User-generated Free-form Gestures for Authentication: Security and Memorability. Sherman, M., Clark, G., Yang, Y., Sugrim, S., Modig, A., Lindqvist, J., Oulasvirta, A., & Roos, T. In Proceedings of the International Conference on Mobile Systems, Applications, and Services (MobiSys), pages 176-189, 2014. ACM.
User-generated Free-form Gestures for Authentication: Security and Memorability [link]Website  abstract   bibtex   
This paper studies the security and memorability of free-form multitouch gestures for mobile authentication. Towards this end, we collected a dataset with a generate-test-retest paradigm where participants (N=63) generated free-form gestures, repeated them, and were later retested for memory. Half of the participants decided to generate one-finger gestures, and the other half generated multi-finger gestures. Although there has been recent work on template-based gestures, there are yet no metrics to analyze security of either template or free-form gestures. For example, entropy-based metrics used for text-based passwords are not suitable for capturing the security and memorability of free-form gestures. Hence, we modify a recently proposed metric for analyzing information capacity of continuous full-body movements for this purpose. Our metric computed estimated mutual information in repeated sets of gestures. Surprisingly, one-finger gestures had higher average mutual information. Gestures with many hard angles and turns had the highest mutual information. The best-remembered gestures included signatures and simple angular shapes. We also implemented a multitouch recognizer to evaluate the practicality of free-form gestures in a real authentication system and how they perform against shoulder surfing attacks. We discuss strategies for generating secure and memorable free-form gestures. We conclude that free-form gestures present a robust method for mobile authentication.
@inProceedings{
 title = {User-generated Free-form Gestures for Authentication: Security and Memorability},
 type = {inProceedings},
 year = {2014},
 identifiers = {[object Object]},
 keywords = {gestures,information,memorability,mutual,security},
 pages = {176-189},
 websites = {http://doi.acm.org/10.1145/2594368.2594375},
 publisher = {ACM},
 id = {f863317b-a9fe-33cc-937e-aa50a804f459},
 created = {2018-07-12T21:30:52.438Z},
 file_attached = {false},
 profile_id = {f954d000-ce94-3da6-bd26-b983145a920f},
 group_id = {b0b145a3-980e-3ad7-a16f-c93918c606ed},
 last_modified = {2018-07-12T21:30:52.438Z},
 read = {false},
 starred = {false},
 authored = {false},
 confirmed = {true},
 hidden = {false},
 citation_key = {sherman:gestures14},
 source_type = {inproceedings},
 private_publication = {false},
 abstract = {This paper studies the security and memorability of free-form multitouch gestures for mobile authentication. Towards this end, we collected a dataset with a generate-test-retest paradigm where participants (N=63) generated free-form gestures, repeated them, and were later retested for memory. Half of the participants decided to generate one-finger gestures, and the other half generated multi-finger gestures. Although there has been recent work on template-based gestures, there are yet no metrics to analyze security of either template or free-form gestures. For example, entropy-based metrics used for text-based passwords are not suitable for capturing the security and memorability of free-form gestures. Hence, we modify a recently proposed metric for analyzing information capacity of continuous full-body movements for this purpose. Our metric computed estimated mutual information in repeated sets of gestures. Surprisingly, one-finger gestures had higher average mutual information. Gestures with many hard angles and turns had the highest mutual information. The best-remembered gestures included signatures and simple angular shapes. We also implemented a multitouch recognizer to evaluate the practicality of free-form gestures in a real authentication system and how they perform against shoulder surfing attacks. We discuss strategies for generating secure and memorable free-form gestures. We conclude that free-form gestures present a robust method for mobile authentication.},
 bibtype = {inProceedings},
 author = {Sherman, Michael and Clark, Gradeigh and Yang, Yulong and Sugrim, Shridatt and Modig, Arttu and Lindqvist, Janne and Oulasvirta, Antti and Roos, Teemu},
 booktitle = {Proceedings of the International Conference on Mobile Systems, Applications, and Services (MobiSys)}
}

Downloads: 0