Pattern lock has been widely used in smartphones as a simple and effective authentication mechanism, which however is shown to be vulnerable to various attacks. In this paper, we design a novel authentication system for more secure pattern unlocking on smartphones. The basic idea is to utilize various behavior information of the user during pattern unlocking as additional authentication fingerprints, so that even if the pattern password is leaked to an attacker, the system remains safe and protected. To accommodate a variety of user contexts by our system, a context-aware module is proposed to distinguish any of such contexts (e.g., body postures when drawing the pattern) and use it to guide the authentication. Moreover, we design a polyline weighted strategy with overlapping based on the consistency of pattern lock, which analyzes the behavior information of the user during the unlock process in a fine-grained manner and takes an overall consideration the results of different polylines. Based on 14,850 samples collected from 77 participants, we have extensively evaluated the proposed system. The results demonstrate that it outperforms state-of-the-art implicit authentication based pattern lock approaches, and that each key module in our system is effective.
Graphic-pattern-based implicit authentication has been successfully exploited to elevate the security of smartphones. On-screen pressure is one of the key features in such approach since it can reveal users' touch pattern. However, state-of-the-art approaches rely on a system API to obtain on-screen pressure, which is not adequately accurate and cannot meet the demands of robust implicit authentication. To bridge this gap, we propose PresSafe, a novel implicit authentication system that utilizes the smartphone's built-in barometer sensor to measure pressure during the unlocking process, and to utilize the pressure data in authentication. A key technical challenge in utilizing barometer sensing, however, is to understand the user activity through measured pressure. To overcome this challenge, PresSafe leverages barometer data along with data from other conventional but heterogeneous ambient sensors to produce accurate and robust user activity descriptions. PresSafe utilizes a transfer learning based hybrid workflow to integrate user activity representation learning with a lightweight classical authentication algorithm to obtain a unified model. This approach offloads computational cost from the terminal and addresses privacy concerns. To ensure applicability of our approach despite data heterogeneity and insufficient training data, we utilize a channel-adaptive data processing mechanism. Extensive experiments utilizing more than 70,000 records from 23 volunteers in 6 different locations show that PresSafe achieves an FAR of 0.45 %, an FRR of 0.49 %, and an EER of 0.47 %, which clearly demonstrate its superiority over several existing solutions.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.