research-article

The Personal Identification Chord: A Four ButtonAuthentication System for Smartwatches

Authors:

Hyoungshick KimAuthors Info & Claims

ASIACCS '18: Proceedings of the 2018 on Asia Conference on Computer and Communications Security

Pages 75 - 87

https://doi.org/10.1145/3196494.3196555

Published: 29 May 2018 Publication History

Abstract

Smartwatches support access to a wide range of private information but little is known about the security and usability of existing smartwatch screen lock mechanisms. Prior studies suggest that smartwatch authentication via standard techniques such as 4-digit PINs is challenging and error-prone. We conducted interviews to shed light on current practices, revealing that smartwatch users consider the ten-key keypad required for PIN entry to be hard to use due to its small button sizes. To address this issue, we propose the Personal Identification Chord (PIC), an authentication system based on a four-button chorded keypad that enables users to enter ten different inputs via taps to one or two larger buttons. Two studies assessing usability and security of our technique indicate PICs lead to increases in setup and (modestly) recall time, but can be entered accurately while maintaining high recall rates and may improve guessing entropy compared to PINs.

References

[1]

Richard C Atkinson and Richard M Shiffrin. 1968. Human memory: A proposed system and its control processes. The psychology of learning and motivation 2 (1968), 89--195.

[2]

Rasekhar Bhagavatula, Blase Ur, Kevin Iacovino, Su Mon Kywe, Lorrie Faith Cranor, and Marios Savvides. 2015. Biometric Authentication on iPhone and Android: Usability, Perceptions, and Influences on Adoption. In Proceedings of Network and Distributed Systems Symposium Workshop on Usable Security.

[3]

Joseph Bonneau. 2012. The Science of Guessing: Analyzing an Anonymized Corpus of 70 Million Passwords. In Proceedings of the 33rd IEEE Symposium on Security and Privacy. 538--552.

Digital Library

[4]

Joseph Bonneau, Cormac Herley, Paul C. van Oorschot, and Stajano Frank. 2012. The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes. In Proceedings of the 33rd IEEE Symposium on Security and Privacy. 553--567.

Digital Library

[5]

Joseph Bonneau, Sören Preibusch, and Ross J. Anderson. 2012. A Birthday Present Every Eleven Wallets? The Security of Customer-Chosen Banking PINs. In Proceedings of the 16th International Conference on Financial Cryptography and Data Security. 25--40.

[6]

Gunnar A Borg. 1982. Psychophysical bases of perceived exertion. Med sci sports exerc 14, 5 (1982), 377--381.

[7]

Stephen Brewster, Joanna Lumsden, Marek Bell, Malcolm Hall, and Stuart Tasker. 2003. Multimodal 'Eyes-free' Interaction Techniques for Wearable Devices. In Proceedings of the 21st Annual ACM Conference on Human Factors in Computing Systems (CHI '03). 473--480.

Digital Library

[8]

Ivan Cherapau, Ildar Muslukhov, Nalin Asanka, and Konstantin Beznosov. 2015. On the Impact of Touch ID on iPhone Passcodes. In Proceedings of the 11st Symposium On Usable Privacy and Security (SOUPS '15). 257--276. https://www. usenix.org/conference/soups2015/proceedings/presentation/cherapau

[9]

Geumhwan Cho, Jun Ho Huh, Junsung Cho, Seongyeol Oh, Youngbae Song, and Hyoungshick Kim. 2017. SysPal: System-Guided Pattern Locks for Android. In Proceedings of the 38th IEEE Symposium on Security and Privacy. 338--356.

[10]

Hyunjae Gil, DoYoung Lee, Seunggyu Im, and Ian Oakley. 2017. TriTap: Identifying Finger Touches on Smartwatches. In Proceedings of the 35th Annual ACM Conference on Human Factors in Computing Systems (CHI '17). 3879--3890.

Digital Library

[11]

Google. 2017. Google Smart Unlock. https://get.google.com/smartlock/. (2017). {Online; accessed 19-Sept-2017}.

[12]

Kristen K. Greene, Melissa A. Gallagher, Brian C. Stanton, and Paul Y. Lee. 2014. I Can't Type That! P@$$w0rd Entry on Mobile Devices. In Proceedings of the 2nd International Conference on Human Aspects of Information Security, Privacy, and Trust. 160--171.

Digital Library

[13]

Kiyotaka Hara, Takeshi Umezawa, and Noritaka Osawa. 2015. Effect of Button Size and Location When Pointing with Index Finger on Smartwatch. Springer International Publishing, Cham, 165--174.

