Logging into any online account comes with the built-in security of a password, but what happens if someone gets past this line of defense?
Three professors at Clarkson University have been granted $75,000 through Facebook’s Secure the Internet Grants program to continue research on post password authentication, which can help determine whether someone else is using your profile.
Daqing Hou, Professor and Director of Software Engineering, and Stephanie Schuckers, Paynter-Krigman Endowed Professor in Engineering Science, have teamed up with Electrical and Computer Engineering Assistant Professor Mahesh Banavar to develop a process by which users on a platform, such as Facebook, can be identified based on their key-strokes, mouse movements, and even the pressure and swipes on a mobile device.
“If you use Facebook on your phone, for instance, and an attacker were to unlock your phone and open Facebook, and you were already signed in,” Banavar said. “In case that happens on your phone, computer or tablet, we want to know very quickly if it is really you or if it is somebody else.”
Hou explained that the key idea for this process is to watch a user’s history of behavior when interacting with a website or app and compare it to what is happening during each use.
“Any interaction with Facebook, we want to capture all of that data and we compute a similarity score of the behavior to your previous behavior,” Hou said. “We have authentic behavior and we compute the distance between the current behavior and the recorded authentic behavior. If it is too far off, that is one insight that someone else is using your app.”
Previously available data collected for similar research was derived from a controlled environment, which is less helpful when building a profile. For a separate NSF project, Hou and Schuckers have been collecting data authentically from more than 100 people, and now has the largest dataset in the world, with more than 13 million keystrokes.
“We are trying to get a bunch of these individual markers and build a description, a model, that says if you had done all of this before, the current user is very likely you,” Banavar said.
Supported by NSF and other sources, Schuckers and Hou have been working on research in keystroke dynamics for seven years, and recently joined forces with Banavar to include his work with mobile devices. The group previously won the Nicklas-Ignite Research Fellowship for $125,000 in funding, which was the kick-start to their research.
Clarkson University educates the leaders of the global economy. One in five alumni already leads as an owner, CEO, VP or equivalent senior executive of a company. With its main campus located in Potsdam, New York, and additional graduate program and research facilities in the Capital Region and Beacon, N.Y., Clarkson is a nationally recognized research university with signature areas of academic excellence and research directed toward the world’s pressing issues. Through more than 50 rigorous programs of study in engineering, business, arts, education, sciences and the health professions, the entire learning-living community spans boundaries across disciplines, nations, and cultures to build powers of observation, challenge the status quo and connect discovery and innovation with enterprise.