Top

Published in:

2022 | OriginalPaper | Chapter

Double-X: Towards Double-Cross-Based Unlock Mechanism on Smartphones

Authors : Wenjuan Li, Jiao Tan, Nan Zhu

Published in: ICT Systems Security and Privacy Protection

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Thanks to the convenience and the increasing functionalities, mobile devices especially smartphones are becoming an essential electronic device in people’s daily lives. Users can take the smartphone for online shopping and payment, as well as chatting with friends. However, with more private and sensitive information stored on such devices, how to secure the phone data becomes an open challenge. To protect a smartphone from unauthorized access, a direct and intuitive approach is to deploy an unlock mechanism, which requires users to input a correct pattern and unlock the phone. In the literature, combining behavioral biometrics can further enhance the security of unlock mechanisms, e.g., Android unlock patterns. In this work, we develop Double-X, a double-cross-based unlock scheme that requires users to unlock the phone by inputting two cross shapes on the selected dots. To authenticate the user, Double-X has to check the selected dots and the behavioral features when drawing the cross shapes. To examine the scheme performance, we perform two user studies with 80 participants with several typical supervised algorithms. The results indicate that participants can achieve a good success rate (e.g., 95%) under our scheme compared with two similar schemes.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter One Light, One App: Tackling a Common Misperception Causing Breach of User Privacy

next chapter Post-Quantum Cheating Detectable Private Information Retrieval

Smartphone Shipments Declined in the Fourth Quarter But 2021 Was Still a Growth Year with a 5.7% Increase in Shipments. https://www.idc.com/getdoc.jsp?containerId=prUS48830822

February 2022 Mobile User Statistics. https://www.bankmycell.com/blog/how-many-phones-are-in-the-world

Aviv, A.J., Gibson, K., Mossop, E., Blaze, M., Smith, J. M.: Smudge attacks on smartphone touch screens. In: Proceedings of the 4th USENIX Conference on Offensive Technologies, pp. 1–7, USENIX Association (2010)

Al-Sudani, A.R., Gao, S., Wen, S., Al-Khiza’ay, M.: Checking an authentication of person depends on RFID with thermal image. In: Wang, G., Chen, J., Yang, L.T. (eds.) SpaCCS 2018. LNCS, vol. 11342, pp. 371–380. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-05345-1_32CrossRef

Bonneau, J.: The science of guessing: analyzing an anonymized corpus of 70 million passwords. In: Proceedings of the 2012 IEEE Symposium on Security and Privacy, pp. 538–552 (2012)

De Luca, A., Hang, A., Brudy, F., Lindner, C., Hussmann, H.: Touch me once and i know it’s you!: implicit authentication based on touch screen patterns. In: Proceedings of CHI (ACM), pp. 987–996 (2012)

Feng, T., et al.: Continuous mobile authentication using touchscreen gestures. In: Proceedings of the 2012 IEEE Conference on Technologies for Homeland Security (HST), pp. 451–456. IEEE (2012)

Findling, R.D., Mayrhofer, R.: Towards face unlock: on the difficulty of reliably detecting faces on mobile phones. MoMM, pp. 275–280 (2012)

Frank, M., Biedert, R., Ma, E., Martinovic, I., Song, D.: Touchalytics: on the applicability of touchscreen input as a behavioral biometric for continuous authentication. IEEE Trans. Inf. Forensics Secur. 8(1), 136–148 (2013)CrossRef

10.

Forman, T., Aviv, A.: Double patterns: a usable solution to increase the security of android unlock patterns. ACSAC, pp. 219–233 (2020)

11.

Gomez-Barrero, M., Galbally, J.: Reversing the irreversible: a survey on inverse biometrics. Comput. Secur. 90, 101700 (2020)CrossRef

12.

Guo, Y., Yang, L., Ding, X., Han, J., Liu, Y.: OpenSesame: unlocking smart phone through handshaking biometrics. INFOCOM, pp. 365–369 (2013)

13.

Izuta, R., Murao, K., Terada, T., Iso, T., Inamura, H., Tsukamoto, M.: Screen unlocking method using behavioral characteristics when taking mobile phone from pocket. MoMM, pp. 110–114 (2016)

14.