[14]

Marian Harbach, Emanuel von Zezschwitz, Andreas Fichtner, Alexander De Luca, and Matthew Smith. 2014. It's a Hard Lock Life: A Field Study of Smartphone (Un)Locking Behavior and Risk Perception. In Proceedings of the 10th Symposium On Usable Privacy and Security (SOUPS '14). 213--230. https://www.usenix.org/ conference/soups2014/proceedings/presentation/harbach

[15]

Sandra G. Hart and Lowell E. Staveland. 1988. Development of NASA-TLX (Task Load Index): Results of Empirical and Theoretical Research. In Human Mental Workload, Peter A. Hancock and Najmedin Meshkati (Eds.). Advances in Psychology, Vol. 52. North-Holland, 139 -- 183.

[16]

Cormac Herley and Paul C. van Oorschot. 2012. A Research Agenda Acknowledging the Persistence of Passwords. IEEE Security &Privacy 10, 1 (2012), 28--36.

Digital Library

[17]

Christian Holz, Senaka Buthpitiya, and Marius Knaust. 2015. Bodyprint: Biometric User Identification on Mobile Devices Using the Capacitive Touchscreen to Scan Body Parts. In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems (CHI '15). 3011--3014.

Digital Library

[18]

Gabriel Jakobson and Steven Rueben. 2013. Commercial transactions via a wearable computer with a display. (Nov. 18 2013). US Patent App. 13/998,623.

[19]

Markus Jakobsson and Ruj Akavipat. 2011. Rethinking passwords to adapt to constrained keyboards. (2011). http://www.markus-jakobsson.com/fastwords. pdf

[20]

Hyoungshick Kim and Jun Ho Huh. 2012. PIN selection policies: Are they really effective? Computers &Security 31, 4 (2012), 484--496.

Digital Library

[21]

Benjamin Lafreniere, Carl Gutwin, Andy Cockburn, and Tovi Grossman. 2016. Faster Command Selection on Touchscreen Watches. In Proceedings of the 34th Annual ACM Conference on Human Factors in Computing Systems (CHI '16). 4663-- 4674.

Digital Library

[22]

Alexander De Luca, Alina Hang, Emanuel von Zezschwitz, and Heinrich Hussmann. 2015. I Feel Like I'm Taking Selfies All Day!: Towards Understanding Biometric Authentication on Smartphones. In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems (CHI '15). 1411--1414.

Digital Library

[23]

Jerry Ma, Weining Yang, Min Luo, and Ninghui Li. 2014. A Study of Probabilistic Password Models. In Proceedings of the 35th IEEE Symposium on Security and Privacy. 689--704.

Digital Library

[24]

William Melicher, Darya Kurilova, Sean M. Segreti, Pranshu Kalvani, Richard Shay, Blase Ur, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, and Michelle L. Mazurek. 2016. Usability and Security of Text Passwords on Mobile Devices. In Proceedings of the 34th Annual ACM Conference on Human Factors in Computing Systems (CHI '16). 527--539.

Digital Library

[25]

Toan Nguyen and Nasir Memon. 2017. Smartwatches Locking Methods: A Comparative Study. In Proceedings of the 13rd Symposium On Usable Privacy and Security (SOUPS '17). Santa Clara, CA. https://www.usenix.org/conference/ soups2017/workshop-program/way2017/nguyen

[26]

Ian Oakley, Carina Lindahl, Khanh Le, DoYoung Lee, and MD. Rasel Islam. 2016. The Flat Finger: Exploring Area Touches on Smartwatches. In Proceedings of the 34th Annual ACM Conference on Human Factors in Computing Systems (CHI '16). 4238--4249.

Digital Library

[27]

M. A. Sasse, S. Brostoff, and D. Weirich. 2001. Transforming the 'Weakest Link' -- a Human/Computer Interaction Approach to Usable and Effective Security. BT Technology Journal 19 (July 2001), 122--131. Issue 3.

Digital Library

[28]

Florian Schaub, Ruben Deyhle, and Michael Weber. 2012. Password entry usability and shoulder surfing susceptibility on different smartphone platforms. In Proceedings of the 11th International Conference on Mobile and Ubiquitous Multimedia (MUM '12). 13.

