Abstract
Swipe passwords are a popular method for authenticating on mobile phones. In public, these passwords may become visible to attackers who engage in shoulder surfing. There is a need for strategies that protect swipe passwords from over-the-shoulder attacks (OSAs). We empirically explored the impact of providing gesture visual feedback on OSA performance during successful and unsuccessful swipe login attempts on mobile phones. We found evidence that entry visual feedback facilitates OSAs. As users are biased towards symmetrical swipe patterns, we investigated their impact on attack performance. We found that symmetrical swipe patterns were less vulnerable than asymmetrical patterns, possibly due to the speed of entry. As users tend toward simple patterns, we investigated the impact that nonadjacent, diagonal knight moves have on OSAs. We found that knight moves significantly decreased OSA performance. We recommend users turn off gesture entry visual feedback and use knight moves for greater password security.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Schlöglhofer, R., Sametinger, J.: Secure and usable authentication on mobile devices. In: Proceedings of the 10th International Conference on Advances in Mobile Computing & Multimedia, pp. 257–262. ACM (2012)
Niu, Y., Chen, H.: Gesture authentication with touch input for mobile devices. In: Security and Privacy in Mobile Information and Communication Systems, pp. 13–24. Springer, Berlin (2012)
Aloul, F., Zahidi, S., El-Hajj, W.: Multi factor authentication using mobile phones. Int. J. Math. Comput. Sci. 4(2), 65–80 (2009)
Van Bruggen, D., Liu, S., Kajzer, M., Striegel, A., Crowell, C.R., D’Arcy, J.: Modifying smartphone user locking behavior. In: Proceedings of the Ninth Symposium on Usable Privacy and Security, pp. 10–24. ACM (2013)
Paivio, A.: Imagery and verbal processes. Psychology Press, Hove (2013)
Shadmehr, R., Brashers-Krug, T.: Functional stages in the formation of human long-term motor memory. J. Neurosci. 17(1), 409–419 (1997)
Liu, X., Qiu, J., Ma, L., Gao, H., Ren, Z.: A novel cued-recall graphical password scheme. In: 2011 Sixth International Conference on Image and Graphics (ICIG), pp. 949–956. IEEE (2011)
Suo, X.: A design and analysis of graphical password. M.S. thesis, College of Arts and Sciences, Geogia State University (2006)
Brennen, V.A.: Cryptography Dictionary, vol. 2005, 1.0.0 edn. (2004)
Andriotis, P., Tryfonas, T., Oikonomou, G., Yildiz, C.: A pilot study on the security of pattern screen-lock methods and soft side channel attacks. In: Proceedings of the Sixth ACM Conference on Security and Privacy in Wireless and Mobile Networks, pp. 1–6. ACM (2013)
Sae-Bae, N., Memon, N., Isbister, K., Ahmed, K.: Multitouch gesture-based authentication. Inf. Forensics Secur. IEEE Trans. 9(4), 568–582 (2014)
Sherman, M., Clark, G., Yang, Y., Sugrim, S., Modig, A., Lindqvist, J., Roos, T.: User-generated free-form gestures for authentication: security and memorability. In: Proceedings of the 12th Annual International Conference on Mobile Systems, Applications, and Services, pp. 176–189. ACM (2014)
Jermyn, I., Mayer, A.J., Monrose, F., Reiter, M.K., Rubin, A.D.: The design and analysis of graphical passwords. In: Usenix Security (1999)
Zakaria, N.H., Griffiths, D., Brostoff, S., Yan, J.: Shoulder surfing defense for recall-based graphical passwords. In: Proceedings of the Seventh Symposium on Usable Privacy and Security, pp. 6–18. ACM (2011)
Liu, X., Ren, Z., Chang, X., Gao, H., Aickelin, U.: Poster: draw a line on your PDA to authenticate (2010)
Uellenbeck, S., Dürmuth, M., Wolf, C., Holz, T.: Quantifying the security of graphical passwords: the case of android unlock patterns. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 161–172. ACM (2013)
Acknowledgments
We thank Cameron Weigel, Tim Dovedot, Christina Vo, Auriana Shokrpour, Ashley Palma, and Michelle Gomez for contributing to this research.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Cain, A.A., Chiu, L., Santiago, F., Still, J.D. (2016). Swipe Authentication: Exploring Over-the-Shoulder Attack Performance. In: Nicholson, D. (eds) Advances in Human Factors in Cybersecurity. Advances in Intelligent Systems and Computing, vol 501. Springer, Cham. https://doi.org/10.1007/978-3-319-41932-9_27
Download citation
DOI: https://doi.org/10.1007/978-3-319-41932-9_27
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-41931-2
Online ISBN: 978-3-319-41932-9
eBook Packages: EngineeringEngineering (R0)