The White House hosted its annual science fair and President Barack Obama took nearly an hour out of his day to visit the young scientists and engineers to learn about their projects. The most interesting project to cryptography and digital currency enthusiasts was an authentication process developed by 14-year-old Nikhil Behari using a person’s keystroke patterns. Here’s a description of his project from the White House:
“After hearing about major data breaches at retail chains, Pennsylvania teen Nikhil Behari got inspired to create a security system that is easy to use, versatile and effective in protecting online data. Nikhil wondered if the manner in which people type could be used as a means of secondary authentication for safer passwords. He connected sensors to a microprocessor he had programmed to detect keystroke pressure, and used a separate program to measure action and pause time as users type. By analyzing data from these devices, Nikhil discovered that keystroke-based authentication is a potentially powerful technique for distinguishing and authenticating individuals.”
“Oh! I was reading about this…” said Obama as he approached Behari’s exhibit, perhaps remembering a classified NSA memo? Whiz Kid Behari explained to Obama that his project used three types of keystroke variables to create a unique profile for a person, action speed, time between keystrokes and stroke pressure which provided a 98.4% uniqueness for each individual. He plans to add more variables in the future in order to increase this number.
One could imagine how this type of technology could be (or already is) used by cyber law enforcement officials to help create digital profiles/fingerprints. Although keyboards aren’t equipped with pressure sensors on keys, the manner in which one manipulates a track pad or mouse might be encompassed into this profile and then used to identify individual users using different handles or computers.
The recent case against the Carl M. Force, the dirty DEA Special Agent suspected of stealing bitcoin from targets of his own investigation, could have bolstered the evidence to connect Force to his different online identities if the keystroke/trackpad patterns of his handles matched Force’s.
The effectiveness of this technology would be diminished if criminals knew law enforcement possessed it and then were somehow purposefully altering their typing style. That would take a smart criminal and the world is full of blockhead criminals.
The concept of keystroke dynamics has roots in handwriting analysis which has been used for centuries. After the invention of the telegraph and morse code, the concept was used to analyze and identify the style of a particular operator. For a cryptoanalyst pinning a particular sender to a series of encrypted messages could provide helpful patterns, perhaps even a crib that could be used to decipher an encryption.
Nikhil Behari, at the age of 14, is helping to take the field into the digital age. Perhaps in a couple years we’ll be writing about the Behari Authentication Method. Congrats, kid.