Analysis and bypassing of pattern lock in android smartphone

Rao, V.V. Bapeswara; Chakravarthy, A. S. N.

doi:10.1109/iccic.2016.7919555

Cited by 10 publications

(6 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We found that shoulder surfing attacks had lower success rates with the implementation of our algorithm. The algorithm has proved its efficiency as it reduces the 65% (13/20) success attack rate from one shoulder surfing observation to 25% (1/4) [5]. In testing, we found a user satisfaction rate of 79% (7.9/10) using patterns lock of length six or higher (Table 2).…”

Section: Simulated Attack Success Ratesmentioning

confidence: 75%

See 1 more Smart Citation

Implementing Risk Score to Protect from Android Pattern Lock Attacks

Al-Qaraghuli¹,

Hillier²

2022

Artificial Intelligence and Machine Learning

View full text Add to dashboard Cite

Cyberattacks on Android devices have increased in frequency and commonly occur in physical settings with shoulder surfing and brute-force attacks. These attacks are most common with devices secured by the pattern lock mechanism. This work aims to investigate the various methods that increase the security of Android lock patterns. Research showed that these pattern lock screens are especially vulnerable due to users employing a set of common lock patterns. We propose a pattern-matching algorithm that recognizes these common lock patterns and increases the Risk Score if these passcodes are attempted. The blocking of common passcodes, and identification during the unlocking, reduces the risk of the aforementioned threats to device security. The algorithm we implemented succeeds in deterring users from configuring their devices with commonly used patterns. Overall, our algorithm achieves advanced security compared to current systems by detecting unusual inputs and locking the device when suspicious activity is detected. Our test results show 80% satisfaction from human test subjects when settings the passcode. The algorithm eliminates the use of commonly used patterns and 79% acceptance using our proposed algorithm and blocks access to the device depending on the accuracy score. The proposed algorithm shows remarkable success with limiting brute-force attacks as it proves effective in denying common passcodes.

show abstract

Section: Simulated Attack Success Ratesmentioning

confidence: 75%

“…Many ways that forgetful users or attackers can bypass the lock screen, though these processes are time consuming or result in data loss [5]. Because of these long processes, it is ideal for attackers to directly attack the lock screen.…”

Section: Introductionmentioning

confidence: 99%

Implementing Risk Score to Protect from Android Pattern Lock Attacks

Al-Qaraghuli¹,

Hillier²

2022

Artificial Intelligence and Machine Learning

View full text Add to dashboard Cite

show abstract

“…Thus, the bot can apply brute force attack by setting all the possibilities onto the system which is an NP-hard problem. 1) Shoulder Surfing Attacks: Shoulder surfing attacks occur when a graphical password is generated in public places or it may observe with technical equipment [9,10]. Our CODP scheme can defeat in term of varying the location of characters in Captcha image in each attempt and a new challenge will occur which character is selected to process the next window for drawing the pattern and the grid points will not lead by the correct characters for the new image anymore.…”

Section: Security Analysis and Attacksmentioning

confidence: 99%

“…The graphical password can be used as an alternative to biometric systems or aggregate with them. The main issue of graphical password is shoulder surfing attack to capture the login credential such as during unlocking the smart phone [7], (see at [8][9][10]). In shoulder surfing attack, the login process can capture by direct observation or with external technical equipment (e.g.…”

Section: Introductionmentioning

confidence: 99%

A Captcha-Based Graphical Password with Strong Password Space and Usability Study

