Top

Published in:

2016 | OriginalPaper | Chapter

TMGuard: A Touch Movement-Based Security Mechanism for Screen Unlock Patterns on Smartphones

Authors : Weizhi Meng, Wenjuan Li, Duncan S. Wong, Jianying Zhou

Published in: Applied Cryptography and Network Security

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Secure user authentication is a big challenge for smartphone security. To overcome the drawbacks of knowledge-based method, various graphical passwords have been proposed to enhance user authentication on smartphones. Android unlock patterns are one of the Android OS features aiming to authenticate users based on graphical patterns. However, recent studies have shown that attackers can easily compromise this unlock mechanism (i.e., by means of smudge attacks). We advocate that some additional mechanisms should be added to improve the security of unlock patterns. In this paper, we first show that users would perform a touch movement differently when interacting with the touchscreen and that users would perform somewhat stably for the same pattern after several trials. We then develop a touch movement-based security mechanism, called TMGuard, to enhance the authentication security of Android unlock patterns by verifying users’ touch movement during pattern input. In the evaluation, our user study with 75 participants demonstrate that TMGuard can positively improve the security of Android unlock patterns without compromising its usability.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter CAPTCHaStar! A Novel CAPTCHA Based on Interactive Shape Discovery

next chapter Gesture-Based Continuous Authentication for Wearable Devices: The Smart Glasses Use Case

http://www.cyanogenmod.com/.

https://sourceforge.net/projects/touchdynamicsauthentication/files/Android_OS/.

Dynamic time warping (DTW) is an algorithm for measuring similarity between two temporal sequences which may vary in time or speed.

Andriotis, P., Tryfonas, T., Oikonomou, G., Yildiz, C.: A pilot study on the security of pattern screen-lock methods, soft side channel attacks. In: Proceedings of WiSec, pp. 1–6. ACM (2013)

Aviv, A.J., Gibson, K., Mossop, E., Blaze, M., Smith, J.M.: Smudge attacks on smartphone touch screens. In: Proceedings of the 4th USENIX Conference on Offensive Technologies, pp. 1–7. USENIX Association (2010)

Churchill , B.:Unlock Pattern Generator (2013). https://www.berkeleychurchill.com/software/android-pwgen/pwgen.php

Bergadano, F., Gunetti, D., Picardi, C.: User authentication through keystroke dynamics. ACM Trans. Inf. Syst. Secur. 5(4), 367–397 (2002)CrossRef

Bisson, D.: The state of security-Authentication and awareness: the anti-cybercrime duo, 30 October 2014. http://www.tripwire.com/state-of-security/security-awareness/authentication-and-awareness-the-anti-cybercrime-duo/

Brown, A.S., Bracken, E., Zoccoli, S., Douglas, K.: Generating and remembering passwords. Appl. Cogn. Psychol. 18, 641–651 (2004)CrossRef

Conti, M., Zachia-Zlatea, I., Crispo, B.: Mind how you answer me! (transparently authenticating the user of a smartphone when answering or placing a call). In: Proceedings of the 6th ASIACCS, pp. 249–259 (2011)

De Luca, A., Hang, A., Brudy, F., Lindner, C., Hussmann, H.: Touch me once and i know it’s you!: implicit authentication based on touch screen patterns. In: Proceedings of CHI, pp. 987–996. ACM (2012)

Frank, M., Biedert, R., Ma, E., Martinovic, I., Song, D.: Touchalytics: on the applicability of touchscreen input as a behavioral biometric for continuous authentication. IEEE Trans. Inf. Forensics Secur. 8(1), 136–148 (2013)CrossRef

10.

Giuffrida, C., Majdanik, K., Conti, M., Bos, H.: I sensed it was you: authenticating mobile users with sensor-enhanced keystroke dynamics. In: Dietrich, S. (ed.) DIMVA 2014. LNCS, vol. 8550, pp. 92–111. Springer, Heidelberg (2014)

11.

IDC. Smartphone OS Market Share, Q2 2015, December 2015. http://www.idc.com/prodserv/smartphone-os-market-share.jsp

12.

Karlson, A.K., Brush, A.B., Schechter, S. Can i borrow your phone?: understanding concerns when sharing mobile phones. In: Proceedings of the 27th CHI, pp. 1647–1650. ACM (2009)

13.

Kotthoff, L., Gent, I.P., Miguel, I.: An evaluation of machine learning in algorithm selection for search problems. AI Commun. 25(3), 257–270 (2012)MathSciNet

14.

