GestureMeter: Evaluating Gesture Password Selection on Smartphones with Strength Meter
Cited 0 times inCited 0 times in
- GestureMeter: Evaluating Gesture Password Selection on Smartphones with Strength Meter
- Cheon, Eunyong
- Oakley, Ian
- Issue Date
- Graduate School of UNIST
- Gestures are potential authentication method for touchscreen devices and common tasks such as phone lock. While many studies have indicated gesture passwords can achieve high usability, evaluating their security remains a grey area. Key challenges stem from the small sample sizes in current gesture password studies and the requirement to use similarity-based recognition metrics which prevent the application of traditional entropy assessment methods. To overcome these problems, we perform a large-scale study online (N=2594). With the resulting data set, we develop a novel multi-stage discretization method and n-gram Markov models that enable us to assess the partial guessing entropy of gesture passwords and to create a novel clustering-based dictionary attack. We report then while partial guessing entropy appears to be greater than other common phone lock methods (e.g., Pin, pattern), gestures are highly susceptible to dictionary attack. To improve the security of gesture passwords, we develop a novel gesture password strength meter. Password strength meters has been previously proposed as an effective password policy that can improve the security of other authentication techniques such as passwords or pattern. Using the meter, we propose various mandated compliances in which users are restricted to meet certain level of strength: default (none), weak, fair, and strong. We validate the effectiveness of gesture strength meter designs on security by performing a follow up online study and applying the security framework and attacks established in the first study. The default policy improves the gesture password security with small cost in usability. This thesis concludes that gesture password meters can be an effective technique for improving the security of gesture authentication systems that deserve further study.
- Department of Human Factors Engineering
- Go to Link;
- Appears in Collections:
- Files in This Item:
GestureMeter_Evaluating Gesture Password Selection on Smartphones with Strength Meter.pdf
can give you direct access to the published full text of this article. (UNISTARs only)
Show full item record
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.