TinyLock: Affordable defense against smudge attacks on smartphone pattern lock systems

@article{Kwon2014TinyLockAD,
  title={TinyLock: Affordable defense against smudge attacks on smartphone pattern lock systems},
  author={Ted Taekyoung Kwon and Sarang Na},
  journal={Comput. Secur.},
  year={2014},
  volume={42},
  pages={137-150}
}
  • T. Kwon, S. Na
  • Published 1 May 2014
  • Computer Science
  • Comput. Secur.
Draw It As Shown: Behavioral Pattern Lock for Mobile User Authentication
TLDR
A novel mechanism based on the pattern lock, in which behavioral biometrics are employed to address problems of security and usability, and turns the lock pattern into public knowledge rather than a secret and leveraging touch dynamics.
ClickPattern: A Pattern Lock System Resilient to Smudge and Side-channel Attacks
TLDR
A mechanism that enhances pattern lock security with resilience to smudge and side channel attacks, maintains a comparable level of memorability and provides ease of use that is still comparable with Pattern Lock while outperforming other schemes proposed in the literature is described.
Bu-Dash: A Universal and Dynamic Graphical Password Scheme
TLDR
A novel graphical password scheme built on the foundations of the well-accepted APU method, which is usable, inclusive, universal, and robust against shoulder surfing and smudge attacks is proposed, named Bu-Dash.
A press touch code based secure graphical password scheme for smart devices
TLDR
A new screen size independent secure authentication scheme has been proposed, which also offers an affordable defense against shoulder surfing attack and is also offering resilience against smudge attack and brute force attack.
Press touch code: A finger press based screen size independent authentication scheme for smart devices
TLDR
This paper proposes a new screen size independent password-based authentication scheme, which also offers an affordable defense against shoulder surfing, brute force, and smudge attacks and design and implement three variants of it, namely mono-PTC, multi- PTC, and multi-P TC with Grid, on the Android Operating System.
Boosting the Guessing Attack Performance on Android Lock Patterns with Smudge Attacks
TLDR
This work investigates the effectiveness of combining Markov model-based guessing attacks with smudge attacks on unlocking Android devices within 20 attempts, and shows that this combined method can significantly improve the performance of pure guessing attacks.
Enhanced Knock Code Authentication with High Security and Improved Convenience
TLDR
This paper proposes the new, enhanced version of knock code by adding the sliding operation and by using flexible area recognition, which shows that under the same password size, the search space is overwhelmingly larger than the original algorithm.
Enhancing Smartphone Lock Security using Vibration Enabled Randomly Positioned Numbers
TLDR
Through randomizing PIN number position on the phone screen and use of vibration as pin input, the proposed model has sufficiently secured the user's password from smudge attacks, shoulder surfing and gesture recognition and delayed the chance of being successful in a brute force attack.
Time Pattern Locking Scheme for Secure Multimedia Contents in Human-Centric Device
TLDR
The secure locking screen using time pattern (SLSTP) is proposed focusing on improved security and convenience for users to support human-centric multimedia device completely and reduce the risk factors pertaining to security leakage to malicious third parties.
A simple PIN input technique resisting shoulder surfing and smudge attacks
TLDR
A new simple PIN input technique (SPIT) resisting the attacks by using the non-visual sound channel which does not sacrifice the probability of random guessing attacks is proposed.
...
...

References

SHOWING 1-10 OF 45 REFERENCES
A pilot study on the security of pattern screen-lock methods and soft side channel attacks
TLDR
A pilot study on user habits when setting a pattern lock and on their perceptions regarding what constitutes a secure pattern is presented to establish a scheme, which combines a behaviour-based attack and a physical attack on graphical lock screen methods, aiming to reduce the search space of possible combinations forming a pattern.
Smudge Attacks on Smartphone Touch Screens
TLDR
This paper examines the feasibility of smudge attacks on touch screens for smartphones, and focuses on the Android password pattern, and provides a preliminary analysis of applying the information learned in a smudge attack to guessing an Android passwordpattern.
Making graphic-based authentication secure against smudge attacks
TLDR
Three graphic-based authentication methods in a way to leave smudge traces, which are not easy to interpret, are designed and compared to the widely used Android pattern authentication and indicate that the concepts are significantly more secure against smudge attacks while keeping high input speed.
Touch me once and i know it's you!: implicit authentication based on touch screen patterns
TLDR
An implicit authentication approach is introduced that enhances password patterns with an additional security layer, transparent to the user, so that users are not only authenticated by the shape they input but also by the way they perform the input.
Human-Seeded Attacks and Exploiting Hot-Spots in Graphical Passwords
TLDR
The results suggest that these graphical password schemes appear to be at least as susceptible to offline attack as the traditional text passwords they were proposed to replace.
Design and evaluation of a shoulder-surfing resistant graphical password scheme
TLDR
The design and evaluation of a game-like graphical method of authentication that is resistant to shoulder-surfing is reported on, which shows that novice users were able to enter their graphical password accurately and to remember it over time.
Authentication using graphical passwords: effects of tolerance and image choice
TLDR
Results show that accurate memory for the password is strongly reduced when using a small tolerance around the user's password points, which suggests that many images may support memorability in graphical password systems.
Secure graphical password system for high traffic public areas
TLDR
For both text and graphical password entry systems the user needs to carefully enter the password in case a malicious user is observing the session via "shoulder surfing," and some authors assume that graphical passwords will be entered on a small screen with a reduced observation angle.
Graphical Dictionaries and the Memorable Space of Graphical Passwords
TLDR
The size of the mirror symmetric password space relative to the full password space of the graphical password scheme of Jermyn et al. (1999) is shown to be exponentially smaller, which could be used in formulating password rules for graphical password users and in creating proactive graphical password checkers.
Cognitive authentication schemes safe against spyware
  • D. Weinshall
  • Computer Science
    2006 IEEE Symposium on Security and Privacy (S&P'06)
  • 2006
TLDR
This work proposes challenge response protocols that rely on a shared secret set of pictures that are safe against eavesdropping, in that a modestly powered adversary who fully records a series of successful interactions cannot compute the user's secret.
...
...