Verifying a User By Following the Movements of Their Mouse

← Back to Stories (view on slashdot.org)

Verifying a User By Following the Movements of Their Mouse

Posted by samzenpus on Thursday May 3, 2012 @08:09PM from the tracking-the-pad dept.

Harperdog writes "Tom Jacobs has a very cool little story about an Israeli research team introducing a novel way of verifying a computer is being operated by its rightful user. Its method, described in the journal Information Sciences, 'continuously verifies users according to characteristics of their interaction with the mouse.'"

28 of 101 comments (clear)

Min score:

Reason:

Sort:

Index/Evidence by Anonymous Coward · 2012-05-03 20:18 · Score: 5, Insightful

Is it indexical? Yes. Is it evidential? No.
Translation: unreliable.
1. Re:Index/Evidence by Samantha+Wright · 2012-05-03 20:59 · Score: 4, Funny
  
  "Unreliable" is a dirty word in data mining. You mod yourself down this instant!
  
  --
  Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
2. Re:Index/Evidence by leuk_he · 2012-05-03 21:14 · Score: 4, Interesting
  
  If it is unique enough to identify (not verify ) you, then it could be used to proove user XXX did the fraudulant things on PC Y, instead of the logged on user YYY.
3. Re:Index/Evidence by HetMes · 2012-05-03 23:13 · Score: 2
  
  Translation: you're not getting the point. Lots of false negatives and false positives is still a lot better than random guessing. Also, this is just the beginning.
4. Re:Index/Evidence by JasterBobaMereel · 2012-05-04 00:10 · Score: 3, Insightful
  
  Lots of false positives and negatives make the system constantly alerting and having to be manually checked .... i.e. annoying and people get used to just accepting that it is always warning ...
  A system that is constantly flagging alerts is next to useless ...it is only marginally better then alerting all the time ....
  
  --
  Puteulanus fenestra mortis
5. Re:Index/Evidence by Thugthrasher · 2012-05-04 01:06 · Score: 2
  
  Until, of course, the system gets better and has less false negatives and false positives. And integrates with other systems, as another level of check.
  
  Just because this iteration of it isn't that useful does NOT mean it's a bad idea that will never be useful. Technology is often incremental, and while the beginning steps are unreliable, they are still very important ones.
6. Re:Index/Evidence by Hillgiant · 2012-05-04 01:10 · Score: 4, Insightful
  
  Pro tip:
  Before you do something illegal on your computer, switch to your non-dominant hand to maintain deniability.
  
  --
  -
7. Re:Index/Evidence by Lexx+Greatrex · 2012-05-04 02:50 · Score: 2
  
  Translation: you're not getting the point. Lots of false negatives and false positives is still a lot better than random guessing. Also, this is just the beginning.
  On the contrary: Equally large amounts of false negatives and false positives is exactly the same as random guessing. [Shannon, 1948]
Trackball by thed8 · 2012-05-03 20:20 · Score: 4, Interesting

i use a trackball and because of carpall tunnel switch hands often. i guess they could ID me from that alone. but really telegraph operatos could tell who was sending in the 1800's. it took us long enough.
1. Re:Trackball by Chrisq · 2012-05-03 21:32 · Score: 4, Insightful
  
  but really telegraph operatos could tell who was sending in the 1800's. it took us long enough.
  Remember this for when someone starts trolling a patent
2. Re:Trackball by PopeRatzo · 2012-05-04 00:38 · Score: 5, Interesting
  
  i use a trackball and because of carpall tunnel switch hands often. i guess they could ID me from that alone. but really telegraph operatos could tell who was sending in the 1800's. it took us long enough.
  I don't think they're trying to use this like fingerprints or retina. I gather (from not reading the article) that they just want to know if the person who usually uses this computer is the guy who is now using this computer. And I'm guessing that all the little ticks and taps that go on when you're reading something and just have your hand (left or right) resting on your ball (left or right) is pretty distinctive.
  It made me notice just now that I do a little rhythmic dance with my pointer while I'm reading. Like a nervous tic. I never realized that until just now.
  
  --
  You are welcome on my lawn.
And then get locked out... by Lord+Lode · 2012-05-03 20:28 · Score: 5, Insightful

And then get locked out if you come from cold weather outside and cold hands somehow make you move differently...
1. Re:And then get locked out... by jones_supa · 2012-05-03 21:16 · Score: 5, Insightful
  
  Then you would get a screen which requires some additional authentication to solve the situation, and after that disable the mouse protection for a while (so that your hands can warm up).
2. Re:And then get locked out... by Anonymous Coward · 2012-05-03 22:25 · Score: 5, Funny
  
  If it detects you're excited, it logs you in, but defaults the browser to private mode.
3. Re:And then get locked out... by Hentes · 2012-05-03 22:47 · Score: 4, Interesting
  
  True, while this system is too unreliable to work on it's own, I can imagine a hybrid solution where it pops up a traditional password authentication if you move your mouse differently than usual. It could be of some use in high-security places in case an employee leaves the machine on and forgots to log out, but then if you have enemies gaining physical access to your security-sensitive stuff you have already failed.
4. Re:And then get locked out... by CastrTroy · 2012-05-04 00:37 · Score: 2
  
  The problem with this is that people will forget the password, or it will be really weak so they dont't have trouble remembering it the 3 times a year they need it. I've noticed this a lot where I work. If you don't use a password at least every week, then it's often forgotten, especially when one is in a rush, and needs to log into a system straight away.This is also a problem with passwords that change too often. if you have to change your password every 30 days, then users will often change their password, and then forget it by the next time they have to type it in. I like how windows warns me up to 2 weeks in advance that My password requires changing. When I see this, I start thinking about what my next password will be, and I always change it on a Monday. Much less chance of forgetting it over night than over a weekend.
  
