Advertisement

SwipeVLock: A Supervised Unlocking Mechanism Based on Swipe Behavior on Smartphones

  • Wenjuan Li
  • Jiao Tan
  • Weizhi MengEmail author
  • Yu Wang
  • Jing Li
Conference paper
  • 605 Downloads
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11806)

Abstract

Smartphones have become a necessity in people’s daily lives, and changed the way of communication at any time and place. Nowadays, mobile devices especially smartphones have to store and process a large amount of sensitive information, i.e., from personal to financial and professional data. For this reason, there is an increasing need to protect the devices from unauthorized access. In comparison with the traditional textual password, behavioral authentication can verify current users in a continuous way, which can complement the existing authentication mechanisms. With the advanced capability provided by current smartphones, users can perform various touch actions to interact with their devices. In this work, we focus on swipe behavior and aim to design a machine learning-based unlock scheme called SwipeVLock, which verifies users based on their way of swiping the phone screen with a background image. In the evaluation, we measure several typical supervised learning algorithms and conduct a user study with 30 participants. Our experimental results indicate that participants could perform well with SwipeVLock, i.e., with a success rate of 98% in the best case.

Keywords

User authentication Behavioral biometric Swipe behavior Smartphone security Touch action 

Notes

Acknowledgments

We would like to thank the participants for their hard work in the user study. This work was partially supported by National Natural Science Foundation of China (No. 61802077).

