Shoulder-Surfing Resistant Authentication Using Pass Pattern of Pattern Lock


IEICE TRANSACTIONS on Information and Systems   Vol.E101-D   No.1   pp.45-52
Publication Date: 2018/01/01
Online ISSN: 1745-1361
DOI: 10.1587/transinf.2017MUP0012
Type of Manuscript: Special Section PAPER (Special Section on Enriched Multimedia — Potential and Possibility of Multimedia Contents for the Future —)
shoulder surfing,  authentication,  pattern lock,  android application,  

Full Text: PDF(787.3KB)
>>Buy this Article

We study an authentication method using secret figures of Pattern Lock, called pass patterns. In recent years, it is important to prevent the leakage of personal and company information on mobile devices. Android devices adopt a login authentication called Pattern Lock, which achieves both high resistance to Brute Force Attack and usability by virtue of pass pattern. However, Pattern Lock has a problem that pass patterns directly input to the terminal can be easily remembered by shoulder-surfing attack. In this paper, we propose a shoulder-surfing resistant authentication using pass pattern of Pattern Lock, which adopts a challenge & response authentication and also uses users' short-term memory. We implement the proposed method as an Android application and measure success rate, authentication time and the resistance against shoulder surfing. We also evaluate security and usability in comparison with related work.