Digital Library

[29]

Katie A. Siek, Yvonne Rogers, and Kay H. Connelly. 2005. Fat Finger Worries: How Older and Younger Users Physically Interact with PDAs. In Proceedings of the IFIP TC13 International Conference on Human-Computer Interaction (INTERACT '05). 267--280.

Digital Library

[30]

Ben Sin. 2017. The Galaxy S8 And Pixel Should Copy LG's Knock Code. https://www.forbes.com/sites/bensin/2017/03/02/ the-galaxy-s8-and-pixel-should-copy-lgs-knock-code. (2017). {Online; accessed 19-Sept-2017}.

[31]

Sebastian Uellenbeck, Markus Dürmuth, Christopher Wolf, and Thorsten Holz. 2013. Quantifying the security of graphical passwords: the case of android unlock patterns. In Proceedings of the 20th ACM Conference on Computer and Communications Security. 161--172.

Digital Library

[32]

Emanuel von Zezschwitz, Alexander De Luca, and Heinrich Hussmann. 2014. Honey, I shrunk the keys: influences of mobile devices on password composition and authentication performance. In Proceedings of the 8th Nordic Conference on Human-Computer Interaction: Fun, Fast, Foundational. 461--470.

Digital Library

[33]

Robert Xiao, Julia Schwarz, and Chris Harrison. 2015. Estimating 3D Finger Angle on Commodity Touchscreens. In Proceedings of the 2015 International Conference on Interactive Tabletops &Surfaces (ITS '15). 47--50.

Digital Library

[34]

Chun Yu, Hongyi Wen, Wei Xiong, Xiaojun Bi, and Yuanchun Shi. 2016. Investigating Effects of Post-Selection Feedback for Acquiring Ultra-Small Targets on Touchscreen. In Proceedings of the 34th Annual ACM Conference on Human Factors in Computing Systems (CHI '16). 4699--4710.

Digital Library

[35]

Yue Zhao, Zhongtian Qiu, Yiqing Yang, Weiwei Li, and Mingming Fan. 2017. An Empirical Study of Touch-based Authentication Methods on Smartwatches. In Proceedings of the ACM International Symposium on Wearable Computers (ISWC '17). 122--125.

Digital Library

Cited By

Yang YWang YChen YYe ZLi XXia ZRen YOkoshi TKo JLiKamWa R(2024)TouchTone: Smartwatch Privacy Protection via Unobtrusive Finger Touch GesturesProceedings of the 22nd Annual International Conference on Mobile Systems, Applications and Services10.1145/3643832.3661884(141-154)Online publication date: 3-Jun-2024
https://dl.acm.org/doi/10.1145/3643832.3661884
Shin HHuh JKwon BKim ICheon EKim HLee COakley I(2024)SkullID: Through-Skull Sound Conduction based Authentication for SmartglassesProceedings of the 2024 CHI Conference on Human Factors in Computing Systems10.1145/3613904.3642506(1-19)Online publication date: 11-May-2024
https://dl.acm.org/doi/10.1145/3613904.3642506
Huh JShin HKim HCheon ESong YLee COakley I(2023)WristAcousticProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/35694736:4(1-34)Online publication date: 11-Jan-2023
https://dl.acm.org/doi/10.1145/3569473
Show More Cited By

Index Terms

The Personal Identification Chord: A Four ButtonAuthentication System for Smartwatches
1. Security and privacy
  1. Human and societal aspects of security and privacy
    1. Usability in security and privacy
  2. Security services
    1. Authentication

Recommendations

Personal identification number entry for Google glass

Secure PIN-entry method against Shoulder-surfing attack with Google glass.Implementation of prototype products for proposed PIN-entry method.Masked password transmission techniques for Google glass. Display Omitted In this paper, we introduce secure and ...
pPen: enabling authenticated pen and touch interaction on tabletop surfaces
ITS '10: ACM International Conference on Interactive Tabletops and Surfaces

This paper introduced pPen, a pressure-sensitive digital pen enabled precise pressure and touch input on vision based interactive tabletops. With the help of pPen inputs and feature matching technology, we implemented a novel method supporting multi-...
Secure bimodal PIN-entry method using audio signals

A Personal Identification Number (PIN) is a multiple-digit sequence widely used for user authentication. It is desirable for a PIN-entry method to be secure against two main security threats, random guessing attacks and recording attacks. Although there ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

ASIACCS '18: Proceedings of the 2018 on Asia Conference on Computer and Communications Security

