Graphical Password-Based User Authentication With Free-Form Doodles

User authentication using simple gestures is now common in portable devices. In this work, authentication with free-form sketches is studied. Verification systems using dynamic time warping and Gaussian mixture models are proposed, based on dynamic signature verification approaches. The most discriminant features are studied using the sequential forward floating selection algorithm. The effects of the time lapse between capture sessions and the impact of the training set size are also studied. Development and validation experiments are performed using the DooDB database, which contains passwords from 100 users captured on a smartphone touchscreen. Equal error rates between 3% and 8% are obtained against random forgeries and between 21% and 22% against skilled forgeries. High variability between capture sessions increases the error rates.

[1]  Daniel P. Lopresti,et al.  Toward Resisting Forgery Attacks via Pseudo-Signatures , 2009, 2009 10th International Conference on Document Analysis and Recognition.

[2]  Anil K. Jain,et al.  On-line signature verification, , 2002, Pattern Recognit..

[3]  Julian Fiérrez,et al.  The DooDB Graphical Password Database: Data Analysis and Benchmark Results , 2013, IEEE Access.

[4]  Anil K. Jain,et al.  Feature Selection: Evaluation, Application, and Small Sample Performance , 1997, IEEE Trans. Pattern Anal. Mach. Intell..

[5]  David Griffiths,et al.  Shoulder surfing defence for recall-based graphical passwords , 2011, SOUPS.

[6]  Alex X. Liu,et al.  Secure unlocking of mobile touch screen devices by simple gestures: you can see it but you can not do it , 2013, MobiCom.

[7]  Hai Tao,et al.  Pass-Go: A Proposal to Improve the Usability of Graphical Passwords , 2008, Int. J. Netw. Secur..

[8]  Dawn Xiaodong Song,et al.  Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometric for Continuous Authentication , 2012, IEEE Transactions on Information Forensics and Security.

[9]  Heinrich Hußmann,et al.  Touch me once and i know it's you!: implicit authentication based on touch screen patterns , 2012, CHI.

[10]  Tal Garfinkel,et al.  Reducing shoulder-surfing by using gaze-based password entry , 2007, SOUPS '07.

[11]  Julie Thorpe,et al.  On predictive models and user-drawn graphical passwords , 2008, TSEC.

[12]  S. Chiba,et al.  Dynamic programming algorithm optimization for spoken word recognition , 1978 .

[13]  Valentín Cardeñoso-Payo,et al.  BioSecure signature evaluation campaign (BSEC'2009): Evaluating online signature algorithms depending on the quality of signatures , 2012, Pattern Recognit..

[14]  Lin Liang,et al.  Scribble-a-Secret: Similarity-based password authentication using sketches , 2008, 2008 19th International Conference on Pattern Recognition.

[15]  Alexander De Luca,et al.  PassShapes: utilizing stroke based authentication to increase password memorability , 2008, NordiCHI.

[16]  Sharath Pankanti,et al.  Error analysis of pattern recognition systems - the subsets bootstrap , 2004, Comput. Vis. Image Underst..

[17]  Adam J. Aviv,et al.  Smudge Attacks on Smartphone Touch Screens , 2010, WOOT.

[18]  Jeff Yan,et al.  Do background images improve "draw a secret" graphical passwords? , 2007, CCS '07.

[19]  Larry Rudolph,et al.  Passdoodles; a Lightweight Authentication Method , 2004 .

[20]  Xiaoping Chen,et al.  YAGP: Yet Another Graphical Password Strategy , 2008, 2008 Annual Computer Security Applications Conference (ACSAC).

[21]  Erik Wästlund,et al.  Exploring Touch-Screen Biometrics for User Identification on Smart Phones , 2011, PrimeLife.

[22]  J. Richiardi,et al.  Gaussian Mixture Models for on-line signature verification , 2003, WBMA '03.

[23]  Jiri Matas,et al.  On Combining Classifiers , 1998, IEEE Trans. Pattern Anal. Mach. Intell..

[24]  Robert Biddle,et al.  Graphical passwords: Learning from the first twelve years , 2012, CSUR.

[25]  Michael K. Reiter,et al.  The Design and Analysis of Graphical Passwords , 1999, USENIX Security Symposium.

[26]  Vibha Sazawal,et al.  Doodling our way to better authentication , 2002, CHI Extended Abstracts.

[27]  Wazir Zada Khan,et al.  A Graphical Password Based System for Small Mobile Devices , 2011, ArXiv.

[28]  G. NaveenSundar,et al.  Password management using doodles , 2007, ICMI '07.

[29]  Nasir D. Memon,et al.  Multitouch Gesture-Based Authentication , 2014, IEEE Transactions on Information Forensics and Security.