Abstract
Secure user authentication is a big challenge for smartphone security. To overcome the drawbacks of knowledge-based method, various graphical passwords have been proposed to enhance user authentication on smartphones. Android unlock patterns are one of the Android OS features aiming to authenticate users based on graphical patterns. However, recent studies have shown that attackers can easily compromise this unlock mechanism (i.e., by means of smudge attacks). We advocate that some additional mechanisms should be added to improve the security of unlock patterns. In this paper, we first show that users would perform a touch movement differently when interacting with the touchscreen and that users would perform somewhat stably for the same pattern after several trials. We then develop a touch movement-based security mechanism, called TMGuard, to enhance the authentication security of Android unlock patterns by verifying users’ touch movement during pattern input. In the evaluation, our user study with 75 participants demonstrate that TMGuard can positively improve the security of Android unlock patterns without compromising its usability. Copyright © 2016 Springer International Publishing Switzerland.
Original language | English |
---|---|
Title of host publication | Applied cryptography and network security: 14th International Conference, ACNS 2016, Guildford, UK, June 19-22, 2016. proceedings |
Editors | Mark MANULIS, Ahmad-Reza SADEGHI, Steve SCHNEIDER |
Place of Publication | Cham |
Publisher | Springer |
Pages | 629-647 |
ISBN (Electronic) | 9783319395555 |
ISBN (Print) | 9783319395548 |
DOIs | |
Publication status | Published - 2016 |
Citation
Meng, W., Li, W., Wong, D. S., & Zhou, J. (2016). TMGuard: A touch movement-based security mechanism for screen unlock patterns on smartphones. In M. Manulis, A.-R. Sadeghi, & S. Schneider (Eds.), Applied cryptography and network security: 14th International Conference, ACNS 2016, Guildford, UK, June 19-22, 2016. proceedings (pp. 629-647). Springer. https://doi.org/10.1007/978-3-319-39555-5_34Keywords
- Mobile security
- User authentication
- Android unlock patterns
- Usability
- Touch gestures
- Behavioral biometric