May 2018

866 pages

ISBN:9781450355766

DOI:10.1145/3196494

General Chairs:
Jong Kim
Pohang University of Science and Technology, South Korea
,
Gail-Joon Ahn
Arizona State University, USA &Samsung Electronics, South Korea
,
Seungjoo Kim
Korea University, South Korea
,
Program Chairs:
Yongdae Kim
KAIST, South Korea
,
Javier Lopez
University of Malaga, Spain
,
Taesoo Kim
Georgia Tech, USA

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 29 May 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Samsung Electronics Samsung Research
MSIP (Ministry of Science ICT and Future Planning) Korea

Conference

ASIA CCS '18

Sponsor:

SIGSAC

ASIA CCS '18: ACM Asia Conference on Computer and Communications Security

June 4, 2018

Incheon, Republic of Korea

Acceptance Rates

ASIACCS '18 Paper Acceptance Rate 52 of 310 submissions, 17%;

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

11
Total Citations
View Citations
552
Total Downloads

Downloads (Last 12 months)41
Downloads (Last 6 weeks)2

Reflects downloads up to 26 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Yang YWang YChen YYe ZLi XXia ZRen YOkoshi TKo JLiKamWa R(2024)TouchTone: Smartwatch Privacy Protection via Unobtrusive Finger Touch GesturesProceedings of the 22nd Annual International Conference on Mobile Systems, Applications and Services10.1145/3643832.3661884(141-154)Online publication date: 3-Jun-2024
https://dl.acm.org/doi/10.1145/3643832.3661884
Shin HHuh JKwon BKim ICheon EKim HLee COakley I(2024)SkullID: Through-Skull Sound Conduction based Authentication for SmartglassesProceedings of the 2024 CHI Conference on Human Factors in Computing Systems10.1145/3613904.3642506(1-19)Online publication date: 11-May-2024
https://dl.acm.org/doi/10.1145/3613904.3642506
Huh JShin HKim HCheon ESong YLee COakley I(2023)WristAcousticProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/35694736:4(1-34)Online publication date: 11-Jan-2023
https://dl.acm.org/doi/10.1145/3569473
Song YOakley I(2022)PushPIN: A Pressure-Based Behavioral Biometric Authentication System for SmartwatchesInternational Journal of Human–Computer Interaction10.1080/10447318.2022.204914439:4(893-909)Online publication date: 19-Apr-2022
https://doi.org/10.1080/10447318.2022.2049144
Song YOakley I(2022)PushID: A Pressure Control Interaction-Based Behavioral Biometric Authentication System for SmartwatchesHCI for Cybersecurity, Privacy and Trust10.1007/978-3-031-05563-8_17(255-267)Online publication date: 26-Jun-2022
https://dl.acm.org/doi/10.1007/978-3-031-05563-8_17
Belk MFidas CKatsi EConstantinides APitsillides A(2021)An Empirical Study of Picture Password Composition on SmartwatchesHuman-Computer Interaction – INTERACT 202110.1007/978-3-030-85610-6_37(655-664)Online publication date: 26-Aug-2021
https://doi.org/10.1007/978-3-030-85610-6_37
Cheon EShin YHuh JKim HOakley I(2020)Gesture Authentication for Smartphones: Evaluation of Gesture Password Selection Policies2020 IEEE Symposium on Security and Privacy (SP)10.1109/SP40000.2020.00034(249-267)Online publication date: May-2020
https://doi.org/10.1109/SP40000.2020.00034
Nagatomo MWatanabe KAburada KOkazaki NPark M(2019)Personal Identification with Any Shift: Authentication method for smartwatches having shoulder-surfing resistanceIEICE Communications Express10.1587/comex.2019GCL00248:12(495-500)Online publication date: 2019
https://doi.org/10.1587/comex.2019GCL0024
Guerar MVerderame LMigliardi MMerlo A(2019)2GesturePIN: Securing PIN-Based Authentication on Smartwatches2019 IEEE 28th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE)10.1109/WETICE.2019.00074(327-333)Online publication date: Jun-2019
https://doi.org/10.1109/WETICE.2019.00074
Nagatomo MWatanabe KAburada KOkazaki NPark M(2019)Proposal and Evaluation of Authentication Method Having Shoulder-Surfing Resistance for Smartwatches Using Shift RuleAdvances in Networked-based Information Systems10.1007/978-3-030-29029-0_55(560-569)Online publication date: 15-Aug-2019
https://doi.org/10.1007/978-3-030-29029-0_55
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents