skip to main content
10.1145/2500423.2500434acmconferencesArticle/Chapter ViewAbstractPublication PagesmobicomConference Proceedingsconference-collections
research-article

Secure unlocking of mobile touch screen devices by simple gestures: you can see it but you can not do it

Published: 30 September 2013 Publication History

Abstract

With the rich functionalities and enhanced computing capabilities available on mobile computing devices with touch screens, users not only store sensitive information (such as credit card numbers) but also use privacy sensitive applications (such as online banking) on these devices, which make them hot targets for hackers and thieves. To protect private information, such devices typically lock themselves after a few minutes of inactivity and prompt a password/PIN/pattern screen when reactivated. Passwords/PINs/patterns based schemes are inherently vulnerable to shoulder surfing attacks and smudge attacks. Furthermore, passwords/PINs/patterns are inconvenient for users to enter frequently. In this paper, we propose GEAT, a gesture based user authentication scheme for the secure unlocking of touch screen devices. Unlike existing authentication schemes for touch screen devices, which use what user inputs as the authentication secret, GEAT authenticates users mainly based on how they input, using distinguishing features such as finger velocity, device acceleration, and stroke time. Even if attackers see what gesture a user performs, they cannot reproduce the behavior of the user doing gestures through shoulder surfing or smudge attacks. We implemented GEAT on Samsung Focus running Windows, collected 15009 gesture samples from 50 volunteers, and conducted real-world experiments to evaluate GEAT's performance. Experimental results show that our scheme achieves an average equal error rate of 0.5% with 3 gestures using only 25 training samples.

References

[1]
"25 leaked celebrity cell phone pics," http://www.holytaco.com/25-leaked-celebrity-cell-phone-pics.
[2]
"The symantec smartphone honey stick project,"
[3]
A. J. Aviv, K. Gibson, E. Mossop, M. Blaze, and J. M. Smith, "Smudge attacks on smartphone touch screens," in Proc. 4th USENIX Conf. on Offensive technologies, 2010, pp. 1--10.
[4]
C.-C. Chang and C.-J. Lin, "LIBSVM: a library for support vector machines," ACM Transactions on Intelligent Systems and Technology, vol. 2, no. 3, pp. 27:1--27, 2011.
[5]
M. Conti, I. Zachia-Zlatea, and B. Crispo, "Mind how you answer me!: transparently authenticating the user of a smartphone when answering or placing a call," in Proc. ACM Symposium on Information, Computer and Communications Security, 2011, pp. 249--259.
[6]
D. Gafurov, K. Helkala, and T. Søndrol, "Biometric gait authentication using accelerometer sensor," Journal of computers, vol. 1, no. 7, pp. 51--59, 2006.
[7]
J. Joe H. Ward, "Hierarchical grouping to optimize an objective function," Journal of the American statistical association, vol. 58, no. 301, pp. 236--244, 1963.
[8]
S. S. Keerthi and C.-J. Lin, "Asymptotic behaviors of support vector machines with gaussian kernel," Neural computation, vol. 15, no. 7, pp. 1667--1689, 2003.
[9]
A. D. Luca, A. Hang, F. Brudy, C. Lindner, and H. Hussmann, "Touch me once and I know it's you!: implicit authentication based on touch screen patterns," in Proc. ACM (SIGCHI), 2012.
[10]
K. Killourhy and R. Maxion, "Why did my detector do that?!" in Proc. RAID, 2010.
[11]
J. Kwapisz, G. Weiss, and S. Moore, "Cell phone-based biometric identification," in Proc. IEEE Int. Conf. on Biometrics: Theory Applications and Systems, 2010, pp. 1--7.
[12]
J. Mantyjarvi, M. Lindholm, E. Vildjiounaite, S. Makela, and H. Ailisto, "Identifying users of portable devices from gait pattern with accelerometers," in Proc. IEEE Int. Conf. on Acoustics, Speech, and Signal Processing, 2005.
[13]
F. Monrose, M. K. Reiter, and S. Wetzel. Password hardening based on keystroke dynamics. In Proc. ACM CCS, pages 73--82, 1999.
[14]
N. Sae-Bae, K. Ahmed, K. Isbister, and N. Memon. Biometric-rich gestures: a novel approach to authentication on multi-touch device. In Proc. ACM SIGCHI, 2012.
[15]
F. Schaub, R. Deyhle, and M. Weber, "Password entry usability and shoulder surfing susceptibility on different smartphone platforms," in Proc. Mobile & Ubiquitous Multimedia, 2012.
[16]
B. Scholkopf, J. C. Platt, J. Shawe-Taylor, A. J. Smola, and R. C. Williamson, "Estimating the support of a high-dimensional distribution," Neural computation, vol. 13, no. 7, 2001.
[17]
M. Shahzad, S. Zahid, and M. Farroq, "A hybrid GA-PSO fuzzy system for user identification on smart phones," in Proc. GECCO, 2009, pp. 1617--1624.
[18]
F. Tari, A. Ozok, and S. Holden, "A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords," in Proc. SOUPS, 2006, pp. 56--66.
[19]
S. Zahid, M. Shahzad, S. A. Khayam, and M. Farooq, "Keystroke-based user identification on smart phones," in Proc. RAID, 2009.
[20]
N. Zheng, K. Bai, H. Huang, and H. Wang. You are how you touch: User verification on smartphones via tapping behaviors. Technical report, College of William and Mary, 2012.

