Leveraging the Effects of Cognitive Function on Input Device Analytics to Improve Security - January 2016
Public Audience
Purpose: To highlight project progress. Information is generally at a higher level which is accessible to the interested public. All information contained in the report (regions 1-3) is a Government Deliverable/CDRL.
PI(s): David L. Roberts, Robert St. Amant
Researchers: Alok Goel, Ignacio X. Dominguez, Jayant Dhawan
HARD PROBLEM(S) ADDRESSED
- Human Behavior - Our work addresses understanding human behavior through observations of input device usage. The basic principles we are developing will enable new avenues for characterizing risk and identifying malicious (or accidental) uses of systems that lead to security problems. The ultimate goal of our work is the development of a novel class of security proofs that we call "Human Subtlety Proofs" (HSPs). HSPs combine the unobtrusiveness of Human Observational Proofs with the interactivity of Human Interactive Proofs, which hopefully will lead to more secure interactions.
PUBLICATIONS
None this quarter.
ACCOMPLISHMENT HIGHLIGHTS
- Our work has led to improvements in visualization of user performance in the typing game, under the assumptions of the Model Human Processing framework. Specifically, an experiment participant's typing is broken into keystrokes and shown as a series of Motor processor actions; the partipant's gaze data is shown as a series of fixations performed by the Perceptual processor; constraints on the timing of Cognitive processor actions (i.e., to process input made available by the Perceptual processor and to initiate typing actions by the Motor processor) can then be inferred. These parameters will contribute to more detailed and accurate models of human cognitive processing that will enable more accurate Human Subtlety Proofs for security applications.
- We have continued to analyze user performance data from the experiment using the typing game as an environment. Analysis has led to new findings that should be publishable in the near future. Specifically, while it is known that familiar words from the dictionary can be typed faster than nonsense strings of characters, we have experimentally determined that words with rearranged characters that nevertheless preserve the original visual shape of the original words fall in the middle with respect to typing speed. This has implications for how words are stored in memory, and has implications on security proofs, for example, by enabling estimation of the familiarity with the words being typed.
- Our analysis has also taken on the task of explaining and distinguishing different influences on typing speed, specifically pauses between typed characters. Known influences, derived from studies of transcription typing, include delays due to visual processing, the decomposition of words into syllables, and varying distances between keys on the keyboard. In the typing game, we also have the number of times that a given word has been practiced and, under some conditions, that some strings of characters to be typed are not dictionary words. We are currently developing automated techniques to decompose strings into smaller units to be typed, based on English language bi-grams and on manual categorization. The need for this step can be seen in the context of password typing: passwords are typically not dictionary words, and it may be useful to estimate the amount of practice a user has had in typing a password (i.e., the owner of a password has had more practice than a malicious user who has stolen someone else's password).