Skip to main content
Log in

Authenticating mobile phone users using keystroke analysis

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

Mobile handsets have found an important place in modern society, with hundreds of millions currently in use. The majority of these devices use inherently weak authentication mechanisms, based upon passwords and PINs. This paper presents a feasibility study into a biometric-based technique, known as keystroke analysis – which authenticates the user based upon their typing characteristic. In particular, this paper identifies two typical handset interactions, entering telephone numbers and typing text messages, and seeks to authenticate the user during their normal handset interaction. It was found that neural network classifiers were able to perform classification with average equal error rates of 12.8%. Based upon these results, the paper concludes by proposing a flexible and robust framework to permit the continuous and transparent authentication of the user, thereby maximising security and minimising user inconvenience, to service the needs of the insecure and evermore functional mobile handset.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Ashbourn J. (2000): Biometric. Advanced Identity Verification. The Complete Guide. Springer, Berlin Heidelberg New York

    Google Scholar 

  2. Best, J.: Steal to order phone theft crackdown. Silicon.Com. www.silicon.com/networks/mobile/0,39024665,39117404,00. html (2003)

  3. Bishop M. (1995): Neural Networks for Pattern Classification. Oxford University Press, Oxford

    Google Scholar 

  4. Cho S., Han C., Han D., Kin H. (2000): Web based keystroke dynamics identity verification using neural networks. J. Organ. Comput. Electron. Commerce 10, 295–307

    Article  Google Scholar 

  5. Clarke N., Furnell S., Rodwell P., Reynolds P. (2002): Acceptance of subscriber authentication for mobile telephony devices. Secur. 21(3): 220–228

    Article  Google Scholar 

  6. Clarke, N.L., Furnell, S.M., Lines, B., Reynolds, P.L.: Subscriber authentication for mobile phones using keystroke dynamics. In: Proceedings of the Third International Network Conference (INC 2002), Plymouth, UK, pp. 347–355 (2002)

  7. Demuth, H., Beale, M.: Technical support documents – neural network toolbox. MathWorks Inc MatLab (version. 6.1) (2001)

  8. GSM World.com: World Cellular www.gsmworld. com/news/statistics/index.shtml (2004)

  9. Hagan, M., Demuth, H., Beale, M.: Neural Network Design. PWS Publishing (1996)

  10. Haykin, S.: Neural Networks: A Comprehensive Foundation, 2nd edn. Prentice-Hall Engle wood Cliffs (1999)

  11. Hogg R., Ledolter J. (1989): Engineering Statistics. Macmillan, New York

    Google Scholar 

  12. Kohonen T. (1997): Self Organising Maps. Springer, Berlin Heidelberg New York

    Google Scholar 

  13. Lemote, J., Clarke N., Furnell, S.: Artificial impostor profiling for keystroke analysis on a mobile handset. In: Proceedings of the International Networking Conference (INC) 2005, Samos, Greece, 5–7th July 2005 (2004)

  14. Leyden, J.: Mobile phone theft is far worse than we thought. The Register. February 2002. www.theregister.co.uk/content/ archive/24138.html (2002)

  15. Monrose R., Rubin A. (1999): Keystroke dynamics as a biometric for authentication. Future Gener. Comput. Syst. 16(4): 351–359

    Article  Google Scholar 

  16. Napier R., Laverty W., Mahar D., Henderson R., Hiron M., Wagner M. (1995): Keyboard user verification: toward an accurate, efficient and ecologically valid algorithm. Int. J. Hum. – Comput. Stud. 43, 213–222

    Article  Google Scholar 

  17. Obaidat M., Sadoun B. (1997): Verification of computer uses using keystroke dynamics. IEEE Trans. Syst. Man Cybern. – Part B: Cybern. 27(2): 261–269

    Article  Google Scholar 

  18. Obaidat M., Macchairolo D. (1994): A multilayer neural network system for computer access security. IEEE Trans. Syst. Man Cybern. 24(5): 806–813

    Article  Google Scholar 

  19. Smith, R.: Authentication – from Passwords to Public Keys. Addison-Wesley Reading (2002)

  20. Triola, M.: Elementary Statistics, 7th edn. Addison-Wesley Reading (1998)

  21. Umphress D., Williams G. (1985): Identity verification through keyboard characteristics. Int. J. Man-Mach. Stud. 23, 263–273

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to N. L. Clarke.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Clarke, N.L., Furnell, S.M. Authenticating mobile phone users using keystroke analysis. Int. J. Inf. Secur. 6, 1–14 (2007). https://doi.org/10.1007/s10207-006-0006-6

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-006-0006-6

Keywords

Navigation