Safelock
A biometric, pressure-sensitive, keyboard-based user authentication algorithm
Safelock was developed by Jeff Allen and John Howard. Write-up by Jeff Allen. The authors can be contacted for questions or suggestions at safelocksystem@gmail.com.
Background
The management of passwords has become problematic for both users and system administrators in nearly all industries. This is due, in part, to the fact that users are typically encouraged to create hard-to-guess passwords – passwords which are often also hard to remember.
In reality, the characters entered by a user are only one attribute of the way they’re interacting with the keyboard. They press down on keys with various intensities (though this typically can’t be measured by the keyboard) and have various timing attributes associated with different combinations of keys. The idea of Safelock was to create a system which added additional components on top of the mere character string which makes up the password. In this way, an intruder could know the character string which makes up your password, but still not be able to replicate the physical movements required to authenticate.
Timing-based biometric algorithms have been discussed before, but with the advent of Microsoft’s new prototype pressure-sensitive keyboard, we wanted to extend this functionality to detect pressure as well as the timing data.
Implementation
We consider four attributes about each key in the password: 
Flight Time
Flight time can be defined as the elapsed time between the release of keyi to the depression of keyi+1.
Hold Time
Hold time can be defined as the amount of time between the depression of keyi to the release of keyi.
Normalized Key Pressure
The pressure of depressed keys is read as an 8-bit value at a pulse of ~10ms. Each keypress, then, will generally have multiple pressures associated with it (one for each 10ms the key was pressed). The average of these values is normalized.
Pressure Curve
As described above, the keyboard produces a series of points representing the pressure of the keystroke over time. A polynomial curve can be fit to these points in order to examine how the key was pressed.
These four attributes are recorded about each keystroke and are used to evaluate the likelihood that the user entering the password is the person they are claiming to be. This calculation considers the in/consistency of each attribute. For instance, if a user often forgets where the “w” key is (thus, the flight time before the “w” key is quite variable), he or she will not be penalized for a variability (in either direction of the average) on this attribute. However, if a particular user holds down a key for the same amount of time (+/- a few ms) every time they have entered the password, then a deviation from this average would be heavily penalized.
One critical concern when implementing such a system is the variability of a typing “signature.” Surely, typing patterns can be affected by mood, energy level, etc. All of these things must be considered when designing and testing such a system. The approach we took to handling this concern is by creating an adaptive signature. Each time the user sucessfully logs in to the system, his or her signature updates just slightly. In this way, the signature will grow to encompass all of a user’s moods, postures, and keyboards, and can gradually get more specific over time. This also addresses the issue of a user becoming more competent at typing a particular password. 
Results
We found that the accuracy of the algorithm depends largely on how the user types. Users who use similar finger arrangements on the keyboard tended to have more similar typing patterns than those who did not. For example, two users who use separate fingers to type “a” and “s” have more similar signatures among themselves than they do with a user who uses the same finger for both.
Considering this, a strong password in the Safelock system is one in which the user demonstrates a variety of uncommon typing patterns. We differentiate between “complex” or “strong” passwords and “simple” or “weak” passwords on this basis.
The areas under the curve (AUCs) for the above ROC curve are .997 and .952 for the complex and simple passwords, respectively. The threshold could obviously be set very strictly or liberally, depending on the application. For the complex password, for example, we chose to set the password such that we had a 96.1% true positive rate (i.e. the true user will be granted access 19 out of 20 attempts) and a 99.4% true negative rate (meaning that false users are rejected from the system 199 out of 200 attempts).
Conclusion & Extensions
We feel the project was a great success. There are many remaining roadblocks, however. First of all, pressure-sensitive keyboards are not being manufactured en masse – an obvious prerequisite to ubiquitous adoption. Also, the user training barrier is an obvious concern. This is of primary concern among users who may not be well-acquainted with a particular keyboard layout (or frequently shift between keyboard layouts). This system – if it were to be deployed publicly – would likely be an optional security feature at first. The primary audience, initially, would be high-security applications for which the benefits of additional security outweigh the cost of training users.
Extensions to the system are wide and varied. We would like to look into modifying the algorithm such that the correctness of the characters entered is no longer a Boolean value, but is another continuous variable which gets assigned a percentage based on the closeness of the entered text to the actual password. In this way, a typo might not be detrimental to password entry. Note that this implementation might address the issue of a sub-100% true-positive rate by bolstering the standard password entry’s true-positive rate.
Also, keyboard layouts vary throughout the globe; we are interested in developing a layout-agnostic algorithm which would rely on the geometric pattern of entered keys as opposed to the letters represented by said keys.
We would like to study the effect of using different types of passwords (random text, common words, or personal information such as a name or phone number). We imagine that users are highly-consistent at reproducing their own name, for instance; this might make a strong password from a biometric standpoint (though, admittedly, a weak password from a social-engineering perspective).
Video
See the video from the UIST demonstration in which we took first place in the category of Best Implementation.
All material copyright Jeff Allen and John Howard 2009. Patent pending.
Hi!
I’m interested in a way of using a robust, low power, and low cost biometric device for applications in developing countries. Your program sounds interesting versus fingerprinting because it would be low power consuming and low cost. Could you provide me any further information?
Thanks!
Mike G