Augmented Unlocking Techniques for Smartphones Using Pre-Touch Information

Smartphones secure a significant amount of personal and private information, and are playing an increasingly important role in people’s lives. However, current techniques to manually authenticate to smartphones have failed in both not-so-surprising (shoulder surfing) and quite surprising (smudge attacks) ways. In this work, we propose a new technique called 3D Pattern. Our 3D Pattern technique takes advantage of pre-touch sensing, which could soon allow smartphones to sense a user’s finger position at some distance from the screen. We describe and implement the technique, and evaluate it in a small pilot study (n=6) by comparing it to PIN and pattern locks. Our results show that although our prototype takes longer to authenticate, it is completely immune to smudge attacks and promises to be more resistant to shoulder surfing.

[1]  Hai-Ning Liang,et al.  SemanticLock: An authentication method for mobile devices using semantically-linked images , 2018, ArXiv.

[2]  Heinrich Hußmann,et al.  PassShape: stroke based shape passwords , 2007, OZCHI '07.

[3]  Nasir D. Memon,et al.  DRAW-A-PIN: Authentication using finger-drawn PIN on touch devices , 2017, Comput. Secur..

[4]  Xing-Dong Yang,et al.  TouchCuts and TouchZoom: enhanced target selection for touch displays using finger proximity sensing , 2011, CHI.

[5]  Sonia Chiasson,et al.  Improving user authentication on mobile devices: a touchscreen graphical password , 2013, MobileHCI '13.

[6]  Daniel Vogel,et al.  Evaluating Attack and Defense Strategies for Smartphone PIN Shoulder Surfing , 2018, CHI.

[7]  Adam J. Aviv,et al.  Smudge Attacks on Smartphone Touch Screens , 2010, WOOT.

[8]  Jun Zheng,et al.  Scramble or not, that is the question a study of the security and usability of scramble keypad for PIN unlock on smartphones , 2016, 2016 IEEE/CIC International Conference on Communications in China (ICCC).

[9]  Buntarou Shizuki,et al.  Vibrainput: two-step PIN entry system based on vibration and visual information , 2014, CHI Extended Abstracts.

[10]  Dawn Xiaodong Song,et al.  Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometric for Continuous Authentication , 2012, IEEE Transactions on Information Forensics and Security.

[11]  Hideki Koike,et al.  Awase-E: Image-Based Authentication for Mobile Phones Using User's Favorite Images , 2003, Mobile HCI.

[12]  Florian Alt,et al.  Improving Accuracy, Applicability and Usability of Keystroke Biometrics on Mobile Touchscreen Devices , 2015, CHI.

[13]  Florian Alt,et al.  Understanding Shoulder Surfing in the Wild: Stories from Users and Observers , 2017, CHI.

[14]  Alexander De Luca,et al.  It's a Hard Lock Life: A Field Study of Smartphone (Un)Locking Behavior and Risk Perception , 2014, SOUPS.

[15]  Ted Taekyoung Kwon,et al.  TinyLock: Affordable defense against smudge attacks on smartphone pattern lock systems , 2014, Comput. Secur..

[16]  Desney S. Tan,et al.  Spy-resistant keyboard: more secure password entry on public touch screen displays , 2005, OZCHI.

[17]  Daniel Vogel,et al.  Targeted Mimicry Attacks on Touch Input Based Implicit Authentication Schemes , 2016, MobiSys.

[18]  Daniel J. Wigdor,et al.  Zero-latency tapping: using hover information to predict touch locations and eliminate touchdown latency , 2014, UIST.

[19]  Youngwoo Yoon,et al.  Touch180: Finger Identification on Mobile Touchscreen using Fisheye Camera and Convolutional Neural Network , 2018, UIST.

[20]  Serge Egelman,et al.  The Anatomy of Smartphone Unlocking: A Field Study of Android Lock Screens , 2016, CHI.

[21]  MemonNasir,et al.  DRAW-A-PIN , 2017 .

[22]  Heinrich Hußmann,et al.  SwiPIN: Fast and Secure PIN-Entry on Smartphones , 2015, CHI.

[23]  Kenton O'Hara,et al.  Pre-Touch Sensing for Mobile Interaction , 2016, CHI.

[24]  Aziz Mohaisen,et al.  Two-Thumbs-Up: Physical protection for PIN entry secure against recording attacks , 2018, Comput. Secur..

[25]  Ian Oakley,et al.  The phone lock: audio and haptic shoulder-surfing resistant PIN entry methods for mobile devices , 2011, Tangible and Embedded Interaction.

[26]  Alessio Merlo,et al.  ClickPattern: A Pattern Lock System Resilient to Smudge and Side-channel Attacks , 2017, J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl..

[27]  Utz Roedig,et al.  SonarSnoop: active acoustic side-channel attacks , 2018, International Journal of Information Security.