Boffins: We can identify you by your typing, and we're gonna sell the tech to biz, govt – yay!
Concerned that browser cookies fall short when it comes to tracking mobile devices and their owners on the internet, computer-science boffins believe they can recognize phone-toters using only their keystrokes and accelerometer data.
In a paper presented this week through ArXiv, "Sequential Keystroke Behavioral Biometrics for Mobile User Identification via Multi-view Deep Learning," researchers from University of Illinois at Chicago, University of Nebraska–Lincoln, and Hong Kong Polytechnic University describe a technique for identifying mobile device users based on behavioral biometric patterns.
These patterns can be derived from typing captured through a custom keyboard, a web browser, or a router or some other network equipment sniffing unencrypted traffic.
Researchers Lichao Sun, Yuqi Wang, Bokai Cao, Philip S. Yu, Witawas Srisa-an and Alex D. Leow contend that identifying individuals remains an unsolved problem in mobile computing because account information and browser cookies fail to transfer across devices and applications. In other words, netizens who are careful with their privacy can remain anonymous to apps and services, or thwart attempts by ad networks, publishers and others tracking them as they surf around the internet, it is argued.
Identifying folks by their typing would undo all of that, allowing sites and services to recognize returning visitors and users.
"Monitoring biometric information including a user's typing behaviors tends to produce consistent results over time while being less disruptive to user’s experience," their paper explained. "Furthermore, there are different kinds of sensors on mobile devices, meaning rich biometric information of users can be simultaneously collected."
Revealed: How Nvidia's 'backseat driver' AI learned to read lipsREAD MORE
Having evidently got over their previous expression of concern about privacy, the researchers recount their work on DeepService, a deep-learning system designed to distinguish between mobile device users via sequential keystroke and accelerometer data.
DeepService implements a gated recurrent unit (GRU), a form of long short term memory network (LSTM), which itself is a variant form of a recurrent neural network (RNN), a machine-learning technique suited to natural language processing.
They augment the keystroke information with accelerometer data and note that DeepService can handle identification "with only acceleration records, even when user is not using the keyboard."
However, they provide no accuracy statistics for the accelerometer-only approach.
The boffins say they intend to implement DeepService as a tool to help companies or governments "to identify their customers more accurately in the real life." ®
Sponsored: Becoming a Pragmatic Security Leader