Sapkal¹,

Sarulkar²,

Shaikh³

et al. 2023

IJRASET

View full text Add to dashboard Cite

stract: Security for authentication is required to give a superlative secure users’ personal information. This paper presents a model of the Graphical password scheme under the impact of security and ease of use for user authentication. We integrate the concept of recognition with re-called and cued- recall based schemes to offer superior security compared to existing schemes. Click Symbols (CS) Alphabet combine into one entity: Alphanumeric (A) and Visual (V) symbols (CS-AV) is Captcha-based password scheme, we integrate it with recall- based n×n grid points, where a user can draw the shape or pattern by the intersection of the grid points as a way to enter a graphical password. Next scheme, the combination of CS-AV with grid cells allows very large password space (2.4 × 104 bits of entropy) and provides reasonable usability results by determining an empirical study of memorable password space. Proposed schemes support most applicable platform for input devices and promising strong resistance to shoulder surfing attacks on a mobile device which can be occurred during unlocking (pattern) the smartphone

show abstract

“…Moreover, security issues easily occur via a leakage of pattern shapes [34]. Many attack methods may be used against patterns, such as guessing attacks that try to attack by guessing the pattern [6], [13], [38], shoulder surfing attacks that obtain the victim's pattern through an intentionally direct observation [28], [41], smudge attacks leveraging oily residues remaining on a touchscreen [8], and thermal imaging attacks exploiting thermal residues (i.e., heat traces left on a touchscreen, making them visible through thermal imaging) [1].…”

Section: Related Work a Android Pattern Lockmentioning

confidence: 99%

Draw It As Shown: Behavioral Pattern Lock for Mobile User Authentication

Park

Shin

et al. 2019

IEEE Access

View full text Add to dashboard Cite

Android pattern lock is still popularly used for mobile user authentication. Unfortunately, however, many concerns have been raised regarding its security and usability. User-created patterns tend to be simply structured or reduced to a small set. Complex patterns are hard to memorize. Input patterns are susceptible to various attacks, such as guessing attacks, smudge attacks, and shoulder surfing attacks. This paper presents a novel mechanism based on the pattern lock, in which behavioral biometrics are employed to address these problems. Our basic idea starts from turning the lock pattern into public knowledge rather than a secret and leveraging touch dynamics. Users do not need to create their own lock patterns or memorize them. Instead, our system shows a public pattern along with guidance on how to draw it. All the user needs to do for authentication is to draw the pattern as shown. For adversaries, the above-mentioned attacks are rendered useless by this new mechanism. Specifically, we study how to generate the public patterns and how to perform authentication. We considered segments, angles, directions, and turns as units for constructing the lock patterns, and established the public pattern criteria. The results are utilized to generate four public patterns in our experiment. For authentication, we achieved equal error rates (EERs) as low as 2.66% (sitting), 3.53% (walking), and 5.83% (combined). Furthermore, the results of our additional experiments demonstrated that our system preserved performance over time (F1-score = 89.88%, SD = 4.60%), and was sufficiently secure against camera-based recording attacks (FAR = 3.25%).INDEX TERMS Behavioral authentication, android pattern lock, smartphone, machine learning. I. INTRODUCTIONSmartphones have now become a part of our daily lives, and their functionality has significantly increased; hence, mobile user authentication has now turned into an essential mechanism for the security and privacy of users. Currently, various authentication methods such as PIN, passwords, biometrics, and pattern lock, are used among smartphone users, and each scheme has advantages and disadvantages [10], [26].Android pattern lock, which is still widely used for mobile user authentication, dates back to the earlier recall-based systems such as Draw-A-Secret (DAS) [22] and Pass-Go [40]. Users are asked to create and memorize a graphical pattern on a 3 × 3 grid. For authentication, they should remember the pattern, and then draw it with a finger on the grid.The associate editor coordinating the review of this manuscript and approving it for publication was Xiaofan He.

show abstract

Analysis and bypassing of pattern lock in android smartphone

Cited by 10 publications

References 2 publications

Implementing Risk Score to Protect from Android Pattern Lock Attacks

Implementing Risk Score to Protect from Android Pattern Lock Attacks

A Captcha-Based Graphical Password with Strong Password Space and Usability Study

Draw It As Shown: Behavioral Pattern Lock for Mobile User Authentication

Contact Info

Product

Resources

About