The Cyber-Security “Type”
Keystroke biometrics researcher
If you’ve logged onto an online retailer’s website months after you last shopped there and found that you were still signed in or if you’ve ever noticed that your email was still logged in after returning from a vacation, then you can well imagine how easy it would be for a cyber bad guy to access your information. But if 27-year-old Logan Romm’s project takes off, those bad guys are going to have to work much harder.
The White Plains resident, who grew up in Rye Brook, has a full-time job as a marketing manager at Verizon, but it was his studies in Internet Technology at Pace University, where he earned his master’s in 2012, that are helping to close these security holes. Along with four other teammates (and dozens of graduate students who have put in time since the project started seven years ago), Romm is studying keystroke biometrics—in other words, identifying people by how they type—and developing its potential for security applications. There is, after all, a surprisingly large amount of data in keystrokes—how quickly people type certain letter combinations, how they scroll, if they prefer the number pad or the numbers above the letters—and, like a fingerprint or an iris, individuals’ typing characteristics are unique to them.
The applications of figuring out how to recognize those unique features are nearly limitless. Authenticating students taking tests online comes to mind. Corporations with proprietary research on their servers and governments with classified documents to protect are always looking for the next step in security. And, as Romm points out, this may be it. After all, passwords can be stolen or guessed, and a single entry often keeps users logged in to sensitive information for hours or even days after they leave the console. But monitoring keystrokes allows ongoing authentication of users, “so, even if an intruder gains access initially, if they are not behaving the way the actual user does then that access could be detected and the unauthorized user’s session could be terminated,” he says. The project’s director, Professor Charles Tappert, has been in touch with the Defense Advanced Research Projects Agency at the US Department of Defense, although nothing has been finalized.
Romm and his teammates began their work last year, but they were responsible for the meat of the seven-year-old project: collecting typing samples and analyzing them, including the first samples of people working on browsers.
“It’s getting harder and harder to create a secure a password,” Romm says, “but this definitely makes a lot of sense for the next level.”