Proposal and Evaluation of Authentication Method Having Shoulder-Surfing Resistance for Smartwatches Using Shift Rule
Recently, mobile devices having small touchscreen such as smartwatches has been increasing due to miniaturization of electronic devices. Currently, PIN and pattern lock are used for personal authentication of these devices, but there is possibility of leakage of authentication information by shoulder-surfing attack. Many authentication methods having shoulder-surfing resistance are proposed until now. However, these methods are for smartphones or tablets having middle-size screen. Hence, when these authentication methods apply for smartwatches, the usability reduces because a user cannot touch the screen accurately. Therefore, in this paper, we propose personal authentication method having shoulder-surfing resistance for smartwatches. In this method, the user selects alternative icon to registered icon on \(3\times 3\) matrix using shift rule. In addition, we implemented the proposed method on smartwatch, and performed two experiments to confirm usability and shoulder-surfing resistance. As a result, average authentication time and authentication success rate was 13.8 s and 89.4%, and touch success rate was 96.2% when using shift rule. Also, the leakage rate of authentication information was 0.0%.
This work was supported by JSPS KAKENHI Grant Numbers JP17H01736, JP17K00139.
- 1.Smartwatch Market Expected to Grow 41% in 2018. https://www.futuresource-consulting.com/press-release/consumer-electronics-press/smartwatch-market-expected-to-grow-41-in-2018/. Accessed 17 June 2019
- 3.Khan, H., Hengartner, U., Vogel, D.: Evaluating attack and defense strategies for smartphone PIN shouder surfing. In: Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems, no. 164, 10 pages (2018)Google Scholar
- 4.Divyapriya, K., Prabhu, P.: Image based authentication using illusion pin for shoulder surfing attack. Int. J. Pure Appl. Math. 119(7), 835–840 (2018)Google Scholar
- 6.Tanaka, M., Hiroyuki, I.: Proposal of improved background pattern slide authentication against shoulder surfing in consideration of convenience. J. Inf. Process. Soc. Jpn. 58(9), 1513–1522 (2017). (in Japanese)Google Scholar
- 7.Kita, Y., Okazaki, N., Nishimura, H.: Implementation and evaluation of shoulder-surfing attack resistant users. IEICE Trans. Inf. Syst. J97-D(12), 1770–1784 (2014). (in Japanese)Google Scholar
- 8.The Galaxy S8 and Pixel Should Copy LG’s Knock Code. https://www.forbes.com/sites/bensin/2017/03/02/the-galaxy-s8-and-pixel-should-copy-lgs-knock-code/. Accessed 17 June 2019
- 9.Oakley, I., Huh, J.H., Cho, J., Cho, G., Islam, R., Kim, H.: The personal identification chord: a four button authentication system for smartwatches. In: ASIACSS 2018 (2018)Google Scholar
- 10.SmartWatch 3. https://www.sony.jp/sp-acc/special/swr50style/. Accessed 13 May 2019