Gradeigh D. Clark scite author profile

This paper studies the security and memorability of free-form multitouch gestures for mobile authentication. Towards this end, we collected a dataset with a generate-test-retest paradigm where participants (N=63) generated free-form gestures, repeated them, and were later retested for memory. Half of the participants decided to generate one-finger gestures, and the other half generated multifinger gestures. Although there has been recent work on templatebased gestures, there are yet no metrics to analyze security of either template or free-form gestures. For example, entropy-based metrics used for text-based passwords are not suitable for capturing the security and memorability of free-form gestures. Hence, we modify a recently proposed metric for analyzing information capacity of continuous full-body movements for this purpose. Our metric computed estimated mutual information in repeated sets of gestures. Surprisingly, one-finger gestures had higher average mutual information. Gestures with many hard angles and turns had the highest mutual information. The best-remembered gestures included signatures and simple angular shapes. We also implemented a multitouch recognizer to evaluate the practicality of free-form gestures in a real authentication system and how they perform against shoulder surfing attacks. We discuss strategies for generating secure and memorable free-form gestures. We conclude that free-form gestures present a robust method for mobile authentication.

show abstract

Free-Form Gesture Authentication in the Wild

Yang

Clark

Lindqvist

et al. 2016

View full text Add to dashboard Cite

Free-form gesture passwords have been introduced as an alternative mobile authentication method. Text passwords are not very suitable for mobile interaction, and methods such as PINs and grid patterns sacrifice security over usability. However, little is known about how free-form gestures perform in the wild. We present the first field study (N=91) of mobile authentication using free-form gestures, with text passwords as a baseline. Our study leveraged Experience Sampling Methodology to increase ecological validity while maintaining control of the experiment. We found that, with gesture passwords, participants generated new passwords and authenticated faster with comparable memorability while being more willing to retry. Our analysis of the gesture password dataset indicated biases in user-chosen distribution tending towards common shapes. Our findings provide useful insights towards understanding mobile device authentication and gesture-based authentication.

show abstract

Of Two Minds, Multiple Addresses, and One History: Characterizing Opinions, Knowledge, and Perceptions of Bitcoin Across Groups

2015

View full text Add to dashboard Cite

Digital currencies represent a new method for exchange and investment that differs strongly from any other fiat money seen throughout history. A digital currency makes it possible to perform all financial transactions without the intervention of a third party to act as an arbiter of verification; payments can be made between two people with degrees of anonymity, across continents, at any denomination, and without any transaction fees going to a central authority.The most successful example of this is Bitcoin, introduced in 2008, which has experienced a recent boom of popularity, media attention, and investment. With this surge of attention, we became interested in finding out how people both inside and outside the Bitcoin community perceive Bitcoin -what do they think of it, how do they feel, and how knowledgeable they are. Towards this end, we conducted the first interview study (N = 20) with participants to discuss Bitcoin and other related financial topics. Some of our major findings include: not understanding how Bitcoin works is not a barrier for entry, although non-user participants claim it would be for them and that user participants are in a state of cognitive dissonance concerning the role of governments in the system. Our findings, overall, contribute to knowledge concerning Bitcoin and attitudes towards digital currencies in general.

show abstract

Guessing Attacks on User-Generated Gesture Passwords

Liu

Clark

Lindqvist

2017

Proc. ACM Interact. Mob. Wearable Ubiquitous Technol.

View full text Add to dashboard Cite

Touchscreens, the dominant input type for mobile phones, require unique authentication solutions. Gesture passwords have been proposed as an alternative ubiquitous authentication technique. Prior security analysis has relied on inconsistent measurements such as mutual information or shoulder sur ng attacks. We present the rst approach for measuring the security of gestures with guessing attacks that model real-world attacker behavior. Our major contributions are: 1) a comprehensive analysis of the weak subspace for gesture passwords, 2) a method for enumerating the size of the full theoretical gesture password space, 3) a design of a novel guessing attack against user-chosen gestures using a dictionary, and 4) a brute-force attack used for benchmarking the performance of the guessing attack. Our dictionary attack, tested on newly collected user data, achieves a cracking rate of 47.71% after two weeks of computation using 10 9 guesses. This is a di erence of 35.78 percentage points compared to the 11.93% cracking rate of the brute-force attack. In conclusion, users are not taking full advantage of the large theoretical password space and instead choose their gesture passwords from weak subspaces. We urge for further work on addressing this challenge. CCS Concepts: • Security and privacy → Authentication; • Human-centered computing → Gestural input;

show abstract

Engineering Gesture-Based Authentication Systems

Clark

Lindqvist

2015

IEEE Pervasive Comput.

View full text Add to dashboard Cite

Gestures are a topic of increasing interest in authentication and successful implementation as a security layer requires reliable gesture recognition. So far much work focuses on new ways to recognize gestures, leaving discussion on the viability of recognition in an authentication scheme to the background.It is unclear how recognition should be deployed for practical and robust real-world authentication. In this article, we analyze the effectiveness of different approaches to recognizing gestures and the potential for use in secure gesture-based authentication systems.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Gradeigh D. Clark

User-generated free-form gestures for authentication

Free-Form Gesture Authentication in the Wild

Of Two Minds, Multiple Addresses, and One History: Characterizing Opinions, Knowledge, and Perceptions of Bitcoin Across Groups

Guessing Attacks on User-Generated Gesture Passwords

Engineering Gesture-Based Authentication Systems

Contact Info

Product

Resources

About