Pattern Lock Evaluation Framework for Mobile Devices: Memorizability and Timing Issues

  • Agnieszka Bier
  • Adrian Kapczyński
  • Zdzisław Sroczyński
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 763)

Abstract

The paper concerns the influence of memory, forgetting and timing issues on the security of mobile applications. The designed framework system was used to further elaboration of the automatic measure, which estimates the quality (strength) of unlock gesture patterns. The data analysis described in detail presents the relations between human subjective ratings of patterns’ complexity and memorizability levels in regards to computed values of quality measure and real-life time spans needed to enter and re-enter the pattern.

Keywords

Pattern strength measure Human memory Authentication Mobile access control 

References

  1. 1.
    Von Zezschwitz, E., Dunphy, P., De Luca, A.: Patterns in the wild: a field study of the usability of pattern and pin-based authentication on mobile devices. In: Proceedings of the 15th International Conference on Human-Computer Interaction with Mobile Devices and Services, pp. 261–270. ACM (2013)Google Scholar
  2. 2.
    De Luca, A., Hang, A., Brudy, F., Lindner, C., Hussmann, H.: Touch me once and i know it’s you!: implicit authentication based on touch screen patterns. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 987–996. ACM (2012)Google Scholar
  3. 3.
    Meng, Y., Wong, D.S., Schlegel, R.: et al.: Touch gestures based biometric authentication scheme for touchscreen mobile phones. In: International Conference on Information Security and Cryptology, pp. 331–350. Springer (2012)CrossRefGoogle Scholar
  4. 4.
    Kapczynski, A., Kasprowski, P., Kuzniacki, P.: User authentication based on behavioral patterns. Int. J. Comput. 6(1), 75–79 (2014)Google Scholar
  5. 5.
    Kapczynski, A., Sroczynski, Z.: Behavioral HCI-based user authentication. In: Rostanski, M., Pikiewicz, P., Buchwald, P. (eds.) 10th International Conference Proceedings of Internet in the Information Society 2015. Academy of Business in Dabrowa Gornicza Press (2015)Google Scholar
  6. 6.
    Lee, J.D., Im, H.J., Kang, W.M., Park, J.H.: Ubi-rke: a rhythm key based encryption scheme for ubiquitous devices. Math. Prob. Eng. 2014 (2014)Google Scholar
  7. 7.
    Zargarzadeh, M., Maghooli, K.: A behavioral biometric authentication system based on memory game. Biosci. Biotechnol. Res. Asia 10(2), 781–787 (2013)CrossRefGoogle Scholar
  8. 8.
    Neverova, N., Wolf, C., Lacey, G., Fridman, L., Chandra, D., Barbello, B., Taylor, G.: Learning human identity from motion patterns. IEEE Access 4, 1810–1820 (2016)CrossRefGoogle Scholar
  9. 9.
    Buriro, A., Crispo, B., DelFrari, F., Wrona, K.: Hold and sign: a novel behavioral biometrics for smartphone user authentication. In: 2016 IEEE Security and Privacy Workshops (SPW), pp. 276–285. IEEE (2016)Google Scholar
  10. 10.
    Primo, A.: Keystroke-based continuous authentication while listening to music on your smart-phone. In: The 8th IEEE Annual Ubiquitous Computing, Electronics & Mobile Communication Conference, New York City, NY (2017)Google Scholar
  11. 11.
    Cao, K., Jain, A.K.: Hacking mobile phones using 2D printed fingerprints. Technical report, MSU Technical report, MSU-CSE-16-2 (2016)Google Scholar
  12. 12.
    Szczepanik, M., Jóźwiak, I.J., Jamka, T., Stasiński, K.: Security lock system for mobile devices based on fingerprint recognition algorithm. In: Information Systems Architecture and Technology: Proceedings of 36th International Conference on Information Systems Architecture and Technology–ISAT 2015–Part III, pp. 25–35. Springer (2016)Google Scholar
  13. 13.
    Cejudo-Torres-Orozco, M., Garcia-Rios, E., Escamillahernandez, E., Nakano-Miyatake, M., Perez-Meana, H.: Counterfeit image detection in face recognition systems using stereo vision and optical flow methods. In: MCASE (2014)Google Scholar
  14. 14.
    Smith, K.A., Zhou, L., Watzlaf, V.J.: User authentication in smartphones for telehealth. Int. J. Telerehabilitation 9(2), 3 (2017)CrossRefGoogle Scholar
  15. 15.
    Wojewidka, J.: Why the mobile biometrics surge demands true liveness. Biometric Technol. Today 2017(10), 8–11 (2017)CrossRefGoogle Scholar
  16. 16.
    Andriotis, P., Tryfonas, T., Oikonomou, G., Yildiz, C.: A pilot study on the security of pattern screen-lock methods and soft side channel attacks. In: Proceedings of the Sixth ACM Conference on Security and Privacy in Wireless and Mobile Networks, pp. 1–6. ACM (2013)Google Scholar
  17. 17.
