Draw It As Shown

Behavioral Pattern Lock for Mobile User Authentication

Yeeun Ku, Leo Hyun Park, Sooyeon Shin, Taekyoung Kwon

Research output: Contribution to journalArticle

Abstract

Android pattern lock is still popularly used for mobile user authentication. Unfortunately, however, many concerns have been raised regarding its security and usability. User-created patterns tend to be simply structured or reduced to a small set. Complex patterns are hard to memorize. Input patterns are susceptible to various attacks, such as guessing attacks, smudge attacks, and shoulder surfing attacks. This paper presents a novel mechanism based on the pattern lock, in which behavioral biometrics are employed to address these problems. Our basic idea starts from turning the lock pattern into public knowledge rather than a secret and leveraging touch dynamics. Users do not need to create their own lock patterns or memorize them. Instead, our system shows a public pattern along with guidance on how to draw it. All the user needs to do for authentication is to draw the pattern as shown. For adversaries, the above-mentioned attacks are rendered useless by this new mechanism. Specifically, we study how to generate the public patterns and how to perform authentication. We considered segments, angles, directions, and turns as units for constructing the lock patterns, and established the public pattern criteria. The results are utilized to generate four public patterns in our experiment. For authentication, we achieved equal error rates (EERs) as low as 2.66% (sitting), 3.53% (walking), and 5.83% (combined). Furthermore, the results of our additional experiments demonstrated that our system preserved performance over time (F1-score = 89.88%, SD = 4.60%), and was sufficiently secure against camera-based recording attacks (FAR = 3.25%).

Original languageEnglish
Article number8721054
Pages (from-to)69363-69378
Number of pages16
JournalIEEE Access
Volume7
DOIs
Publication statusPublished - 2019 Jan 1

Fingerprint

Authentication
Biometrics
Experiments
Cameras

All Science Journal Classification (ASJC) codes

  • Computer Science(all)
  • Materials Science(all)
  • Engineering(all)

Cite this

Ku, Yeeun ; Park, Leo Hyun ; Shin, Sooyeon ; Kwon, Taekyoung. / Draw It As Shown : Behavioral Pattern Lock for Mobile User Authentication. In: IEEE Access. 2019 ; Vol. 7. pp. 69363-69378.
@article{4e9342bbbdb9408799b6653838396bb6,
title = "Draw It As Shown: Behavioral Pattern Lock for Mobile User Authentication",
abstract = "Android pattern lock is still popularly used for mobile user authentication. Unfortunately, however, many concerns have been raised regarding its security and usability. User-created patterns tend to be simply structured or reduced to a small set. Complex patterns are hard to memorize. Input patterns are susceptible to various attacks, such as guessing attacks, smudge attacks, and shoulder surfing attacks. This paper presents a novel mechanism based on the pattern lock, in which behavioral biometrics are employed to address these problems. Our basic idea starts from turning the lock pattern into public knowledge rather than a secret and leveraging touch dynamics. Users do not need to create their own lock patterns or memorize them. Instead, our system shows a public pattern along with guidance on how to draw it. All the user needs to do for authentication is to draw the pattern as shown. For adversaries, the above-mentioned attacks are rendered useless by this new mechanism. Specifically, we study how to generate the public patterns and how to perform authentication. We considered segments, angles, directions, and turns as units for constructing the lock patterns, and established the public pattern criteria. The results are utilized to generate four public patterns in our experiment. For authentication, we achieved equal error rates (EERs) as low as 2.66{\%} (sitting), 3.53{\%} (walking), and 5.83{\%} (combined). Furthermore, the results of our additional experiments demonstrated that our system preserved performance over time (F1-score = 89.88{\%}, SD = 4.60{\%}), and was sufficiently secure against camera-based recording attacks (FAR = 3.25{\%}).",
author = "Yeeun Ku and Park, {Leo Hyun} and Sooyeon Shin and Taekyoung Kwon",
year = "2019",
month = "1",
day = "1",
doi = "10.1109/ACCESS.2019.2918647",
language = "English",
volume = "7",
pages = "69363--69378",
journal = "IEEE Access",
issn = "2169-3536",
publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

Draw It As Shown : Behavioral Pattern Lock for Mobile User Authentication. / Ku, Yeeun; Park, Leo Hyun; Shin, Sooyeon; Kwon, Taekyoung.

