Skip to main content

DCUS: Evaluating Double-Click-Based Unlocking Scheme on Smartphones

Abstract

With the increasing capability of software and hardware, mobile devices especially smartphones are changing the way of peoples’ communication and living styles. For the sake of convenience, people often store a lot of personal data like images on the device and use it for completing sensitive tasks like payment and financial transfer. This makes data protection more important on smartphones. To secure the device from unauthorized access, one simple and efficient method is to design a device or screen unlock mechanism, which can authenticate the identity of current user. However, most existing unlock schemes can be compromised if an attacker gets the correct pattern. In this work, we advocate that behavioral biometrics can be useful to improve the security of unlock mechanisms. We thus design DCUS, a double-click-based unlocking scheme on smartphones, which requires users to unlock the device by double clicking on the right location on an image. For user authentication, our scheme needs to check the selected images, image location and double-click patterns. In the evaluation, we perform a user study with 60 participants and make a comparison between our scheme and a similar unlock scheme. With several typical supervised classifiers, it is found that participants can perform well under our scheme.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2

References

  1. 1.

    Li W, Tan J, Zhu N, Wang Y (2020) Designing double-click-based unlocking mechanism on smartphones. In: Proceedings of the first international symposium on Emerging Information Security and Applications (EISA). Springer

  2. 2.

    Aviv AJ, Gibson K, Mossop E, Blaze M, Smith JM (2010) Smudge attacks on smartphone touch screens. In: Proceedings of the 4th USENIX conference on offensive technologies. USENIX Association, pp 1–7

  3. 3.

    Bonneau J (2012) The science of guessing analyzing an anonymized corpus of 70 million passwords. In: Proceedings of the 2012 IEEE symposium on security and privacy, pp 538-552

  4. 4.

    De Luca A, Hang A, Brudy F, Lindner C, Hussmann H (2012) Touch me once and I Know it’s you!: Implicit authentication based on touch screen patterns. In: Proceedings of CHI. ACM, pp 987–996

  5. 5.

    Deloitte’s 2019 global mobile consumer survey. https://www2.deloitte.com/content/dam/insights/us/articles/glob43115_2019-global-mobile-survey/DI_2019-global-mobile-survey.pdf

  6. 6.

    Fang L, Zhu H, Lv B, Liu Z, Meng W, Yu Y, Ji S, Cao Z (2020) HandiText: Handwriting recognition based on dynamic characteristics with incremental LSTM. ACM Transactions on data science. In: Press. https://doi.org/10.1145/3385189, vol 4. ACM, pp 25:1–25:18

  7. 7.

    Feng T, Liu Z, Kwon K. -A., Shi W, Carbunary B, Jiang Y, Nguyen N (2012) Continuous mobile authentication using touchscreen gestures. In: Proceedings of the 2012 IEEE Conference on Technologies for Homeland Security (HST). IEEE, USA, pp 451–456

  8. 8.

    Findling RD, Mayrhofer R (2012) Towards face unlock: on the difficulty of reliably detecting faces on mobile phones. MoMM: 275–280

  9. 9.

    Frank M, Biedert R, Ma E, Martinovic I, Song D (2013) Touchalytics: on the applicability of touchscreen input as a behavioral biometric for continuous authentication. IEEE Trans Inf Forensics Secur 8(1):136–148

    Article  Google Scholar 

  10. 10.

    Gomez-Barrero M, Galbally J (2020) Reversing the irreversible: A survey on inverse biometrics. Comput Secur 90:101700

    Article  Google Scholar 

  11. 11.

    Guo Y, Yang L, Ding X, Han J, Liu Y (2013) OpenSesame: Unlocking smart phone through handshaking biometrics. INFOCOM: 365–369

  12. 12.

    Izuta R, Murao K, Terada T, Iso T, Inamura H, Tsukamoto M (2016) Screen unlocking method using behavioral characteristics when taking mobile phone from pocket. MoMM: 110–114

  13. 13.

    Jiang L, Meng W (2016) Smartphone user authentication using touch dynamics in the big data era: challenges and opportunities. Biometric security and privacy - opportunities & challenges in the big data era (Book). Springer: 163–178

  14. 14.

    Larrucea X, Moffie M, Asaf S, Santamaria I (2020) Towards a GDPR compliant way to secure European cross border Healthcare Industry 4.0. Comput Stand Interfaces 69:103408

    Article  Google Scholar 

  15. 15.

