I’ve quickly become a fan of the new topical information mag, Pacific Standard. One of the most interesting articles, “Identity Protection” in the last issue has secured my readership.
Identity Protection introduces the latest internet security identity protection tool, your pc mouse. From PSMag:
In a newly published paper, a research team led by Clint Feher of Israel’s Ben-Gurion University introduces a novel way of verifying a computer is being operated by its rightful user. Its method, described in the journal Information Sciences, “continuously verifies users according to characteristics of their interaction with the mouse.”
How we manipulate our mice is, if not as unique as a fingerprint or DNA, surprisingly specific.
The idea of user verification through mouse monitoring is not new. As the researchers note, “a major threat to organizations is identity thefts that are committed by internal users who belong to the organization.”
To combat this, some organizations turn “physiological biometrics” to verify the identity of a computer user. But these techniques, such as fingerprint sensors or retina scanners, “are expensive and not always available,” the researchers write.
An alternative approach is the use of “behavioral biometrics.” Such a system compiles biometric data such as “characteristics of the interaction between the user and input devices such as the mouse and keyboard” and constructs a “unique user signature.”
As you might imagine, this is a tricky process, as the precise way we utilize our mouse or tap the keys of our computer can vary for all sorts of reasons, including the time of day, whether we are sitting or moving about, or how much caffeine we’ve ingested. Feher and his colleagues addressed these concerns by devising “a novel method that continuously verifies users … based on the classification results of each individual mouse action, in contrast to methods which aggregate mouse actions.”
These individual actions include the time it takes the click the mouse (with separate stats for the right and left sides), “the distance traveled between the mouse-down and mouse-up events of the first click,” “the time interval between the first click and the second click,” and many, many more.
This approach “outperforms current state-of-the-art methods by achieving higher verification accuracy while reducing the response time of the system,” they report.
Things like “lint clogging the moving parts of mechanical mice” could throw off their equations, the researchers admit. They also concede that a person “using a laptop in two different places may use the touch pad in one place and an external mouse in another,” which complicates verification.
This behavioral science and technological identification technique also works along the more subtle line of identifying a person through writing style analysis. Every person is a unique writer. Individually, we employ various grammatical, spelling and punctuation markers that easily set us apart from the next person.
Although this science is new, and not admissible as proof positive of the writer’s identification, it is very helpful in providing those seemingly nebulous (but, in fact very valuable) fillers that allow us to narrow down our “most likely suspects” list to the hands in charge. This technique comes in handy in reviewing written materials in extortion, missing person, defamation and many other investigation types wherein the documentation yields the doer.
We now have a better mouse trap.
Our Operatives: Street smart; tech savvy.
As always, stay safe.