Draw It As Shown: Behavioral Pattern Lock for Mobile User Authentication

Yeeun Ku, Leo Hyun Park, Sooyeon Shin, Taekyoung Kwon

Research output: Contribution to journalArticlepeer-review

28 Citations (Scopus)


Android pattern lock is still popularly used for mobile user authentication. Unfortunately, however, many concerns have been raised regarding its security and usability. User-created patterns tend to be simply structured or reduced to a small set. Complex patterns are hard to memorize. Input patterns are susceptible to various attacks, such as guessing attacks, smudge attacks, and shoulder surfing attacks. This paper presents a novel mechanism based on the pattern lock, in which behavioral biometrics are employed to address these problems. Our basic idea starts from turning the lock pattern into public knowledge rather than a secret and leveraging touch dynamics. Users do not need to create their own lock patterns or memorize them. Instead, our system shows a public pattern along with guidance on how to draw it. All the user needs to do for authentication is to draw the pattern as shown. For adversaries, the above-mentioned attacks are rendered useless by this new mechanism. Specifically, we study how to generate the public patterns and how to perform authentication. We considered segments, angles, directions, and turns as units for constructing the lock patterns, and established the public pattern criteria. The results are utilized to generate four public patterns in our experiment. For authentication, we achieved equal error rates (EERs) as low as 2.66% (sitting), 3.53% (walking), and 5.83% (combined). Furthermore, the results of our additional experiments demonstrated that our system preserved performance over time (F1-score = 89.88%, SD = 4.60%), and was sufficiently secure against camera-based recording attacks (FAR = 3.25%).

Original languageEnglish
Article number8721054
Pages (from-to)69363-69378
Number of pages16
JournalIEEE Access
Publication statusPublished - 2019

Bibliographical note

Funding Information:
This work was supported in part by the Institute for Information and Communications Technology Promotion (IITP) Grant funded by the Korea Government (MSIT), Development of Next Generation User Authentication, under Grant 2017-0-00380.

Publisher Copyright:
© 2013 IEEE.

All Science Journal Classification (ASJC) codes

  • Computer Science(all)
  • Materials Science(all)
  • Engineering(all)


Dive into the research topics of 'Draw It As Shown: Behavioral Pattern Lock for Mobile User Authentication'. Together they form a unique fingerprint.

Cite this