    LIBSVM – a library for support vector machines. https://www.csie.ntu.edu.tw/cjlin/libsvm/

  16. 16.

    Li Y, Wang Z, Li Y, Deng RH, Chen B, Meng W, Li H (2019) A closer look tells more: a facial distortion based liveness detection for face authentication. AsiaCCS: 241–246

  17. 17.

    Li Y, Cheng Y, Meng W, Li Y, Deng RH (2021) Designing leakage-resilient password entry on head-mounted smart wearable glass devices. IEEE Trans Inf Forensics Secur 16:307– 321

    Article  Google Scholar 

  18. 18.

    Li W, Tan J, Meng W, Wang Y, Li J (2019) SwipeVLock: a supervised unlocking mechanism based on swipe behavior on smartphones. The 2nd International Conference on Machine Learning for Cyber Security (ML4CS): 140–153

  19. 19.

    Li W, Tan J, Meng W, Wang Y (2020) A swipe-based unlocking mechanism with supervised learning on smartphones: Design and evaluation. J Netw Comput Appl 165:102687. Elsevier

    Article  Google Scholar 

  20. 20.

    Li W, Wang Y, Li J, Xiang Y (2591) Towards supervised shape-based behavioral authentication on smartphones. J Inf Secur Appl 55(10):2020

    Google Scholar 

  21. 21.

    Li W, Meng W, Furnell S (2021) Exploring touch-based behavioral authentication on smartphone email applications in IoT-enabled smart cities. Pattern Recognition Letters, In press. Elsevier. https://doi.org/10.1016/j.patrec.2021.01.019

  22. 22.

    Lin Z, Meng W, Li W, Wong DS (2019). In: Jiang R (ed) Developing cloud-based intelligent touch behavioral authentication on mobile phones. Deep biometrics (Book). Springer, Berlin

  23. 23.

    Meng Y (2012) Designing click-draw based graphical password scheme for better authentication. In: Proceedings of the 7th IEEE international conference on networking, architecture, and storage (NAS), pp 39-48

  24. 24.

    Meng Y, Li W, Kwok L. -F. (2013) Enhancing click-draw based graphical passwords using multi-touch on mobile phones. In: Proceedings of the 28th IFIP TC 11 International Information Security and Privacy Conference (IFIP SEC), IFIP Advances in Information and Communication Technology 405, pp 55– 68

  25. 25.

    Meng W, Wong DS, Furnell S, Zhou J (2015) Surveying the development of biometric user authentication on mobile phones. IEEE Commun Surv Tutor 17(3):1268–1293

    Article  Google Scholar 

  26. 26.

    Meng W (2015) RouteMap: a route and map based graphical password scheme for better multiple password memory. In: Proceedings of the 9th international conference on network and system security (NSS), pp 147–161

  27. 27.

    Meng W (2016) Evaluating the effect of multi-touch behaviours on android unlock patterns, vol 24. Emerald

  28. 28.

    Meng W, Li W, Wong DS, Zhou J (2016) TMGuard: a touch movement-based security mechanism for screen unlock patterns on smartphones. In: Proceedings of the 14th international conference on applied cryptography and network security (ACNS), pp 629–647

  29. 29.

    Meng W, Lee WH, Liu Z, Su C, Li Y (2017) Evaluating the impact of juice filming charging attack in practical environments. In: Proceedings of ICISC, pp 327-338

  30. 30.

    Meng W, Fei F, Li W, Au MH (2017) Harvesting smartphone privacy through enhanced juice filming charging attacks. In: Proceedings of ISC, pp 291-308

  31. 31.

    Meng W, Li W, Kwok L. -F., Choo K. -K. R. (2017) Towards enhancing click-draw based graphical passwords using multi-touch behaviours on smartphones. Comput Secur 65:213– 229

    Article  Google Scholar 

  32. 32.

    Meng W, Li W, Lee W, Jiang L, Zhou J (2017) A pilot study of multiple password interference between text and map-based passwords. In: Proceedings of the 15th International Conference on Applied Cryptography and Network Security (ACNS), pp 145-162

  33. 33.

    Meng W, Lee W, Au MH, Liu Z (2017) Exploring effect of location number on map-based graphical password authentication. In: Proceedings of the 22nd Australasian Conference on Information Security and Privacy (ACISP), pp 301–313

  34. 34.

    Meng W, Liu Z (2018) TMGMap: designing touch movement-based geographical password authentication on smartphones. In: Proceedings of the 14th international conference on information security practice and experience (ISPEC), pp 373–390

  35. 35.

