TinyLock: Affordable defense against smudge attacks on smartphone pattern lock systems

Taekyoung Kwon, Sarang Na

Research output: Contribution to journalArticle

43 Citations (Scopus)


A pattern lock system is a widely used graphical password mechanism in today's mobile computing environment. To unlock a smartphone, a user draws a memorized graphical pattern with a finger on a flat touchscreen whereas the finger actually leaves its oily residues, also called smudges, on the surface of the touchscreen. The smudges can be exploited by adversaries to reproduce the secret pattern. Unfortunately, however, security is still dependent on a user's behavior that is to carefully remove them after use. In this paper, we study an affordable defense to resist the smudge attacks without losing the ease-of-use property of the pattern lock system and without demanding user's attentional behavior after use. We present TinyLock as our main result. TinyLock is a simple tweak of the user interface under the existing pattern lock paradigm but it can effectively resist the smudge attacks. Furthermore, TinyLock can be more resilient to shoulder-surfing attacks than the contemporary pattern lock systems. Our user study shows that TinyLock can significantly improve security of the pattern lock system while incurring minimal cost increase in terms of unlocking time.

Original languageEnglish
Pages (from-to)137-150
Number of pages14
JournalComputers and Security
Publication statusPublished - 2014 May

All Science Journal Classification (ASJC) codes

  • Computer Science(all)
  • Law

Fingerprint Dive into the research topics of 'TinyLock: Affordable defense against smudge attacks on smartphone pattern lock systems'. Together they form a unique fingerprint.

  • Cite this