A tap and gesture hybrid method for authenticating smartphone users

This paper presents a new tap and gesture hybrid method for authenticating mobile device users. The new technique augments four simple gestures - up, down, left, and right, to the dominant digit lock technique, allowing users to either tap or perform any one of the four gestures on the digit keys. It offers in total 6250000 unique four-symbol password combinations, which is substantially more than the conventional techniques. Results of a pilot study showed that the new technique was slower and more error prone than the digit lock technique. However, we believe with practice it could get faster and more accurate. Also, most users were comfortable and all of them felt more secured while using the new technique.

[1]  Charles Cresson Wood,et al.  Security for computer networks : D.W. Davies and W.L. Price New York: John Wiley and Sons, 1984. 386 + xix pages, $19.50 , 1985, Computers & security.

[2]  Xiyu Liu,et al.  A Stroke-Based Textual Password Authentication Scheme , 2009, 2009 First International Workshop on Education Technology and Computer Science.

[3]  Robert Biddle,et al.  User Study, Analysis, and Usable Security of Passwords Based on Digital Objects , 2011, IEEE Transactions on Information Forensics and Security.

[4]  Shumin Zhai,et al.  Shorthand writing on stylus keyboard , 2003, CHI '03.

[5]  M. Jakobsson Rethinking Passwords to Adapt to Constrained Keyboards , 2011 .

[6]  Mohammad Mannan,et al.  Myphrase: Passwords from your Own Words , 2013 .

[7]  Alain Forget,et al.  User interface design affects security: patterns in click-based graphical passwords , 2009, International Journal of Information Security.

[8]  N. Sangeetha,et al.  AUTHENTICATING MOBILE DEVICE USERS THROUGH IMAGE SELECTION , 2013 .

[9]  Donald W. Davies,et al.  Security for computer networks - an introduction to data security in teleprocessing and electronic funds transfer (2. ed.) , 1989, Wiley series in communication and distributed systems.

[10]  Markus Jakobsson,et al.  Implicit authentication for mobile devices , 2009 .

[11]  W. Jansen,et al.  Authenticating Mobile Device UsersThrough Image Selection , 2004 .

[12]  Paul C. van Oorschot,et al.  Passwords for Both Mobile and Desktop Computers: ObPwd for Firefox and Android , 2012, login Usenix Mag..

[13]  Iksu Kim Keypad against brute force attacks on smartphones , 2012, IET Inf. Secur..

[14]  Iffat Nazir,et al.  User authentication for mobile device through image selection , 2009, 2009 First International Conference on Networked Digital Technologies.

[15]  Jan-Michael Frahm,et al.  On the Privacy Risks of Virtual Keyboards: Automatic Reconstruction of Typed Input from Compromising Reflections , 2013, IEEE Transactions on Dependable and Secure Computing.

[16]  Wayne Jansen,et al.  Authenticating Mobile Device Users Through Image Selection | NIST , 2004 .

[17]  Andreea A.S. Ionescu,et al.  SECURITY IN COMPUTER NETWORKS , 2012 .

[18]  Steven Furnell,et al.  Advanced user authentication for mobile devices , 2007, Comput. Secur..

[19]  Adam J. Aviv,et al.  Smudge Attacks on Smartphone Touch Screens , 2010, WOOT.

[20]  Adrian Perrig,et al.  This copyright notice must be included in the reproduced paper. USENIX acknowledges all trademarks herein. Déjà Vu: A User Study Using Images for Authentication , 2000 .

[21]  Jan-Michael Frahm,et al.  iSpy: automatic reconstruction of typed input from compromising reflections , 2011, CCS '11.