Abstract
Graphical password based authentication systems are now becoming one of the potential alternatives to alleviate current over-reliance on traditional text-based password authentication. With the rapid development of mobile devices (i.e., the increase of computing power), this kind of authentication systems has been implemented on mobile phones to authenticate legitimate users and detect impostors. But in real deployment, we notice that users can utilize more actions like multi-touch on a mobile phone than on a common computer. The action of multi-touch, which refers to the process of touching a touchscreen with multiple fingers at the same time, is a distinguished feature on a touchscreen mobile phone. In this paper, we therefore attempt to explore the effect of multi-touch on creating graphical passwords in the aspect of security and usability. In particular, we conduct a study of using click-draw based graphical passwords in the evaluation, which combines current input types in the area of graphical passwords, and we further develop a multi-touch enabled scheme on mobile phones. Three experiments were conducted with 60 participants and the experimental results indicate that, by integrating the action of multi-touch, graphical passwords can be generally enhanced in the aspect of both security and usability.
Chapter PDF
Similar content being viewed by others
References
Angulo, J., Wästlund, E.: Exploring Touch-Screen Biometrics for User Identification on Smart Phones. In: Camenisch, J., Crispo, B., Fischer-Hübner, S., Leenes, R., Russello, G. (eds.) Privacy and Identity 2011. IFIP AICT, vol. 375, pp. 130–143. Springer, Heidelberg (2012)
Blonder, G.: Graphical Passwords. United States Paten 5559961, Lucent Technologies, Inc. (1996)
Chiasson, S., Biddle, R., van Oorschot, P.C.: A Second Look at the Usability of Click-based Graphical Passwords. In: Proceedings of the 3rd Symposium on Usable Privacy and Security (SOUPS), pp. 1–12. ACM, New York (2007)
Chiasson, S., van Oorschot, P.C., Biddle, R.: Graphical Password Authentication Using Cued Click Points. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 359–374. Springer, Heidelberg (2007)
De Luca, A., Hang, A., Brudy, F., Lindner, C., Hussmann, H.: Touch Me Once and I Know It’s You!: Implicit Authentication based on Touch Screen Patterns. In: Proceedings of the 2012 ACM Annual Conference on Human Factors in Computing Systems (CHI), pp. 987–996. ACM, New York (2012)
Davis, D., Monrose, F., Reiter, M.K.: On User Choice in Graphical Password Schemes. In: Proceedings of the 13th Conference on USENIX Security Symposium (SSYM), pp. 151–164. USENIX Association, Berkeley (2004)
Dirik, A.E., Memon, N., Birget, J.-C.: Modeling User Choice in the Passpoints Graphical Password Scheme. In: Proceedings of the 3rd Symposium on Usable Privacy and Security (SOUPS), pp. 20–28. ACM, New York (2007)
Dunphy, P., Heiner, A.P., Asokan, N.: A Closer Look at Recognition-based Graphical Passwords on Mobile Devices. In: Proceedings of the Sixth Symposium on Usable Privacy and Security (SOUPS), pp. 1–12. ACM, New York (2010)
Gołofit, K.: Click Passwords under Investigation. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 343–358. Springer, Heidelberg (2007)
Jermyn, I., Mayer, A., Monrose, F., Reiter, M.K., Rubin, A.D.: The Design and Analysis of Graphical Passwords. In: Proceedings of the 8th Conference on USENIX Security Symposium (SSYM), pp. 1–14. USENIX Association, Berkeley (1999)
Karlson, A.K., Brush, A.B., Schechter, S.: Can I Borrow Your Phone?: Understanding Concerns when Sharing Mobile Phones. In: Proceedings of the 27th International Conference on Human Factors in Computing Systems (CHI), pp. 1647–1650. ACM, New York (2009)
Kim, D., Dunphy, P., Briggs, P., Hook, J., Nicholson, J.W., Nicholson, J., Olivier, P.: Multi-Touch Authentication on Tabletops. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI), pp. 1093–1102. ACM, New York (2010)
Lin, D., Dunphy, P., Olivier, P., Yan, J.: Graphical Passwords & Qualitative Spatial Relations. In: Proceedings of the 3rd Symposium on Usable Privacy and Security (SOUPS), pp. 161–162. ACM, New York (2007)
Meng, Y.: Designing Click-Draw based Graphical Password Scheme for Better Authentication. In: Proceedings of IEEE International Conference on Networking, Architecture, and Storage (NAS), pp. 39–48 (2012)
Meng, Y., Wong, D.S., Schlegel, R., Kwok, L.-F.: Touch Gestures Based Biometric Authentication Scheme for Touchscreen Mobile Phones. In: Kutyłowski, M., Yung, M. (eds.) INSCRYPT 2012. LNCS, vol. 7763, pp. 331–350. Springer, Heidelberg (2013)
Millennial Media. Mobile mix: The mobile device index (September 2012), http://www.millennialmedia.com/research
Nelson, D.L., Reed, V.S., Walling, J.R.: Pictorial Superiority Effect. Journal of Experimental Psychology: Human Learning and Memory 2(5), 523–528 (1976)
Oakley, I., Bianchi, A.: Multi-Touch Passwords for Mobile Device Access. In: Proceedings of the 2012 ACM Conference on Ubiquitous Computing (UbiComp), pp. 611–612. ACM, New York (2012)
Shepard, R.N.: Recognition Memory for Words, Sentences, and Pictures. Journal of Verbal Learning and Verbal Behavior 6(1), 156–163 (1967)
Suo, X., Zhu, Y., Owen, G.S.: Graphical Passwords: A Survey. In: Proceedings of the 21st Annual Computer Security Applications Conference (ACSAC), pp. 463–472. IEEE Computer Society, USA (2005)
Trewin, S., Swart, C., Koved, L., Martino, J., Singh, K., Ben-David, S.: Biometric Authentication on A Mobile Device: A Study of User Effort, Error and Task Disruption. In: Proceedings of the 28th Annual Computer Security Applications Conference (ACSAC), pp. 159–168 (2012)
Wiedenbeck, S., Waters, J., Birget, J.-C., Brodskiy, A., Memon, N.: Passpoints: Design and Longitudinal Evaluation of A Graphical Password System. Int. J. Hum.-Comput. Stud. 63(1-2), 102–127 (2005)
Zhang, Y., Xia, P., Luo, J., Ling, Z., Liu, B., Fu, X.: Fingerprint Attack against Touch-enabled Devices. In: Proceedings of the 2nd ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM), pp. 57–68 (2012)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 IFIP International Federation for Information Processing
About this paper
Cite this paper
Meng, Y., Li, W., Kwok, LF. (2013). Enhancing Click-Draw Based Graphical Passwords Using Multi-Touch on Mobile Phones. In: Janczewski, L.J., Wolfe, H.B., Shenoi, S. (eds) Security and Privacy Protection in Information Processing Systems. SEC 2013. IFIP Advances in Information and Communication Technology, vol 405. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-39218-4_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-39218-4_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-39217-7
Online ISBN: 978-3-642-39218-4
eBook Packages: Computer ScienceComputer Science (R0)