Larrucea, X., Moffie, M., Asaf, S., Santamaria, I.: Towards a GDPR compliant way to secure European cross border healthcare industry 4.0. Comput. Stand. Interfaces 69, 103408 (2020)

15.

Li, Y., et al.: A closer look tells more: a facial distortion based liveness detection for face authentication. AsiaCCS, pp. 241–246 (2019)

16.

Li, Y., Cheng, Y., Meng, W., Li, Y., Deng, R.H.: Designing leakage-resilient password entry on head-mounted smart wearable glass devices. IEEE Trans. Inf. Forensics Secur. 16, 307–321 (2021)CrossRef

17.

Li, W., Tan, J., Meng, W., Wang, Yu., Li, J.: SwipeVLock: a supervised unlocking mechanism based on swipe behavior on smartphones. In: Chen, X., Huang, X., Zhang, J. (eds.) ML4CS 2019. LNCS, vol. 11806, pp. 140–153. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-30619-9_11CrossRef

18.

Li, W., Tan, J., Meng, W., Wang, Y.: A swipe-based unlocking mechanism with supervised learning on smartphones: design and evaluation. J. Netw. Comput. Appl. 165, 102687 (2020)CrossRef

19.

Li, W., Wang, Y., Li, J., Xiang, Y.: Towards supervised shape-based behavioral authentication on smartphones. J. Inf. Secur. Appl. 55, 102591 (2020)

20.

Liang, Y., Samtani, S., Guo, B., Yu, Z.: Behavioral biometrics for continuous authentication in the internet-of-things era: an artificial intelligence perspective. IEEE Internet Things J. 7(9), 9128–9143 (2020)CrossRef

21.

Meng, Y.: Designing click-draw based graphical password scheme for better authentication. In: Proceedings of the 7th IEEE International Conference on Networking, Architecture, and Storage (NAS), pp. 39–48 (2012)

22.

Meng, Y., Li, W., Kwok, L.-F.: Enhancing click-draw based graphical passwords using multi-touch on mobile phones. In: Janczewski, L.J., Wolfe, H.B., Shenoi, S. (eds.) SEC 2013. IAICT, vol. 405, pp. 55–68. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39218-4_5CrossRef

23.

Meng, W., Wong, D.S., Furnell, S., Zhou, J.: Surveying the development of biometric user authentication on mobile phones. IEEE Commun. Surv. Tutor. 17(3), 1268–1293 (2015)CrossRef

24.

Meng, W.: RouteMap: a route and map based graphical password scheme for better multiple password memory. In: NSS 2015. LNCS, vol. 9408, pp. 147–161. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-25645-0_10CrossRef

25.

Meng, W.: Evaluating the effect of multi-touch behaviours on android unlock patterns. Inf. Comput. Secur. 24(3), 277–287 (2016)CrossRef

26.

Meng, W., Li, W., Wong, D.S., Zhou, J.: TMGuard: a touch movement-based security mechanism for screen unlock patterns on smartphones. In: Manulis, M., Sadeghi, A.-R., Schneider, S. (eds.) ACNS 2016. LNCS, vol. 9696, pp. 629–647. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-39555-5_34CrossRef

27.

Meng, W., Lee, W.H., Liu, Z., Su, C., Li, Y.: Evaluating the impact of juice filming charging attack in practical environments. In: Kim, H., Kim, D.-C. (eds.) ICISC 2017. LNCS, vol. 10779, pp. 327–338. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78556-1_18CrossRef

28.

Meng, W., Fei, F., Li, W., Au, M.H.: Harvesting smartphone privacy through enhanced juice filming charging attacks. In: Nguyen, P., Zhou, J. (eds.) Information Security. ISC 2017. LNCS, vol. 10599. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-69659-1_16

29.

Meng, W., Li, W., Kwok, L.-F., Choo, K.-K.R.: Towards enhancing click-draw based graphical passwords using multi-touch behaviours on smartphones. Comput. Secur. 65, 213–229 (2017)CrossRef

30.

Meng, W., Li, W., Lee, W.H., Jiang, L., Zhou, J.: A pilot study of multiple password interference between text and map-based passwords. In: Gollmann, D., Miyaji, A., Kikuchi, H. (eds.) ACNS 2017. LNCS, vol. 10355, pp. 145–162. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-61204-1_8CrossRef

31.

