Back-of-device authentication on smartphones

This paper presents BoD Shapes, a novel authentication method for smartphones that uses the back of the device for input. We argue that this increases the resistance to shoulder surfing while remaining reasonably fast and easy-to-use. We performed a user study (n=24) comparing BoD Shapes to PIN authentication, Android grid unlock, and a front version of our system. Testing a front version allowed us to directly compare performance and security measures between front and back authentication. Our results show that BoD Shapes is significantly more secure than the three other approaches. While performance declined, our results show that BoD Shapes can be very fast (up to 1.5 seconds in the user study) and that learning effects have an influence on its performance. This indicates that speed improvements can be expected in long-term use.

[1]  Johannes Schöning,et al.  Falling asleep with Angry Birds, Facebook and Kindle: a large scale study on mobile application usage , 2011, Mobile HCI.

[2]  Steven Furnell,et al.  Acceptance of Subscriber Authentication Methods For Mobile Telephony Devices , 2002, Comput. Secur..

[3]  Heinrich Hußmann,et al.  Vibrapass: secure authentication based on shared lies , 2009, CHI.

[4]  Patrick Baudisch,et al.  Back-of-device interaction allows creating very small touch devices , 2009, CHI.

[5]  Ian Oakley,et al.  The phone lock: audio and haptic shoulder-surfing resistant PIN entry methods for mobile devices , 2011, Tangible and Embedded Interaction.

[6]  Sebastian Möller,et al.  Poster: An Improved Approach to Gesture-Based Authentication for Mobile Devices , 2010 .

[7]  Steven Furnell,et al.  Authenticating mobile phone users using keystroke analysis , 2006, International Journal of Information Security.

[8]  E A FLEISHMAN,et al.  Factors in the retention and relearning of perceptual-motor skill. , 1962, Journal of experimental psychology.

[9]  계재영 Public Space와 인간공학 , 2006 .

[10]  Nambu Hirotaka,et al.  Reassessing current cell phone designs: using thumb input effectively , 2003, CHI Extended Abstracts.

[11]  A. Ant Ozok,et al.  A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords , 2006, SOUPS '06.

[12]  Gary Marsden,et al.  Exploring the Use of Discrete Gestures for Authentication , 2009, INTERACT.

[13]  Xi Chen,et al.  Implicit User Re-authentication for Mobile Devices , 2009, UIC.

[14]  Brian Eoff,et al.  ShortStraw: a simple and effective corner finder for polylines , 2008, SBM'08.

[15]  Kirsi Helkala,et al.  Biometric Gait Authentication Using Accelerometer Sensor , 2006, J. Comput..

[16]  Markus Jakobsson,et al.  Implicit authentication for mobile devices , 2009 .

[17]  Michael K. Reiter,et al.  The Design and Analysis of Graphical Passwords , 1999, USENIX Security Symposium.

[18]  T. Brashers-Krug,et al.  Functional Stages in the Formation of Human Long-Term Motor Memory , 1997, The Journal of Neuroscience.

[19]  Yvonne Rogers,et al.  Fat Finger Worries: How Older and Younger Users Physically Interact with PDAs , 2005, INTERACT.

[20]  Alexander De Luca,et al.  PassShapes: utilizing stroke based authentication to increase password memorability , 2008, NordiCHI.

[21]  Ian Oakley,et al.  Spinlock: A Single-Cue Haptic and Audio PIN Input Technique for Authentication , 2011, HAID.

[22]  Stuart E. Schechter,et al.  Can i borrow your phone?: understanding concerns when sharing mobile phones , 2009, CHI.

[23]  Richard E. Ladner,et al.  PassChords: secure multi-touch authentication for blind people , 2012, ASSETS '12.

[24]  Hideki Koike,et al.  Awase-E: Image-Based Authentication for Mobile Phones Using User's Favorite Images , 2003, Mobile HCI.

[25]  Andreas P. Heiner,et al.  A closer look at recognition-based graphical passwords on mobile devices , 2010, SOUPS.

[26]  Adam J. Aviv,et al.  Smudge Attacks on Smartphone Touch Screens , 2010, WOOT.

[27]  Heinrich Hußmann,et al.  Towards understanding ATM security: a field study of real world ATM use , 2010, SOUPS.

[28]  Heinrich Hußmann,et al.  Touch me once and i know it's you!: implicit authentication based on touch screen patterns , 2012, CHI.