    Aviv, A.J., Fichter, D.: Understanding visual perceptions of usability and security of android’s graphical password pattern. In: Proceedings of the 30th Annual Computer Security Applications Conference, pp. 286–295. ACM (2014)Google Scholar
  18. 18.
    Miller, G.A.: The magical number seven, plus or minus two: some limits on our capacity for processing information. Psychol. Rev. 63(2), 81 (1956)CrossRefGoogle Scholar
  19. 19.
    Cowan, N.: The magical mystery four: how is working memory capacity limited, and why? Curr. Dir. Psychol. Sci. 19(1), 51–57 (2010)CrossRefGoogle Scholar
  20. 20.
    Połap, D., Woźniak, M.: Introduction to the model of the active assistance system for elder and disabled people. In: International Conference on Information and Software Technologies, pp. 392–403. Springer (2016)Google Scholar
  21. 21.
    Jagodzińska, M.: Psychology of the memory: research, theories, applications. In: Polish:Psychologia pamieci: badania, teorie, zastosowania, Helion (2008)Google Scholar
  22. 22.
    Goodin, D., Loge, M.: New data uncovers the surprising predictability of android lock patterns; tell me who you are, and i will tell you your lock pattern (2015). http://arstechnica.com/security/2015/08/new-data-uncovers-the-surprising-predictability-of-android-lock-patterns/. Accessed 23 Feb 2017
  23. 23.
    Siadati, H., Gupta, P., Smith, S., Memon, N., Ahamad, M.: Fortifying android patterns using persuasive security framework. In: UBICOMM 2015, p. 81 (2015)Google Scholar
  24. 24.
    Song, Y., Cho, G., Oh, S., Kim, H., Huh, J.H.: On the effectiveness of pattern lock strength meters: measuring the strength of real world pattern locks. In: Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems, pp. 2343–2352. ACM (2015)Google Scholar
  25. 25.
    Budzitowski, D., Aviv, A.J., Kuber, R.: Do bigger grid sizes mean better passwords? 3\(\times \)3 vs. 4\(\times \)4 grid sizes for android unlock patterns. In: Symposium On Usable Privacy and Security (SOUPS) (2015)Google Scholar
  26. 26.
    Uellenbeck, S., Dürmuth, M., Wolf, C., Holz, T.: Quantifying the security of graphical passwords: the case of android unlock patterns. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 161–172. ACM (2013)Google Scholar
  27. 27.
    Bier, A., Sroczynski, Z.: Evaluation of pattern lock codes strength for increased security in mobile applications. In: Rostanski, M., Pikiewicz, P., Buchwald, P., Maczka, K. (eds.) Proceedings of the 11th Scientific Conference Internet in the Information Society 2016. Academy of Business in Dabrowa Gornicza Press (2016)Google Scholar
  28. 28.
    Bier, A., Kapczyński, A., Sroczyński, Z.: Pattern lock evaluation framework for mobile devices: human perception of the pattern strength measure. In: International Conference on Man–Machine Interactions, pp. 33–42. Springer (2017)Google Scholar
  29. 29.
    Sun, C., Wang, Y., Zheng, J.: Dissecting pattern unlock: the effect of pattern strength meter on pattern selection. J. Inf. Secur. Appl. 19(4), 308–320 (2014)Google Scholar
  30. 30.
    Aviv, A.J., Prak, J.L.: Comparisons of data collection methods for android graphical pattern unlock. In: Symposium On Usable Privacy and Security (SOUPS) (2015)Google Scholar
  31. 31.
    Egelman, S., Jain, S., Portnoff, R.S., Liao, K., Consolvo, S., Wagner, D.: Are you ready to lock?. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 750–761. ACM (2014)Google Scholar
  32. 32.
    Sroczynski, Z.: Human-computer interaction on mobile devices with the FM application platform. In: Rostanski, M., Pikiewicz, P. (eds.) Internet in the Information Society. Insights on the Information Systems, Structures and Applications. Academy of Business in Dabrowa Gornicza Press (2014)Google Scholar
  33. 33.
    Aviv, A.J., Gibson, K.L., Mossop, E., Blaze, M., Smith, J.M.: Smudge attacks on smartphone touch screens. Woot 10, 1–7 (2010)Google Scholar
  34. 34.
    Kwon, T., Na, S.: Tinylock: affordable defense against smudge attacks on smartphone pattern lock systems. Comput. Secur. 42, 137–150 (2014)CrossRefGoogle Scholar
  35. 35.
    Abdelrahman, Y., Khamis, M., Schneegass, S., Alt, F.: Stay cool! understanding thermal attacks on mobile-based user authentication. In: Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems, pp. 3751–3763. ACM (2017)Google Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2019

Authors and Affiliations

  • Agnieszka Bier
    • 1
  • Adrian Kapczyński
    • 1
  • Zdzisław Sroczyński
    • 1
  1. 1.Institute of MathematicsSilesian University of TechnologyGliwicePoland

Personalised recommendations