    Nyang D, Kim H, Lee W, Kang S, Cho G, Lee MK, Mohaisen A (2018) Two-thumbs-up: physical protection for PIN entry secure against recording attacks. Comput Secur 78:1–15

    Article  Google Scholar 

  36. 36.

    Shepard RN (1967) Recognition memory for words, sentences, and pictures. J Verbal Learn Verbal Behav 6(1):156–163

    Article  Google Scholar 

  37. 37.

    Smith-Creasey M, Rajarajan M (2016) A continuous user authentication scheme for mobile devices. In: Proceedings of the 14th annual conference on privacy, security and trust (PST), pp 104–113

  38. 38.

    Spitzer J, Singh C, Schweitzer D (2010) A security class project in graphical passwords. J Comput Sci Coll 26(2):7–13

    Google Scholar 

  39. 39.

    Shahzad M, Liu AX, Samuel A (2017) Behavior based human authentication on touch screen devices using gestures and signatures. IEEE Trans Mob Comput 16(10):2726–2741

    Article  Google Scholar 

  40. 40.

    Sharma V, Enbody R (2017) User authentication and identification from user interface interactions on touch-enabled devices. In: Proceedings of the 10th ACM conference on security and privacy in wireless and mobile networks (WiSec), pp 1–11

  41. 41.

    Suo X, Zhu Y, Owen GS (2005) Graphical passwords: a survey. In: Proceedings of the 21st annual computer security applications conference (ACSAC). IEEE Computer Society, USA, pp 463–472

  42. 42.

    Sun H, Chen Y, Fang C, Chang S (2012) PassMap: a map based graphical-password authentication system. In: Proceedings of AsiaCCS, pp 99–100

  43. 43.

    Tao H, Adams C (2008) Pass-Go, a proposal to improve the usability of graphical passwords. Int J Netw Secur 2(7):273–292

    Google Scholar 

  44. 44.

    Thorpe J, MacRae B, Salehi-Abari A (2013) Usability and security evaluation of GeoPass: a geographic location-password scheme. In: Proceedings of the 9th symposium on usable privacy and security (SOUPS), pp 1–14

  45. 45.

    Wang L, Huang K, Sun K, Wang W, Tian C, Xie L, Gu Q (2018) Unlock with your heart: heartbeat-based authentication on commercial mobile phones. Proc ACM Interact Mob.Wearable Ubiquitous Technol 2(3):140:1–140:22

    Google Scholar 

  46. 46.

    Weka: Machine Learning Software in Java. https://www.cs.waikato.ac.nz/ml/weka/

  47. 47.

    Wiedenbeck S, Waters J, Birget J. -C., Brodskiy A, Memon N (2005) Passpoints: design and longitudinal evaluation of a graphical password system. Int J Human-Computer Stud 63(1-2):102–127

    Article  Google Scholar 

  48. 48.

    Weir M, Aggarwal S, Collins M, Stern H (2010) Testing metrics for password creation policies by attacking large sets of revealed passwords. In: Proceedings of CCS, pp 162–175

  49. 49.

    Yi S, Qin Z, Carter N, Li Q (2017) WearLock, unlocking your phone via acoustics using smartwatch. ICDCS: 469–479

  50. 50.

    Zheng N, Bai K, Huang H, Wang H (2014) You are how you touch: User verification on smartphones via tapping behaviors. In: Proceedings of the 2014 International Conference on Network Protocols (ICNP), pp 221–232

Download references

Acknowledgements

We would like to thank the participants for their hard work in the user study. This work was partially supported by National Natural Science Foundation of China (No. 61802080 and 61802077).

Author information

Affiliations

Authors

Corresponding author

Correspondence to Yu Wang.

Ethics declarations

Conflict of Interests

All authors declare that they have no conflict of interest.

Additional information

Publisher’s Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

A preliminary version of this paper has been presented at the First International Symposium on Emerging Information Security and Applications (EISA) in conjunction with SpaCCS 2020 [1].

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Li, W., Wang, Y., Tan, J. et al. DCUS: Evaluating Double-Click-Based Unlocking Scheme on Smartphones. Mobile Netw Appl (2021). https://doi.org/10.1007/s11036-021-01842-1

Download citation

Keywords

  • User authentication
  • Double click
  • Smartphone security
  • Behavioral authentication
  • Touch dynamics