Li, L., Zhao, X., Xue, G.: Unobservable re-authentication for smartphones. In: Proceedings of the 20th Annual Network and Distributed System Security Symposium (NDSS), pp. 1–16 (2013)

15.

Meng, Y., Wong, D.S., Schlegel, R., Kwok, L.: Touch gestures based biometric authentication scheme for touchscreen mobile phones. In: Kutyłowski, M., Yung, M. (eds.) INSCRYPT 2012. LNCS, vol. 7763, pp. 331–350. Springer, Heidelberg (2013)CrossRef

16.

Meng, W., Wong, D.S., Kwok, L.F.: The effect of adaptive mechanism on behavioural biometric based mobile phone authentication. Inf. Manag. Comput. Secur. 22(2), 155–166 (2014)

17.

Meng, W., Wong, D.S., Furnell, S., Zhou, J.: Surveying the development of biometric user authentication on mobile phones. IEEE Commun. Surv. Tutorials 17(3), 1268–1293 (2015)CrossRef

18.

Nelson, D.L., Reed, V.S., Walling, J.R.: Pictorial superiority effect. J. Exp. Psychol.: Hum. Learn. Mem. 2(5), 523–528 (1976)

19.

Pereira Botelho, B.A., Nakamura, E.T., Uto, N.: Security analysis of touch inputted passwords. In: Lopez, J., Huang, X., Sandhu, R. (eds.) NSS 2013. LNCS, vol. 7873, pp. 714–720. Springer, Heidelberg (2013)CrossRef

20.

Tao, H., Adams, C.: Pass-go: a proposal to improve the usability of graphical passwords. Int. J. Netw. Secur. 7(2), 273–292 (2008)

21.

Van Thanh, D.: Security issues in mobile eCommerce. In: Proceedings of the 11th International Workshop on Database and Expert Systems Applications (DEXA), pp. 412–425 (2000)

22.

SplashData Inc, Password unseated by “123456” on SplashData’s annual Worst Passwords list (2013). http://splashdata.com/press/worstpasswords2013.htm

23.

Uellenbeck, S., Dürmuth, M., Wolf, C., Holz, T.: Quantifying the security ofgraphical passwords: the case of Android unlock patterns. In: Proceedings of the 2013 ACM Conference on Computer and Communications Security (CCS), pp. 161–172 (2013)

24.

Webroot. SURVEY: Mobile Threats are Real and Costly (2012). http://www.webroot.com/shared/pdf/byod-mobile-security-study.pdf

25.

J. White. Cydia Tweak: How To Add An Android-Inspired Pattern Unlock Screen To The iPhone, 26 June 2013. http://appadvice.com/appnn/2013/06/cydia-tweak-how-to-add-an-android-inspired-pattern-unlock-screen-to-the-iphone

26.

Yan, J., Blackwell, A., Anderson, R., Grant, A.: Password memorability and security: empirical results. IEEE Secur. Priv. 2(5), 25–31 (2004)CrossRef

27.

Yan, Q., Han, J., Li, Y., Zhou, J., Deng, R.: Designing leakage-resilient passwordentry on touchscreen mobile devices. In: Proceedings of the 8th Asia CCS, pp. 37–48 (2013)

28.

Zahid, S., Shahzad, M., Khayam, S.A., Farooq, M.: Identification, keystroke-based user on smart phones. In: Proceedings of RAID, pp. 224–243 (2009)

29.

Zhang, Y., Xia, P., Luo, J., Ling, Z., Liu, B., Fu, X.: Fingerprint attack against touch-enabled devices. In: Proceedings of the 2nd ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 57–68 (2012)

30.

Zhao, X., Feng, T., Shi, W., Kakadiaris, I.A.: Mobile user authentication using statistical touch dynamics images. IEEE Trans. Inf. Forensics Secur. 9(11), 1780–1789 (2014)CrossRef

Title: TMGuard: A Touch Movement-Based Security Mechanism for Screen Unlock Patterns on Smartphones
Authors: Weizhi Meng
Wenjuan Li
Duncan S. Wong
Jianying Zhou
Publisher: Springer International Publishing
Book: Applied Cryptography and Network Security
Print ISBN: 978-3-319-39554-8

Electronic ISBN: 978-3-319-39555-5

Copyright Year: 2016
DOI: https://doi.org/10.1007/978-3-319-39555-5_34

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner