User-generated Free-form Gestures for Authentication: Security and Memorability. Sherman, M., Clark, G., Yang, Y., Sugrim, S., Modig, A., Lindqvist, J., Oulasvirta, A., & Roos, T. In Proceedings of the International Conference on Mobile Systems, Applications, and Services (MobiSys), pages 176-189, 2014. ACM. ![User-generated Free-form Gestures for Authentication: Security and Memorability [link]](https://bibbase.org/img/filetypes/link.svg "link")
Website abstract bibtex This paper studies the security and memorability of free-form multitouch gestures for mobile authentication. Towards this end, we collected a dataset with a generate-test-retest paradigm where participants (N=63) generated free-form gestures, repeated them, and were later retested for memory. Half of the participants decided to generate one-finger gestures, and the other half generated multi-finger gestures. Although there has been recent work on template-based gestures, there are yet no metrics to analyze security of either template or free-form gestures. For example, entropy-based metrics used for text-based passwords are not suitable for capturing the security and memorability of free-form gestures. Hence, we modify a recently proposed metric for analyzing information capacity of continuous full-body movements for this purpose. Our metric computed estimated mutual information in repeated sets of gestures. Surprisingly, one-finger gestures had higher average mutual information. Gestures with many hard angles and turns had the highest mutual information. The best-remembered gestures included signatures and simple angular shapes. We also implemented a multitouch recognizer to evaluate the practicality of free-form gestures in a real authentication system and how they perform against shoulder surfing attacks. We discuss strategies for generating secure and memorable free-form gestures. We conclude that free-form gestures present a robust method for mobile authentication.
@inProceedings{
title = {User-generated Free-form Gestures for Authentication: Security and Memorability},
type = {inProceedings},
year = {2014},
identifiers = {[object Object]},
keywords = {gestures,information,memorability,mutual,security},
pages = {176-189},
websites = {http://doi.acm.org/10.1145/2594368.2594375},
publisher = {ACM},
id = {f863317b-a9fe-33cc-937e-aa50a804f459},
created = {2018-07-12T21:30:52.438Z},
file_attached = {false},
profile_id = {f954d000-ce94-3da6-bd26-b983145a920f},
group_id = {b0b145a3-980e-3ad7-a16f-c93918c606ed},
last_modified = {2018-07-12T21:30:52.438Z},
read = {false},
starred = {false},
authored = {false},
confirmed = {true},
hidden = {false},
citation_key = {sherman:gestures14},
source_type = {inproceedings},
private_publication = {false},
abstract = {This paper studies the security and memorability of free-form multitouch gestures for mobile authentication. Towards this end, we collected a dataset with a generate-test-retest paradigm where participants (N=63) generated free-form gestures, repeated them, and were later retested for memory. Half of the participants decided to generate one-finger gestures, and the other half generated multi-finger gestures. Although there has been recent work on template-based gestures, there are yet no metrics to analyze security of either template or free-form gestures. For example, entropy-based metrics used for text-based passwords are not suitable for capturing the security and memorability of free-form gestures. Hence, we modify a recently proposed metric for analyzing information capacity of continuous full-body movements for this purpose. Our metric computed estimated mutual information in repeated sets of gestures. Surprisingly, one-finger gestures had higher average mutual information. Gestures with many hard angles and turns had the highest mutual information. The best-remembered gestures included signatures and simple angular shapes. We also implemented a multitouch recognizer to evaluate the practicality of free-form gestures in a real authentication system and how they perform against shoulder surfing attacks. We discuss strategies for generating secure and memorable free-form gestures. We conclude that free-form gestures present a robust method for mobile authentication.},
bibtype = {inProceedings},
author = {Sherman, Michael and Clark, Gradeigh and Yang, Yulong and Sugrim, Shridatt and Modig, Arttu and Lindqvist, Janne and Oulasvirta, Antti and Roos, Teemu},
booktitle = {Proceedings of the International Conference on Mobile Systems, Applications, and Services (MobiSys)}
}
Downloads: 0
{"_id":"gKe95JSedQphNTLCu","bibbaseid":"sherman-clark-yang-sugrim-modig-lindqvist-oulasvirta-roos-usergeneratedfreeformgesturesforauthenticationsecurityandmemorability-2014","downloads":0,"creationDate":"2019-02-15T15:14:57.512Z","title":"User-generated Free-form Gestures for Authentication: Security and Memorability","author_short":["Sherman, M.","Clark, G.","Yang, Y.","Sugrim, S.","Modig, A.","Lindqvist, J.","Oulasvirta, A.","Roos, T."],"year":2014,"bibtype":"inProceedings","biburl":null,"bibdata":{"title":"User-generated Free-form Gestures for Authentication: Security and Memorability","type":"inProceedings","year":"2014","identifiers":"[object