References

  1. 1.
    Aviv, A.J., Gibson, K., Mossop, E., Blaze, M., Smith, J.M.: Smudge attacks on smartphone touch screens. In: Proceedings of the 4th USENIX Conference on Offensive Technologies, pp. 1–7. USENIX Association (2010)Google Scholar
  2. 2.
    Berkeley Churchill, Unlock Pattern Generator (2013). https://www.berkeleychurchill.com/software/android-pwgen/pwgen.php
  3. 3.
    Bonneau, J.: The science of guessing: analyzing an anonymized corpus of 70 million passwords. In: Proceedings of the 2012 IEEE Symposium on Security and Privacy, pp. 538–552 (2012)Google Scholar
  4. 4.
    Chiasson, S., Biddle, R., van Oorschot, P.C.: A second look at the usability of click-based graphical passwords. In: Proceedings of the 3rd Symposium on Usable Privacy and Security (SOUPS), pp. 1–12. ACM, New York (2007)Google Scholar
  5. 5.
    Chiasson, S., Stobert, E., Forget, A., Biddle, R.: Persuasive cued click-points: design, implementation, and evaluation of a knowledge-based authentication mechanism. IEEE Trans. Dependable Secure Comput. 9(2), 222–235 (2012)CrossRefGoogle Scholar
  6. 6.
    Davis, D., Monrose, F., Reiter, M.K.: On user choice in graphical password schemes. In: Proceedings of the 13th Conference on USENIX Security Symposium (SSYM), pp. 151–164. USENIX Association, Berkeley (2004)Google Scholar
  7. 7.
    De Luca, A., Hang, A., Brudy, F., Lindner, C., Hussmann, H.: Touch me once and i know it’s you!: implicit authentication based on touch screen patterns. In: Proceedings of CHI, pp. 987–996. ACM (2012)Google Scholar
  8. 8.
    Dirik, A.E., Memon, N., Birget, J.C.: Modeling user choice in the passpoints graphical password scheme. In: Proceedings of the 3rd Symposium on Usable privacy and security (SOUPS), pp. 20–28. ACM, New York (2007)Google Scholar
  9. 9.
    Dunphy, P., Yan, J.: Do background images improve “draw a secret” graphical passwords? In: Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS), pp. 36–47 (2007)Google Scholar
  10. 10.
    Feng, T., et al.: Continuous mobile authentication using touchscreen gestures. In: Proceedings of the 2012 IEEE Conference on Technologies for Homeland Security (HST), pp. 451–456. IEEE (2012)Google Scholar
  11. 11.
    Fox, S.: Future Online Password Could be a Map (2010). http://www.livescience.com/8622-future-online-password-map.html
  12. 12.
    Frank, M., Biedert, R., Ma, E., Martinovic, I., Song, D.: Touchalytics: on the applicability of touchscreen input as a behavioral biometric for continuous authentication. IEEE Trans. Inf. Forensics Secur. 8(1), 136–148 (2013)CrossRefGoogle Scholar
  13. 13.
    Gołofit, K.: Click passwords under investigation. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 343–358. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-74835-9_23CrossRefGoogle Scholar
  14. 14.
    Jermyn, I., Mayer, A., Monrose, F., Reiter, M.K., Rubin, A.D.: The design and analysis of graphical passwords. In: Proceedings of the 8th Conference on USENIX Security Symposium, pp. 1–14. USENIX Association, Berkeley (1999)Google Scholar
  15. 15.
    LIBSVM - A Library for Support Vector Machines. https://www.csie.ntu.edu.tw/~cjlin/libsvm/
  16. 16.
    Lin, D., Dunphy, P., Olivier, P., Yan, J.: Graphical passwords & qualitative spatial relations. In: Proceedings of the 3rd Symposium on Usable Privacy and Security (SOUPS), pp. 161–162 (2007)Google Scholar
  17. 17.
    Meng, Y.: Designing click-draw based graphical password scheme for better authentication. In: Proceedings of the 7th IEEE International Conference on Networking, Architecture, and Storage (NAS), pp. 39–48 (2012)Google Scholar
  18. 18.
    Meng, Y., Li, W.: Evaluating the effect of tolerance on click-draw based graphical password scheme. In: Chim, T.W., Yuen, T.H. (eds.) ICICS 2012. LNCS, vol. 7618, pp. 349–356. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-34129-8_32CrossRefGoogle Scholar
  19. 19.
    Meng, Y., Li, W.: Evaluating the effect of user guidelines on creating click-draw based graphical passwords. In: Proceedings of the 2012 ACM Research in Applied Computation Symposium (RACS), pp. 322–327 (2012)Google Scholar
  20. 20.
    Meng, Y., Li, W., Kwok, L.-F.: Enhancing click-draw based graphical passwords using multi-touch on mobile phones. In: Janczewski, L.J., Wolfe, H.B., Shenoi, S. (eds.) SEC 2013. IAICT, vol. 405, pp. 55–68. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-39218-4_5CrossRefGoogle Scholar
  21. 21.
    Meng, W., Wong, D.S., Furnell, S., Zhou, J.: Surveying the development of biometric user authentication on mobile phones. IEEE Commun. Surv. Tutor. 17(3), 1268–1293 (2015)CrossRefGoogle Scholar
  22. 22.
    Meng, W.: RouteMap: a route and map based graphical password scheme for better multiple password memory. In: Qiu, M., Xu, S., Yung, M., Zhang, H., et al. (eds.) Network and System Security. LNCS, vol. 9408, pp. 147–161. Springer, Cham (2015).  https://doi.org/10.1007/978-3-319-25645-0_10CrossRefGoogle Scholar
  23. 23.
    Meng, W.: Evaluating the effect of multi-touch behaviours on android unlock patterns. Inf. Comput. Secur. 24(3), 277–287 (2016)CrossRefGoogle Scholar
  24. 24.
    Meng, W., Li, W., Wong, D.S., Zhou, J.: TMGuard: a touch movement-based security mechanism for screen unlock patterns on smartphones. In: Manulis, M., Sadeghi, A.-R., Schneider, S. (eds.) ACNS 2016. LNCS, vol. 9696, pp. 629–647. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-39555-5_34CrossRefGoogle Scholar
  25. 25.
    Meng, W., Lee, W.H., Liu, Z., Su, C., Li, Y.: Evaluating the impact of juice filming charging attack in practical environments. In: Kim, H., Kim, D.-C. (eds.) ICISC 2017. LNCS, vol. 10779, pp. 327–338. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-78556-1_18CrossRefGoogle Scholar
  26. 26.
