Do I Know You?

By Laura Wright|Monday, November 24, 2003

With computer security threats lurking around every electronic corner it is no wonder that so many online activities, from signing into your e-mail to checking your bank account, require a secure log-in with a password. But passwords can be stolen or forgotten, and most of us are not about to shell out for a high-tech retinal scanner. So scientists at the Technion-Israel Institute of Technology in Haifa, Israel, have created a program that lets a computer recognize you as its rightful user based simply on the way you type.

The human brains behind this artificial brain are two Technion-Israel undergraduate students, Mordechai Nisenson and Ido Yariv. They came up with the idea of a program that recognizes users by their keystrokes and took it to Ran El-Yaniv, a professor of computer science. He liked it and brought in a colleague, Ron Meir, an electrical engineer. Nisenson and Yariv realized that any standard computer already monitors the time it takes a user to press and release a key. Their innovation was to create a program that records the details of keystroke timing and turns them into a distinctive user profile. Variables such as the length of your fingers, the size of your hands, your fine motor skills, your knowledge of the keyboard, and your fluency in the language being typed all affect your keystroke rate and pattern and define your overall rhythm on the keyboard as uniquely your own.

If the person working on the computer fits your profile, the program will signal a positive ID; if the program senses a mismatch, it could be used to block access to sensitive files. The great appeal of this security system is that it does not require the user to do anything out of the ordinary. You go about business as usual while the computer does all the work. “One can obviously deliberately type in a way that differs from how one normally would, but it’s really very hard to type like somebody else,” El-Yaniv says. “This program picks out superimposed patterns unique to an individual user.”

The researchers tested the program by allowing five authorized users to type simple sentences, permitting the system to learn their typing habits. They then asked the five authorized users and 30 mock attackers to type out answers to simple open-ended questions such as “What did you do today?” as well as a specific letter sequence: “To be or not to be. That is the question.” Both groups were then allowed to type whatever they wished. Within a few minutes of typing—the exact number of keystrokes varied widely, from 548 to 5,344—the program had collected enough data to recognize authorized users 95 percent of the time and to block attackers in 99 percent of the test sessions.

This security system, based on the field known as behaviometrics, could also be equipped with an alert function to notify the owner when an unauthorized person was typing on his or her keyboard. El-Yaniv and his colleagues are also working on a companion program that would recognize patterns in computer mouse usage, which could prevent a stranger from clicking on folders to view sensitive files. In fact, there’s no reason why this approach must be limited to computers. “The more complex the interaction, the easier it is for the system to identify someone because the variability is so great,” El-Yaniv says. With that in mind, he aims to develop a program that allows a car to recognize its owner based on characteristic patterns of breaking, accelerating, signaling, turning, and other essential driving actions.

Parents, rejoice. Hiding the keys from your teenager may one day be a thing of the past.

Comment on this article