Browse > Article
http://dx.doi.org/10.13089/JKIISC.2011.21.1.135

User authentication using touch positions in a touch-screen interface  

Kim, Jin-Bok (School of Computer and Information Engineering, Inha University)
Lee, Mun-Kyu (School of Computer and Information Engineering, Inha University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.21, no.1, 2011 , pp. 135-141 More about this Journal
Abstract
Recent advances in mobile devices and development of various mobile applications dealing with private information of users made user authentication in mobile devices a very important issue. This paper presents a new user authentication method based on touch screen interfaces. This method uses for authentication the PIN digits as well as the exact locations the user touches to input these digits. Our method is fully compatible with the regular PIN entry method which uses numeric keypads, and it provides better usability than the behavioral biometric schemes because its PIN registration process is much simpler. According to our experiments, our method guarantees EERs of 12.8%, 8.3%, and 9.3% for 4-digit PINs, 6-digit PINs, and 11-digit cell phone numbers, respectively, under the extremely conservative assumption that all users have the same PIN digits and cell phone numbers. Thus we can guarantee much higher performance in identification functionality by applying this result to a more practical situation where every user uses distinct PIN and sell phone number. Finally, our method is far more secure than the regular PIN entry method, which is verified by our experiments where attackers are required to recover a PIN after observing the PIN entry processes of the regular PIN and our method under the same level of security parameters.
Keywords
password; personal identification number; shoulder surfing; touch-screen; touch position;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Xiaoyuan Suo, Ying Zhu and G.Scott. Owen, "Graphical passwords: a survey," ACSAC, 2005.
2 Maja Pusara and Carla E. Brodley, "User re-authentication via mouse movements," CizSEC/DMSEC'04, Oct. 2004.
3 sfr, "http://www.viskey.com/tech.html"
4 W. Jansen, "Authenticating mobile device users through image selection," Data Security, May 2004.
5 RealUser, http://www.realuser.com/enterprise/ products/for_windows.htm
6 N.L. Clarke, S.M. Furnell, B.M. Lines and P.L. Reynolds, "Keystroke dynamics on a mobile handset: a feasibility study," Information Management & Computer Security, pp. 161-166, Nov. 2003.
7 Pilsung Kang, Sunghoon Park, Seong-seob Hwang, Hyoung-joo Lee and Sungzoon Cho, "Improvement of keystroke data quality through artificial rhythms and cues," COMPUTER & SECURITY, vol. 27, pp. 3-11, Feb. 2008.   DOI   ScienceOn
8 L.D. Paulson, "Taking a graphical approach to the password," COMPUTER, vol. 35, pp. 19, 2002.
9 S. Wiedenbeck, J. Waters and J.C. Birget, "Design and evaluation of a shoulder- surfing resistant graphical password scheme," International J. of Human-Computer, Studies 63, pp. 102-127, Sep. 2005.   DOI   ScienceOn
10 S. Wiedenbeck, J. Waters, L. Sobrado and J.-C. Birget and A. Brodskiy and N. Memon, "Passpoints: design and longitudinal evaluation of a graphical password system," In Proc. of AVI''06, May 2006.
11 Philippe Golle and David Wagner, "Cryptanalysis of a congnitive authentication scheme," SP'07, pp. 66-70, May 2007.
12 신동오, 강전일, 맹영재, 양대헌, "S3PAS의 교차 공격에 대한 취약성 분석," 한국정보보호학회 동계학술대회 논문집, 19(2), pp. 409, 2009년 12월.
13 Chang Soon Kim and Mun-Kyu Lee, "Secure and user friendly PIN entry method," ICCE 2010, pp. 203-204, 2010.
14 R. Dhamija and A. Perrig, "Deja vu: a user study using images for authentication," In Proc. of the 9th USENIX Security Symposium, 2000.
15 N.L. Clarke and S.M. Furnell, "Advanced user authentication for mobile devices," COMPUTER & SECURITY, vol. 26, pp. 109-119, Aug. 2006.
16 I. Jermyn, A. Mayer, F. Monrose, M. K. Reiter and A.D. Rubin, "The design and analysis of graphical passwords," In Proc. of the 8th USENIX Security Symposium, 1999.