Cited By

View all
  • (2024)Revolutionizing IoT Security: Integrating Audio Data Transfer and Multi-Factor Authentication with Smartphones2024 IEEE International Conference on Electro Information Technology (eIT)10.1109/eIT60633.2024.10609946(310-315)Online publication date: 30-May-2024
  • (2024)It's All in the Touch: Authenticating Users With HOST Gestures on Multi-Touch Screen DevicesIEEE Transactions on Mobile Computing10.1109/TMC.2024.337101423:10(10016-10030)Online publication date: Oct-2024
  • (2024)Robust and Accurate Hand Gesture Authentication With Cross-Modality Local-Global Behavior AnalysisIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.345136719(8630-8643)Online publication date: 2024
  • Show More Cited By

Index Terms

  1. Secure unlocking of mobile touch screen devices by simple gestures: you can see it but you can not do it

      Recommendations

      Comments

      Information & Contributors

      Information

      Published In

      cover image ACM Conferences
      MobiCom '13: Proceedings of the 19th annual international conference on Mobile computing & networking
      September 2013
      504 pages
      ISBN:9781450319997
      DOI:10.1145/2500423
      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

      Sponsors

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      Published: 30 September 2013

      Permissions

      Request permissions for this article.

      Check for updates

      Author Tags

      1. authentication
      2. gesture
      3. locking/unlocking
      4. mobile touch screen devices

      Qualifiers

      • Research-article

      Conference

      MobiCom'13
      Sponsor:

      Acceptance Rates

      MobiCom '13 Paper Acceptance Rate 28 of 207 submissions, 14%;
      Overall Acceptance Rate 440 of 2,972 submissions, 15%

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • Downloads (Last 12 months)35
      • Downloads (Last 6 weeks)2
      Reflects downloads up to 19 Feb 2025

      Other Metrics

      Citations

      Cited By

      View all
      • (2024)Revolutionizing IoT Security: Integrating Audio Data Transfer and Multi-Factor Authentication with Smartphones2024 IEEE International Conference on Electro Information Technology (eIT)10.1109/eIT60633.2024.10609946(310-315)Online publication date: 30-May-2024
      • (2024)It's All in the Touch: Authenticating Users With HOST Gestures on Multi-Touch Screen DevicesIEEE Transactions on Mobile Computing10.1109/TMC.2024.337101423:10(10016-10030)Online publication date: Oct-2024
      • (2024)Robust and Accurate Hand Gesture Authentication With Cross-Modality Local-Global Behavior AnalysisIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.345136719(8630-8643)Online publication date: 2024
      • (2024)Touch Authentication for Sharing Context Using Within-Group Similarity StructureIEEE Internet of Things Journal10.1109/JIOT.2024.340232311:17(28281-28296)Online publication date: 1-Sep-2024
      • (2024)A Systematic Review of Human Activity Recognition Based on Mobile Devices: Overview, Progress and TrendsIEEE Communications Surveys & Tutorials10.1109/COMST.2024.335759126:2(890-929)Online publication date: Oct-2025
      • (2023)The impact of social media platforms on communication within Saudi families: A quantitative analysis based on the theory of uses and gratificationsInternational Journal of ADVANCED AND APPLIED SCIENCES10.21833/ijaas.2023.07.01110:7(86-98)Online publication date: Jul-2023
      • (2023)MAUTH: Continuous User Authentication Based on Subtle Intrinsic Muscular TremorsIEEE Transactions on Mobile Computing10.1109/TMC.2023.3243687(1-13)Online publication date: 2023
      • (2023)BubbleMap: Privilege Mapping for Behavior-Based Implicit Authentication SystemsIEEE Transactions on Mobile Computing10.1109/TMC.2022.316645422:8(4548-4562)Online publication date: 1-Aug-2023
      • (2023)Beyond Legitimacy, Also With Identity: Your Smart Earphones Know Who You Are QuietlyIEEE Transactions on Mobile Computing10.1109/TMC.2021.313465422:6(3179-3192)Online publication date: 1-Jun-2023
      • (2023)Towards Nonintrusive and Secure Mobile Two-Factor Authentication on WearablesIEEE Transactions on Mobile Computing10.1109/TMC.2021.313327522:5(3046-3061)Online publication date: 1-May-2023
      • Show More Cited By

      View Options

      Login options

      View options

      PDF

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      Figures

      Tables

      Media

      Share

      Share

      Share this Publication link

      Share on social media