Secure and usable authentication on mobile devices

Mobile devices contain a multitude of sensitive data and provide access to even more data as well as services somewhere on the Internet. Even if only temporarily in the hands of non-entitled persons, privacy is at stake. Authentication protects against unauthorized usage. Today's operating systems of mobile devices offer authentication mechanisms. However, they are either vulnerable in some situations or not user friendly enough to be widely adopted. In this paper we suggest a novel authentication system which meets both the requirements of security and usability. For that purpose, we have analyzed existing authentication methods as well as targeting attacks. The resulting Android application SecureLock is a generic authentication system, which offers PIN and password, but also a property-based authentication method by means of NFC tags, and a novel image-based method called GesturePuzzle. The application has been evaluated and compared with other approaches for security and usability.

[1]  G. Aguilar,et al.  Fingerprint Recognition , 2007, Second International Conference on Internet Monitoring and Protection (ICIMP 2007).

[2]  Wazir Zada Khan,et al.  A Hybrid Graphical Password Based System , 2011, ICA3PP.

[3]  Jerome H. Saltzer,et al.  Protecting Poorly Chosen Secrets from Guessing Attacks , 1993, IEEE J. Sel. Areas Commun..

[4]  Sadiq Almuairfi,et al.  IPAS: Implicit Password Authentication System , 2011, 2011 IEEE Workshops of International Conference on Advanced Information Networking and Applications.

[5]  Richard Barber Feature: Social engineering: A People Problem? , 2001 .

[6]  Andrew Hoog Android forensics : investigation, analysis, and mobile security for Google Android / Andrew Hoog ; John McCash, technical editor. , 2011 .

[7]  Alex Biryukov Dictionary Attack (I) , 2005, Encyclopedia of Cryptography and Security.

[8]  Tony Flick,et al.  Securing the Smart Grid: Next Generation Power Grid Security , 2010 .

[9]  Nathan L. Clarke Transparent User Authentication - Biometrics, RFID and Behavioural Profiling , 2011 .

[10]  Michael G. Bailey,et al.  The urgency for effective user privacy-education to counter social engineering attacks on secure computer systems , 2004, CITC5 '04.

[11]  Nathan Clarke Transparent User Authentication , 2011 .

[12]  Joshua Cook,et al.  Improving password security and memorability to protect personal and organizational information , 2007, Int. J. Hum. Comput. Stud..

[13]  R. Ostrovsky,et al.  Fingerprint Recognition , 2008 .

[14]  José Bravo,et al.  Services through NFC technology in AmI environment , 2008, iiWAS.