  --
  
  Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
Not persistent enough. by Xtense · 2012-05-03 20:28 · Score: 5, Insightful

I see several potential problems with this kind of identification. One of the biggies is switching hardware and the other - potential hand injuries.
Changing mice is the biggest issue, i think. Every mouse has a different shape and ergonomy, so it is being used differently by the same user, especially during the adjustment period. This also doesn't take into account the potential precision differences of the mouse. Plus, switching to an entirely different control scheme, like a tablet or trackball, screws up any tracking attempts.
The other problem is hand injuries - from a simple finger cut to advanced problems with nerve or bone structure. In addition to slowing down the usage, tracking movement will show an entirely different schemes of usage. This one hits especially close home to me, since having recently developed numbness and coordination problems in my dominant hand due to a relapse of Multiple Sclerosis, i now struggle to use a mouse at all and have almost completely switched to a thumb-operated trackball.
This identification method might be useful in highly integrated/high-security environments, where employees seldom change, or for protecting single-user terminals, but the hand injury problem trumps these uses, too.

--
"We are the music makers, and we are the dreamers of dreams [...]."
1. Re:Not persistent enough. by tinkerton · 2012-05-03 20:35 · Score: 4, Insightful
  
  "potential problems" can mean different things. Who needs permanent identity verification? This could be a niche product, so scenarios where you get locked out each time you start gaming could be irrelevant. In that case dramatic mouse changes requiring retraining wouldn't happen frequently either.
2. Re:Not persistent enough. by Xtense · 2012-05-03 20:39 · Score: 4, Informative
  
  The article specifically mentions "continuous verification", implying a workplace/business environment, where motions of the pointer are probably repetitive enough for the software to pick up on. This, of course, also implies not having to switch mouses every so often, but every time there IS a global company-wide switch of hardware, the ID software will go completely bananas, locking out every worker there. Without a method of purging already generated schemes for every user, this is just begging for a catastrophical company lockdown.
  
  --
  "We are the music makers, and we are the dreamers of dreams [...]."
3. Re:Not persistent enough. by Xtense · 2012-05-03 20:47 · Score: 2
  
  Yes, in this case the method would work. The only remaining problem to address is whether it is sensitive enough to not give false-positives with random hand-related problems due to, for instance, weather conditions, and how will it impact workflow around a potential office - in a typical setup, even if workers are limited to their own cubicle, they often help each other out by going over to someone else's computer and doing something there. This, of course, depends on company policy, but having the computer continuously lock down on account of someone helping me with something definitely will cost time.
  
  --
  "We are the music makers, and we are the dreamers of dreams [...]."
4. Re:Not persistent enough. by michelcolman · 2012-05-03 21:35 · Score: 2
  
  Yes, most people working in an office use at least four or five different mice and switch between them several times a day. Therefore, the system is totally useless. It could only possibly work for the kind of people who barely even know where to plug in a mouse, which is... oh, wait.
Re:for now.. by jones_supa · 2012-05-03 21:13 · Score: 3, Interesting

If you sneak into someone's office, how are you going to start such automation that replicates the behavior of the owner of the machine?
vi code.cpp by martin-boundary · 2012-05-03 21:48 · Score: 2

*tap* *tap* *tap* *tap* *tap*
ZZ
vi more_code.cpp *tap* *tap* *tap* *tap* *tap*
ZZ
vi extra_code.cpp *tap* *tap* *tap* *tap* *tap*
ZZ
firefox http://www.slashdot.org/
INTRUDER ALERT! INTRUDER ALERT! AUTOMATIC LOGOUT AND SHUTDOWN IN PROGRESS!
1. Re:vi code.cpp by Dogbertius · 2012-05-04 02:13 · Score: 2
  
  Pretty much. I don't think I've used my mouse in the past week.
Re:for now.. by JasterBobaMereel · 2012-05-04 00:13 · Score: 4, Insightful

If you can sneak into someone's office and use their computer at all, then detecting people by mouse movements is the least of your worries
Your staff leaving their computer unlocked, their door unlocked, and their office unattended, and no-one noticing are much worse security issues ...

--
Puteulanus fenestra mortis
Aimbot by zAPPzAPP · 2012-05-04 01:18 · Score: 2

Finally, using an aimbot will get you banned from your own PC.
About time.
3 profiles for me please by nadamucho · 2012-05-04 01:45 · Score: 2

I'll need to train 3 modes: 1) Optical/Laser mouse 2) Trackpad for my laptops 3) Optical/Laser mouse when I'm eating Cheetos
If you pick up the mouse and speak into it by davidwr · 2012-05-04 02:12 · Score: 2

You must be Scotty.

--
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.