In: IEEE Access, Vol. 7, 8721054, 01.01.2019, p. 69363-69378.

Research output: Contribution to journalArticle

TY - JOUR

T1 - Draw It As Shown

T2 - Behavioral Pattern Lock for Mobile User Authentication

AU - Ku, Yeeun

AU - Park, Leo Hyun

AU - Shin, Sooyeon

AU - Kwon, Taekyoung

PY - 2019/1/1

Y1 - 2019/1/1

N2 - Android pattern lock is still popularly used for mobile user authentication. Unfortunately, however, many concerns have been raised regarding its security and usability. User-created patterns tend to be simply structured or reduced to a small set. Complex patterns are hard to memorize. Input patterns are susceptible to various attacks, such as guessing attacks, smudge attacks, and shoulder surfing attacks. This paper presents a novel mechanism based on the pattern lock, in which behavioral biometrics are employed to address these problems. Our basic idea starts from turning the lock pattern into public knowledge rather than a secret and leveraging touch dynamics. Users do not need to create their own lock patterns or memorize them. Instead, our system shows a public pattern along with guidance on how to draw it. All the user needs to do for authentication is to draw the pattern as shown. For adversaries, the above-mentioned attacks are rendered useless by this new mechanism. Specifically, we study how to generate the public patterns and how to perform authentication. We considered segments, angles, directions, and turns as units for constructing the lock patterns, and established the public pattern criteria. The results are utilized to generate four public patterns in our experiment. For authentication, we achieved equal error rates (EERs) as low as 2.66% (sitting), 3.53% (walking), and 5.83% (combined). Furthermore, the results of our additional experiments demonstrated that our system preserved performance over time (F1-score = 89.88%, SD = 4.60%), and was sufficiently secure against camera-based recording attacks (FAR = 3.25%).

AB - Android pattern lock is still popularly used for mobile user authentication. Unfortunately, however, many concerns have been raised regarding its security and usability. User-created patterns tend to be simply structured or reduced to a small set. Complex patterns are hard to memorize. Input patterns are susceptible to various attacks, such as guessing attacks, smudge attacks, and shoulder surfing attacks. This paper presents a novel mechanism based on the pattern lock, in which behavioral biometrics are employed to address these problems. Our basic idea starts from turning the lock pattern into public knowledge rather than a secret and leveraging touch dynamics. Users do not need to create their own lock patterns or memorize them. Instead, our system shows a public pattern along with guidance on how to draw it. All the user needs to do for authentication is to draw the pattern as shown. For adversaries, the above-mentioned attacks are rendered useless by this new mechanism. Specifically, we study how to generate the public patterns and how to perform authentication. We considered segments, angles, directions, and turns as units for constructing the lock patterns, and established the public pattern criteria. The results are utilized to generate four public patterns in our experiment. For authentication, we achieved equal error rates (EERs) as low as 2.66% (sitting), 3.53% (walking), and 5.83% (combined). Furthermore, the results of our additional experiments demonstrated that our system preserved performance over time (F1-score = 89.88%, SD = 4.60%), and was sufficiently secure against camera-based recording attacks (FAR = 3.25%).

UR - http://www.scopus.com/inward/record.url?scp=85067234436&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85067234436&partnerID=8YFLogxK

U2 - 10.1109/ACCESS.2019.2918647

DO - 10.1109/ACCESS.2019.2918647

M3 - Article

VL - 7

SP - 69363

EP - 69378

JO - IEEE Access

JF - IEEE Access

SN - 2169-3536

M1 - 8721054

ER -