ABSTRACT
This paper presents a new tap and gesture hybrid method for authenticating mobile device users. The new technique augments four simple gestures - up, down, left, and right, to the dominant digit lock technique, allowing users to either tap or perform any one of the four gestures on the digit keys. It offers in total 6250000 unique four-symbol password combinations, which is substantially more than the conventional techniques. Results of a pilot study showed that the new technique was slower and more error prone than the digit lock technique. However, we believe with practice it could get faster and more accurate. Also, most users were comfortable and all of them felt more secured while using the new technique.
- Aviv, A. J., Gibson, K., Mossop, E., Blaze, M., and Smith, J. M. Smudge attacks on smartphone touch screens. In Proc.WOOT '10. USENIX (2010), 1--7. Google ScholarDigital Library
- Biddle, R., Mannan, M., Van Oorschot, P. C., and Whalen, T. User study, analysis, and usable security of passwords based on digital objects. Trans. Info. For. Sec. 6, 3 (2011), 970--979. Google ScholarDigital Library
- Chiasson, S., Forget, A., Biddle, R., and van Oorschot, P. C. User interface design affects security: patterns in click-based graphical passwords. Int. J. Inf. Security 8, 6 (2009), 387--398. Google ScholarDigital Library
- Clarke, N. L. and Furnell, S. M. Advanced user authentication for mobile devices. Computers & Security 26, 2 (2007), 109--119.Google ScholarDigital Library
- Davies, D. W. and Price, W. L. Security for Computer Networks. John Wiley & Sons, Inc., 1989. Google ScholarDigital Library
- Dhamija, R. and Perrig, A. Déjà Vu: a user study using images for authentication. In Proc. SSYM '00. USENIX (2000), 4--4. Google ScholarDigital Library
- Jakobsson, M. and Akavipat, R. Rethinking passwords to adapt to constrained keyboards. In MoST Workshop '12. IEEE (2012).Google Scholar
- Jakobsson, M., Shi, E, Golle, P., and Chow, R. Implicit authentication for mobile devices. In Proc. HotSec '09. USENIX (2009), 9--9. Google ScholarDigital Library
- Jansen, W. Authenticating mobile device users through image selection. Data Security, 2004.Google Scholar
- Kim, I. Keypad against brute force attacks on smartphones. IET Information Security 6, 2 (2012), 71--76.Google ScholarCross Ref
- Mannan, M. and Van Oorschot, P. C. Passwords for both mobile and desktop computers: ObPwd for Firefox and Android. USENIX 37, 4 (2012), 28--37.Google Scholar
- Nazir, I., Zubair, I., and Islam, M. H., User authentication for mobile device through image selection. In Proc. NDT '09. IEEE (2009), 518--520.Google ScholarCross Ref
- Nielsen Holdings. Two thirds of new mobile buyers now opting for smartphones. http://shar.es/xfZvs.Google Scholar
- Raguram, R., White, A. M., Goswami, D., Monrose, F., and Frahm, J.-M. iSpy: Automatic reconstruction of typed input from compromising reflections. In Proc. CCS '11. ACM (2011), 527--536. Google ScholarDigital Library
- Skillen, A. and Mannan, M. Myphrase: Passwords from your own words. Spectrum, Concordia University, Montreal, Quebec, Canada, 2013.Google Scholar
- Zhai, S. and Kristensson, P.-O. Shorthand writing on stylus keyboard. In Proc. CHI '03. ACM (2003), 97--104. Google ScholarDigital Library
- Zheng, Z., Liu, X., Yin, L., and Liu, Z. A stroke-based textual password authentication scheme. In Proc. ETCS '09. IEEE (2009), 90--95. Google ScholarDigital Library
Index Terms
- A tap and gesture hybrid method for authenticating smartphone users
Recommendations
Where Usability and Security Go Hand-in-Hand: Robust Gesture-Based Authentication for Mobile Systems
CHI '17: Proceedings of the 2017 CHI Conference on Human Factors in Computing SystemsGestures have recently gained interest as a secure and usable authentication method for mobile devices. Gesture authentication relies on recognition, wherein raw data is collected from user input and preprocessed into a more manageable form before ...
Comments on Circuit ciphertext-policy attribute-based hybrid encryption with verifiable delegation
Attribute-based encryption (ABE) with outsourced decryption not only allows fine-grained and versatile sharing of encrypted data, but also largely mitigates the decryption overhead and the ciphertext size in the standard ABE schemes. Very recently, Xu ...
Hide my Gaze with EOG!: Towards Closed-Eye Gaze Gesture Passwords that Resist Observation-Attacks with Electrooculography in Smart Glasses
MoMM2019: Proceedings of the 17th International Conference on Advances in Mobile Computing & MultimediaSmart glasses allow for gaze gesture passwords as a hands-free form of mobile authentication. However, pupil movements for password input are easily observed by attackers, who thereby can derive the password. In this paper we investigate closed-eye gaze ...
Comments