TY - GEN
T1 - Gesture authentication for smartphones
T2 - 41st IEEE Symposium on Security and Privacy, SP 2020
AU - Cheon, Eunyong
AU - Shin, Yonghwan
AU - Huh, Jun Ho
AU - Kim, Hyoungshick
AU - Oakley, Ian
N1 - Publisher Copyright:
© 2020 IEEE.
PY - 2020/5
Y1 - 2020/5
N2 - Touchscreen gestures are attracting research attention as an authentication method. While studies have showcased their usability, it has proven more complex to determine, let alone enhance, their security. Problems stem both from the small scale of current data sets and the fact that gestures are matched imprecisely - by a distance metric. This makes it challenging to assess entropy with traditional algorithms. To address these problems, we captured a large set of gesture passwords (N=2594) from crowd workers, and developed a security assessment framework that can calculate partial guessing entropy estimates, and generate dictionaries that crack 23.13% or more gestures in online attacks (within 20 guesses). To improve the entropy of gesture passwords, we designed novel blacklist and lexical policies to, respectively, restrict and inspire gesture creation. We close by validating both our security assessment framework and policies in a new crowd-sourced study (N=4000). Our blacklists increase entropy and resistance to dictionary based guessing attacks.
AB - Touchscreen gestures are attracting research attention as an authentication method. While studies have showcased their usability, it has proven more complex to determine, let alone enhance, their security. Problems stem both from the small scale of current data sets and the fact that gestures are matched imprecisely - by a distance metric. This makes it challenging to assess entropy with traditional algorithms. To address these problems, we captured a large set of gesture passwords (N=2594) from crowd workers, and developed a security assessment framework that can calculate partial guessing entropy estimates, and generate dictionaries that crack 23.13% or more gestures in online attacks (within 20 guesses). To improve the entropy of gesture passwords, we designed novel blacklist and lexical policies to, respectively, restrict and inspire gesture creation. We close by validating both our security assessment framework and policies in a new crowd-sourced study (N=4000). Our blacklists increase entropy and resistance to dictionary based guessing attacks.
UR - https://www.scopus.com/pages/publications/85091555048
U2 - 10.1109/SP40000.2020.00034
DO - 10.1109/SP40000.2020.00034
M3 - Conference contribution
AN - SCOPUS:85091555048
T3 - Proceedings - IEEE Symposium on Security and Privacy
SP - 249
EP - 267
BT - Proceedings - 2020 IEEE Symposium on Security and Privacy, SP 2020
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 18 May 2020 through 21 May 2020
ER -