On the Long-Term Effects of Continuous Keystroke Authentication: Keeping User Frustration Low through Behavior Adaptation

One of the main challenges in deploying a keystroke dynamics-based continuous authentication scheme on smartphones is ensuring low error rates over time. Unstable false rejection rates (FRRs) would lead to frequent phone locks during long-term use, and deteriorating attack detection rates would jeopardize its security benefits. The fact that it is undesirable to train complex deep learning models directly on smartphones or send private sensor data to servers for training present unique deployment constraints, requiring on-device solutions that can be trained fully on smartphones. To improve authentication accuracy while satisfying such real-world deployment constraints, we propose two novel feature engineering techniques: (1) computation of pair-wise correlations between accelerometer and gyroscope sensor values, and (2) on-device feature extraction technique to compute dynamic time warping (DTW) distance measurements between autoencoder inputs and outputs via transfer-learning. Using those two feature sets in an ensemble blender, we achieved 6.4 percent equal error rate (EER) in a public dataset. In comparison, blending two state-of-the-art solutions achieved 14.1 percent EER in the same test settings. Our real-world dataset evaluation showed increasing FRRs (user frustration) over two months; however, through periodic model retraining, we were able to maintain average FRRs around 2.5 percent while keeping attack detection rates around 89 percent. The proposed solution has been deployed in the latest Samsung Galaxy smartphone series to protect secure workspace through continuous authentication.