Meng, W., Lee, W.H., Au, M.H., Liu, Z.: Exploring effect of location number on map-based graphical password authentication. In: Pieprzyk, J., Suriadi, S. (eds.) ACISP 2017. LNCS, vol. 10343, pp. 301–313. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-59870-3_17CrossRef

32.

Meng, W., Li, W., Wong, D.S.: Enhancing touch behavioral authentication via cost-based intelligent mechanism on smartphones. Multimed. Tools Appl. 77(23), 30167–30185 (2018). https://doi.org/10.1007/s11042-018-6094-2CrossRef

33.

Meng, W., Wang, Y., Wong, D.S., Wen, S., Xiang, Y.: TouchWB: touch behavioral user authentication based on web browsing on smartphones. J. Netw. Comput. Appl. 117, 1–9 (2018)CrossRef

34.

Nyang, D., et al.: Two-Thumbs-Up: physical protection for PIN entry secure against recording attacks. Comput. Secur. 78, 1–15 (2018)CrossRef

35.

Shepard, R.N.: Recognition memory for words, sentences, and pictures. J. Verbal Learn. Verbal Behav. 6(1), 156–163 (1967)CrossRef

36.

Spitzer, J., Singh, C., Schweitzer, D.: A security class project in graphical passwords. J. Comput. Sci. Coll. 26(2), 7–13 (2010)

37.

Shahzad, M., Liu, A.X., Samuel, A.: Behavior based human authentication on touch screen devices using gestures and signatures. IEEE Trans. Mob. Comput. 16(10), 2726–2741 (2017)CrossRef

38.

Sharma, V., Enbody, R.: User authentication and identification from user interface interactions on touch-enabled devices. In: Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), pp. 1–11 (2017)

39.

Suo, X., Zhu, Y., Owen, G.S.: Graphical passwords: a survey. In: Proceedings of the 21st Annual Computer Security Applications Conference (ACSAC), pp. 463–472. IEEE (2005)

40.

Sun, H., Chen, Y., Fang, C., Chang, S.: PassMap: a map based graphical-password authentication system. In: Proceedings of AsiaCCS, pp. 99–100 (2012)

41.

Tao, H., Adams, C.: Pass-Go: a proposal to improve the usability of graphical passwords. Int. J. Netw. Secur. 2(7), 273–292 (2008)

42.

Thorpe, J., MacRae, B., Salehi-Abari, A.: Usability and security evaluation of GeoPass: a geographic location-password scheme. In: Proceedings of the 9th Symposium on Usable Privacy and Security (SOUPS), pp. 1–14 (2013)

43.

Wang, L., et al.: Unlock with your heart: heartbeat-based authentication on commercial mobile phones. Proc. ACM Interact. Mob. Wearable Ubiquitous Technol. 2(3), 140:1–140:22 (2018)

44.

WEKA: machine learning software in Java. https://www.cs.waikato.ac.nz/ml/weka/

45.

Wiedenbeck, S., Waters, J., Birget, J.-C., Brodskiy, A., Memon, N.: PassPoints: design and longitudinal evaluation of a graphical password system. Int. J. Hum Comput Stud. 63(1–2), 102–127 (2005)CrossRef

46.

Weir, M., Aggarwal, S., Collins, M., Stern, H.: Testing metrics for password creation policies by attacking large sets of revealed passwords. In: Proceedings of CCS, pp. 162–175 (2010)

47.

Yi, S., Qin, Z., Carter, N., Li, Q.: WearLock: unlocking your phone via acoustics using smartwatch. ICDCS, pp. 469–479 (2017)

48.

Zheng, N., Bai, K., Huang, H., Wang, H.: You are how you touch: user verification on smartphones via tapping behaviors. In: Proceedings of the 2014 International Conference on Network Protocols (ICNP), pp. 221–232 (2014)

Title: Double-X: Towards Double-Cross-Based Unlock Mechanism on Smartphones
Authors: Wenjuan Li
Jiao Tan
Nan Zhu
Publisher: Springer International Publishing
Book: ICT Systems Security and Privacy Protection
Print ISBN: 978-3-031-06974-1

Electronic ISBN: 978-3-031-06975-8

Copyright Year: 2022
DOI: https://doi.org/10.1007/978-3-031-06975-8_24

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner