilities of mobile devices. In this paper, we propose a protocol for keystroke dynamics analysis which allows web-based applications to make use of remote attestation and delegated keystroke analysis. The end result is an efficient keystroke-based user identification mechanism that strengthens traditional password protected services while mitigating the risks of user profiling by collaborating malicious web services.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Card, S., Moran, T., Newell, A.: Computer text-editing: An information-processing analysis of a routine cognitive skill. Morgan Kaufmann Publishers Inc., San Francisco (1987)

    Google Scholar 

  2. Joyce, R., Gupta, G.: Identity authentication based on keystroke latencies (1990)

    Google Scholar 

  3. Clarke, N., Furnell, S.: Authenticating mobile phone users using keystroke analysis. International Journal of Information Security 6(1), 1–14 (2007)

    Article  Google Scholar 

  4. Karatzouni, S., Clarke, N.: Keystroke Analysis for Thumb-based Keyboards on Mobile Devices. In: International Federation for Information Processing Publications IFIP, vol. 232, p. 253 (2007)

    Google Scholar 

  5. Zahid, S., Shahzad, M., Khayam, S., Farooq, M.: Keystroke-based User Identification on Smart Phones. In: 12th International Symposium on Recent Advances in Intrusion Detection (RAID), Symposium on Recent Advances in Intrusion Detection, RAID (September 2009)

    Google Scholar 

  6. Cubrilovic, N.: The Anatomy of The Twitter Attack, http://www.techcrunch.com/2009/07/19/the-anatomy-of-the-twitter-attack/

  7. Joyce, R., Gupta, G.: Identity authentication based on keystroke latencies. Commun. ACM 33(2), 168–176 (1990)

    Article  Google Scholar 

  8. Clarke, N., Furnell, S.: Authenticating mobile phone users using keystroke analysis. International Journal of Information Security 6(1), 1–14 (2007)

    Article  Google Scholar 

  9. Karatzouni, S., Clarke, N.: Keystroke Analysis for Thumb-based Keyboards on Mobile Devices. International Federation For Information Processing-Publications-IFIP, vol. 232, p. 253 (2007)

    Google Scholar 

  10. Kennedy, J., Eberhart, R.: Particle swarm optimization. In: Proceedings of IEEE International Conference on Neural Networks, vol. 4 (1995)

    Google Scholar 

  11. Goldberg, D.: Genetic algorithms in search, optimization and machine learning. Addison-Wesley Longman Publishing Co., Inc., Boston (1989)

    MATH  Google Scholar 

  12. AdMob Mobile Metrics: January 2010, Mobile Metrics Report (2010), http://metrics.admob.com/wp-content/uploads/2010/02/AdMob-Mobile-Metrics-Jan-10.pdf

  13. Freier, A., Karlton, P., Kocher, P.: Secure socket layer 3.0. IETF draft (November 1996)

    Google Scholar 

  14. Internet2: Shibboleth: A Project of Internet2 Middleware Initiative (2010), http://shibboleth.internet2.edu/

  15. TCG: TCG Specification Architecture Overview v1.2. Technical report, Trusted Computing Group, pp. 11–12 (April 2004)

    Google Scholar 

  16. TCG: Trusted Computing Group (2010), http://www.trustedcomputinggroup.org/

  17. Pearson, S.: Trusted Computing Platforms: TCPA Technology in Context. Prentice Hall PTR, Upper Saddle River (2002)

    Google Scholar 

  18. Challener, D., Yoder, K., Catherman, R., Safford, D., Van Doorn, L.: A Practical Guide to Trusted Computing (2008)

    Google Scholar 

  19. Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and Implementation of a TCG-based Integrity Measurement Architecture. In: SSYM 2004: Proceedings of the 13th conference on USENIX Security Symposium, Berkeley, CA, USA. USENIX Association (2004)

    Google Scholar 

  20. Shacham, H.: The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86). In: Proceedings of the 14th ACM conference on Computer and Communications Security (CCS 2008), pp. 552–561. ACM, New York (2007)

    Chapter  Google Scholar 

  21. Buchanan, E., Roemer, R., Shacham, H., Savage, S.: When Good Instructions Go Bad: Generalizing Return-oriented Programming to RISC. In: Proceedings of the 15th ACM conference on Computer and Communications Security (CCS 2008), pp. 27–38. ACM, New York (2008)

    Chapter  Google Scholar 

  22. Sadeghi, A.R., Stüble, C.: Property-based Attestation for Computing Platforms: Caring about Properties, not Mechanisms. In: NSPW 2004: Proceedings of the 2004 Workshop on New Security Paradigms, pp. 67–77. ACM Press, New York (2004)

    Google Scholar 

  23. Lyle, J.: Trustable Remote Verification of Web Services. In: Chen, L., Mitchell, C.J., Martin, A. (eds.) Trust 2009. LNCS, vol. 5471, p. 153. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  24. Nauman, M., Alam, M., Ali, T., Zhang, X.: Remote Attestation of Attribute Updates and Information Flows in a UCON System. In: Chen, L., Mitchell, C.J., Martin, A. (eds.) Trust 2009. LNCS, vol. 5471, pp. 63–80. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  25. Mobile Phone Work Group Mobile Trusted Module Overview Document, http://www.trustedcomputinggroup.org/resources/mobile_phone_work_group_mobile_trusted_module_overview_document

  26. IAIK: About IAIK/OpenTC PrivacyCA (2010), http://trustedjava.sourceforge.net/index.php?item=pca/about

  27. Google: Android – An Open Handset Alliance Project (2009), http://code.google.com/android/

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University of Peshawar, Pakistan

    Mohammad Nauman

  2. Institute of Management Sciences, Peshawar, Pakistan

    Tamleek Ali

Authors
  1. Mohammad Nauman
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tamleek Ali
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. University of Calcutta, India

    Samir Kumar Bandyopadhyay

  2. Braunschweig University of Technology, Braunschweig, Germany

    Wael Adi

  3. Hannam University, 306-791, Daejeon, South Korea

    Tai-hoon Kim

  4. The University of Alabama, Tuscaloosa, AL, USA

    Yang Xiao

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Nauman, M., Ali, T. (2010). TOKEN: Trustable Keystroke-Based Authentication for Web-Based Applications on Smartphones. In: Bandyopadhyay, S.K., Adi, W., Kim, Th., Xiao, Y. (eds) Information Security and Assurance. ISA 2010. Communications in Computer and Information Science, vol 76. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-13365-7_28

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-13365-7_28

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-13364-0

  • Online ISBN: 978-3-642-13365-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation