User-generated free-form gestures for authentication: Security and memorability

Michael Sherman; Gradeigh Clark; Yulong Yang; Shridatt Sugrim; Arttu Modig; Janne Lindqvist; Antti Oulasvirta; Teemu Roos

doi:10.1145/2594368.2594375

User-generated free-form gestures for authentication: Security and memorability

Michael Sherman, Gradeigh Clark, Yulong Yang, Shridatt Sugrim, Arttu Modig, Janne Lindqvist, Antti Oulasvirta, Teemu Roos

Not published at Aalto University

Research output: Chapter in Book/Report/Conference proceeding › Conference article in proceedings › Scientific › peer-review

83 Citations (Scopus)

Abstract

This paper studies the security and memorability of free-form multitouch gestures for mobile authentication. Towards this end, we collected a dataset with a generate-test-retest paradigm where participants (N=63) generated free-form gestures, repeated them, and were later retested for memory. Half of the participants decided to generate one-finger gestures, and the other half generated multi-finger gestures. Although there has been recent work on template-based gestures, there are yet no metrics to analyze security of either template or free-form gestures. For example, entropy-based metrics used for text-based passwords are not suitable for capturing the security and memorability of free-form gestures. Hence, we modify a recently proposed metric for analyzing information capacity of continuous full-body movements for this purpose. Our metric computed estimated mutual information in repeated sets of gestures. Surprisingly, one-finger gestures had higher average mutual information. Gestures with many hard angles and turns had the highest mutual information. The best-remembered gestures included signatures and simple angular shapes. We also implemented a multitouch recognizer to evaluate the practicality of free-form gestures in a real authentication system and how they perform against shoulder surfing attacks. We discuss strategies for generating secure and memorable free-form gestures. We conclude that free-form gestures present a robust method for mobile authentication.

Original language	English
Title of host publication	MobiSys 2014 - Proceedings of the 12th Annual International Conference on Mobile Systems, Applications, and Services
Publisher	ACM
Pages	176-189
Number of pages	14
ISBN (Print)	9781450327930
DOIs	https://doi.org/10.1145/2594368.2594375
Publication status	Published - 2014
MoE publication type	A4 Conference publication
Event	International Conference on Mobile Systems, Applications, and Services - Bretton Woods, United States Duration: 16 Jun 2014 → 19 Jun 2014 Conference number: 12

Conference

Conference	International Conference on Mobile Systems, Applications, and Services
Abbreviated title	MobiSys
Country/Territory	United States
City	Bretton Woods
Period	16/06/2014 → 19/06/2014

Keywords

gestures
memorability
mutual information
security

Access to Document

10.1145/2594368.2594375

Cite this

@inproceedings{265e56065abe4210badb4a0261894020,

title = "User-generated free-form gestures for authentication: Security and memorability",

abstract = "This paper studies the security and memorability of free-form multitouch gestures for mobile authentication. Towards this end, we collected a dataset with a generate-test-retest paradigm where participants (N=63) generated free-form gestures, repeated them, and were later retested for memory. Half of the participants decided to generate one-finger gestures, and the other half generated multi-finger gestures. Although there has been recent work on template-based gestures, there are yet no metrics to analyze security of either template or free-form gestures. For example, entropy-based metrics used for text-based passwords are not suitable for capturing the security and memorability of free-form gestures. Hence, we modify a recently proposed metric for analyzing information capacity of continuous full-body movements for this purpose. Our metric computed estimated mutual information in repeated sets of gestures. Surprisingly, one-finger gestures had higher average mutual information. Gestures with many hard angles and turns had the highest mutual information. The best-remembered gestures included signatures and simple angular shapes. We also implemented a multitouch recognizer to evaluate the practicality of free-form gestures in a real authentication system and how they perform against shoulder surfing attacks. We discuss strategies for generating secure and memorable free-form gestures. We conclude that free-form gestures present a robust method for mobile authentication.",

keywords = "gestures, memorability, mutual information, security",

author = "Michael Sherman and Gradeigh Clark and Yulong Yang and Shridatt Sugrim and Arttu Modig and Janne Lindqvist and Antti Oulasvirta and Teemu Roos",

year = "2014",

doi = "10.1145/2594368.2594375",

language = "English",

isbn = "9781450327930",

pages = "176--189",

booktitle = "MobiSys 2014 - Proceedings of the 12th Annual International Conference on Mobile Systems, Applications, and Services",

publisher = "ACM",

address = "United States",

note = "International Conference on Mobile Systems, Applications, and Services, MobiSys ; Conference date: 16-06-2014 Through 19-06-2014",

}

Sherman, M, Clark, G, Yang, Y, Sugrim, S, Modig, A, Lindqvist, J , Oulasvirta, A & Roos, T 2014, User-generated free-form gestures for authentication: Security and memorability. in MobiSys 2014 - Proceedings of the 12th Annual International Conference on Mobile Systems, Applications, and Services. ACM, pp. 176-189, International Conference on Mobile Systems, Applications, and Services, Bretton Woods, New Hampshire, United States, 16/06/2014. https://doi.org/10.1145/2594368.2594375

User-generated free-form gestures for authentication: Security and memorability. / Sherman, Michael; Clark, Gradeigh; Yang, Yulong et al.
MobiSys 2014 - Proceedings of the 12th Annual International Conference on Mobile Systems, Applications, and Services. ACM, 2014. p. 176-189.

Research output: Chapter in Book/Report/Conference proceeding › Conference article in proceedings › Scientific › peer-review

TY - GEN

T1 - User-generated free-form gestures for authentication

T2 - International Conference on Mobile Systems, Applications, and Services

AU - Sherman, Michael

AU - Clark, Gradeigh

AU - Yang, Yulong

AU - Sugrim, Shridatt

AU - Modig, Arttu

AU - Lindqvist, Janne

AU - Oulasvirta, Antti

AU - Roos, Teemu

N1 - Conference code: 12

PY - 2014

Y1 - 2014

N2 - This paper studies the security and memorability of free-form multitouch gestures for mobile authentication. Towards this end, we collected a dataset with a generate-test-retest paradigm where participants (N=63) generated free-form gestures, repeated them, and were later retested for memory. Half of the participants decided to generate one-finger gestures, and the other half generated multi-finger gestures. Although there has been recent work on template-based gestures, there are yet no metrics to analyze security of either template or free-form gestures. For example, entropy-based metrics used for text-based passwords are not suitable for capturing the security and memorability of free-form gestures. Hence, we modify a recently proposed metric for analyzing information capacity of continuous full-body movements for this purpose. Our metric computed estimated mutual information in repeated sets of gestures. Surprisingly, one-finger gestures had higher average mutual information. Gestures with many hard angles and turns had the highest mutual information. The best-remembered gestures included signatures and simple angular shapes. We also implemented a multitouch recognizer to evaluate the practicality of free-form gestures in a real authentication system and how they perform against shoulder surfing attacks. We discuss strategies for generating secure and memorable free-form gestures. We conclude that free-form gestures present a robust method for mobile authentication.

AB - This paper studies the security and memorability of free-form multitouch gestures for mobile authentication. Towards this end, we collected a dataset with a generate-test-retest paradigm where participants (N=63) generated free-form gestures, repeated them, and were later retested for memory. Half of the participants decided to generate one-finger gestures, and the other half generated multi-finger gestures. Although there has been recent work on template-based gestures, there are yet no metrics to analyze security of either template or free-form gestures. For example, entropy-based metrics used for text-based passwords are not suitable for capturing the security and memorability of free-form gestures. Hence, we modify a recently proposed metric for analyzing information capacity of continuous full-body movements for this purpose. Our metric computed estimated mutual information in repeated sets of gestures. Surprisingly, one-finger gestures had higher average mutual information. Gestures with many hard angles and turns had the highest mutual information. The best-remembered gestures included signatures and simple angular shapes. We also implemented a multitouch recognizer to evaluate the practicality of free-form gestures in a real authentication system and how they perform against shoulder surfing attacks. We discuss strategies for generating secure and memorable free-form gestures. We conclude that free-form gestures present a robust method for mobile authentication.

KW - gestures

KW - memorability

KW - mutual information

KW - security

UR - http://www.scopus.com/inward/record.url?scp=84903203924&partnerID=8YFLogxK

U2 - 10.1145/2594368.2594375

DO - 10.1145/2594368.2594375

M3 - Conference article in proceedings

AN - SCOPUS:84903203924

SN - 9781450327930

SP - 176

EP - 189

BT - MobiSys 2014 - Proceedings of the 12th Annual International Conference on Mobile Systems, Applications, and Services

PB - ACM

Y2 - 16 June 2014 through 19 June 2014

ER -

User-generated free-form gestures for authentication: Security and memorability

Abstract

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this