Object]","keywords":"gestures,information,memorability,mutual,security","pages":"176-189","websites":"http://doi.acm.org/10.1145/2594368.2594375","publisher":"ACM","id":"f863317b-a9fe-33cc-937e-aa50a804f459","created":"2018-07-12T21:30:52.438Z","file_attached":false,"profile_id":"f954d000-ce94-3da6-bd26-b983145a920f","group_id":"b0b145a3-980e-3ad7-a16f-c93918c606ed","last_modified":"2018-07-12T21:30:52.438Z","read":false,"starred":false,"authored":false,"confirmed":"true","hidden":false,"citation_key":"sherman:gestures14","source_type":"inproceedings","private_publication":false,"abstract":"This paper studies the security and memorability of free-form multitouch gestures for mobile authentication. Towards this end, we collected a dataset with a generate-test-retest paradigm where participants (N=63) generated free-form gestures, repeated them, and were later retested for memory. Half of the participants decided to generate one-finger gestures, and the other half generated multi-finger gestures. Although there has been recent work on template-based gestures, there are yet no metrics to analyze security of either template or free-form gestures. For example, entropy-based metrics used for text-based passwords are not suitable for capturing the security and memorability of free-form gestures. Hence, we modify a recently proposed metric for analyzing information capacity of continuous full-body movements for this purpose. Our metric computed estimated mutual information in repeated sets of gestures. Surprisingly, one-finger gestures had higher average mutual information. Gestures with many hard angles and turns had the highest mutual information. The best-remembered gestures included signatures and simple angular shapes. We also implemented a multitouch recognizer to evaluate the practicality of free-form gestures in a real authentication system and how they perform against shoulder surfing attacks. We discuss strategies for generating secure and memorable free-form gestures. We conclude that free-form gestures present a robust method for mobile authentication.","bibtype":"inProceedings","author":"Sherman, Michael and Clark, Gradeigh and Yang, Yulong and Sugrim, Shridatt and Modig, Arttu and Lindqvist, Janne and Oulasvirta, Antti and Roos, Teemu","booktitle":"Proceedings of the International Conference on Mobile Systems, Applications, and Services (MobiSys)","bibtex":"@inProceedings{\n title = {User-generated Free-form Gestures for Authentication: Security and Memorability},\n type = {inProceedings},\n year = {2014},\n identifiers = {[object Object]},\n keywords = {gestures,information,memorability,mutual,security},\n pages = {176-189},\n websites = {http://doi.acm.org/10.1145/2594368.2594375},\n publisher = {ACM},\n id = {f863317b-a9fe-33cc-937e-aa50a804f459},\n created = {2018-07-12T21:30:52.438Z},\n file_attached = {false},\n profile_id = {f954d000-ce94-3da6-bd26-b983145a920f},\n group_id = {b0b145a3-980e-3ad7-a16f-c93918c606ed},\n last_modified = {2018-07-12T21:30:52.438Z},\n read = {false},\n starred = {false},\n authored = {false},\n confirmed = {true},\n hidden = {false},\n citation_key = {sherman:gestures14},\n source_type = {inproceedings},\n private_publication = {false},\n abstract = {This paper studies the security and memorability of free-form multitouch gestures for mobile authentication. Towards this end, we collected a dataset with a generate-test-retest paradigm where participants (N=63) generated free-form gestures, repeated them, and were later retested for memory. Half of the participants decided to generate one-finger gestures, and the other half generated multi-finger gestures. Although there has been recent work on template-based gestures, there are yet no metrics to analyze security of either template or free-form gestures. For example, entropy-based metrics used for text-based passwords are not suitable for capturing the security and memorability of free-form gestures. Hence, we modify a recently proposed metric for analyzing information capacity of continuous full-body movements for this purpose. Our metric computed estimated mutual information in repeated sets of gestures. Surprisingly, one-finger gestures had higher average mutual information. Gestures with many hard angles and turns had the highest mutual information. The best-remembered gestures included signatures and simple angular shapes. We also implemented a multitouch recognizer to evaluate the practicality of free-form gestures in a real authentication system and how they perform against shoulder surfing attacks. We discuss strategies for generating secure and memorable free-form gestures. We conclude that free-form gestures present a robust method for mobile authentication.},\n bibtype = {inProceedings},\n author = {Sherman, Michael and Clark, Gradeigh and Yang, Yulong and Sugrim, Shridatt and Modig, Arttu and Lindqvist, Janne and Oulasvirta, Antti and Roos, Teemu},\n booktitle = {Proceedings of the International Conference on Mobile Systems, Applications, and Services (MobiSys)}\n}","author_short":["Sherman, M.","Clark, G.","Yang, Y.","Sugrim, S.","Modig, A.","Lindqvist, J.","Oulasvirta, A.","Roos, T."],"urls":{"Website":"http://doi.acm.org/10.1145/2594368.2594375"},"bibbaseid":"sherman-clark-yang-sugrim-modig-lindqvist-oulasvirta-roos-usergeneratedfreeformgesturesforauthenticationsecurityandmemorability-2014","role":"author","keyword":["gestures","information","memorability","mutual","security"],"downloads":0},"search_terms":["user","generated","free","form","gestures","authentication","security","memorability","sherman","clark","yang","sugrim","modig","lindqvist","oulasvirta","roos"],"keywords":["gestures","information","memorability","mutual","security"],"authorIDs":[]}