    Meng, W., Fei, F., Li, W., Au, M.H.: Harvesting smartphone privacy through enhanced juice filming charging attacks. In: Nguyen, P., Zhou, J. (eds.) ISC 2017. LNCS, vol. 10599, pp. 291–308. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-69659-1_16CrossRefGoogle Scholar
  27. 27.
    Meng, W., Li, W., Kwok, L.-F., Choo, K.-K.R.: Towards enhancing click-draw based graphical passwords using multi-touch behaviours on smartphones. Comput. Secur. 65, 213–229 (2017)CrossRefGoogle Scholar
  28. 28.
    Meng, W., Li, W., Lee, W.H., Jiang, L., Zhou, J.: A pilot study of multiple password interference between text and map-based passwords. In: Gollmann, D., Miyaji, A., Kikuchi, H. (eds.) ACNS 2017. LNCS, vol. 10355, pp. 145–162. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-61204-1_8CrossRefGoogle Scholar
  29. 29.
    Meng, W., Lee, W.H., Au, M.H., Liu, Z.: Exploring effect of location number on map-based graphical password authentication. In: Pieprzyk, J., Suriadi, S. (eds.) ACISP 2017. LNCS, vol. 10343, pp. 301–313. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-59870-3_17CrossRefGoogle Scholar
  30. 30.
    Nelson, D.L., Reed, V.S., Walling, J.R.: Pictorial superiority effect. J. Exp. Psychol.: Hum. Learn. Mem. 2(5), 523–528 (1976)Google Scholar
  31. 31.
    Nyang, D., et al.: Two-thumbs-up: physical protection for pin entry secure against recording attacks. Comput. Secur. 78, 1–15 (2018)CrossRefGoogle Scholar
  32. 32.
  33. 33.
    Quinlan, J.R.: Improved use of continuous attributes in C4.5. J. Artif. Intell. Res. 4(1), 77–90 (1996)CrossRefGoogle Scholar
  34. 34.
    Rennie, J.D.M., Shih, L., Teevan, J., Karger, D.R.: Tackling the poor assumptions of Naive Bayes text classifiers. In: Proceedings of the 20th International Conference on Machine Learning, pp. 616–623 (2003)Google Scholar
  35. 35.
    Rumelhart, D., Hinton, G., Williams, R.: Learning representations by back-propagating errors. Nature 323, 533–536 (1986)CrossRefGoogle Scholar
  36. 36.
    Shepard, R.N.: Recognition memory for words, sentences, and pictures. J. Verbal Learn. Verbal Behav. 6(1), 156–163 (1967)CrossRefGoogle Scholar
  37. 37.
    Smith-Creasey, M., Rajarajan, M.: A continuous user authentication scheme for mobile devices. In: Proceedings of the 14th Annual Conference on Privacy, Security and Trust (PST), pp. 104–113 (2016)Google Scholar
  38. 38.
    Spitzer, J., Singh, C., Schweitzer, D.: A security class project in graphical passwords. J. Comput. Sci. Coll. 26(2), 7–13 (2010)Google Scholar
  39. 39.
    SplashData Inc., The Worst Passwords of 2018. https://www.teamsid.com/splashdatas-top-100-worst-passwords-of-2018/
  40. 40.
    Shahzad, M., Liu, A.X., Samuel, A.: Behavior based human authentication on touch screen devices using gestures and signatures. IEEE Trans. Mob. Comput. 16(10), 2726–2741 (2017)CrossRefGoogle Scholar
  41. 41.
    Sharma, V., Enbody, R.: User authentication and identification from user interface interactions on touch-enabled devices. In: Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), pp. 1–11 (2017)Google Scholar
  42. 42.
    Suo, X., Zhu, Y., Owen, G.S.: Graphical passwords: a survey. In: Proceedings of the 21st Annual Computer Security Applications Conference (ACSAC), pp. 463–472. IEEE Computer Society (2005)Google Scholar
  43. 43.
    Sun, H., Chen, Y., Fang, C., Chang, S.: PassMap: a map based graphical-password authentication system. In: Proceedings of AsiaCCS, pp. 99–100 (2012)Google Scholar
  44. 44.
    Tao, H., Adams, C.: Pass-Go: a proposal to improve the usability of graphical passwords. Int. J. Netw. Secur. 2(7), 273–292 (2008)Google Scholar
  45. 45.
    Thorpe, J., MacRae, B., Salehi-Abari, A.: Usability and security evaluation of GeoPass: a geographic location-password scheme. In: Proceedings of the 9th Symposium on Usable Privacy and Security (SOUPS), pp. 1–14 (2013)Google Scholar
  46. 46.
    Weka: Machine Learning Software in Java. https://www.cs.waikato.ac.nz/ml/weka/
  47. 47.
    Wiedenbeck, S., Waters, J., Birget, J.-C., Brodskiy, A., Memon, N.: Passpoints: design and longitudinal evaluation of a graphical password system. Int. J. Hum.-Comput. Stud. 63(1–2), 102–127 (2005)CrossRefGoogle Scholar
  48. 48.
    Weir, M., Aggarwal, S., Collins, M., Stern, H.: Testing metrics for password creation policies by attacking large sets of revealed passwords. In: Proceedings of CCS, pp. 162–175 (2010)Google Scholar
  49. 49.
    Yan, J., Blackwell, A., Anderson, R., Grant, A.: Password memorability and security: empirical results. IEEE Secur. Priv. 2, 25–31 (2004)CrossRefGoogle Scholar
  50. 50.
    Yang, Y., Guo, B., Wang, Z., Li, M., Yu, Z., Zhou, X.: BehaveSense: continuous authentication for security-sensitive mobile apps using behavioral biometrics. Ad Hoc Netw. 84, 9–18 (2019)CrossRefGoogle Scholar
  51. 51.
    Yu, X., Wang, Z., Li, Y., Li, L., Zhu, W.T., Song, L.: EvoPass: evolvable graphical password against shoulder-surfing attacks. Comput. Secur. 70, 179–198 (2017)CrossRefGoogle Scholar
  52. 52.
    Zhao, X., Feng, T., Shi, W., Kakadiaris, I.A.: Mobile user authentication using statistical touch dynamics images. IEEE Trans. Inf. Forensics Secur. 9(11), 1780–1789 (2014)CrossRefGoogle Scholar
  53. 53.
    Zheng, N., Bai, K., Huang, H., Wang, H.: You are how you touch: user verification on smartphones via tapping behaviors. In: Proceedings of the 2014 International Conference on Network Protocols (ICNP), pp. 221–232 (2014)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Wenjuan Li
    • 1
    • 2
  • Jiao Tan
    • 3
  • Weizhi Meng
    • 1
    • 4
    Email author
  • Yu Wang
    • 1
  • Jing Li
    • 1
  1. 1.School of Computer ScienceGuangzhou UniversityGuangzhouChina
  2. 2.Department of Computer ScienceCity University of Hong KongKowloonChina
  3. 3.KOTO Research CenterMacaoChina
  4. 4.Department of Applied Mathematics and Computer ScienceTechnical University of DenmarkLyngbyDenmark

Personalised recommendations