Skip to main content
SpringerLink
Log in

ZoomPass: A Zoom-Based Android Unlock Scheme on Smart Devices

  • Conference paper
  • First Online:
Science of Cyber Security (SciSec 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13580))

Included in the following conference series:

Abstract

Modern smart devices such as smartphones are able to provide various services, including checking online banking, watching video and listening to music. Due to the intelligence and popularity, such devices are also used as storage space for recording users’ private information such as personal photos, credit card number, videos and more. This creates a need for protecting the devices from unauthorized access. Currently, many unlock schemes have been developed, in which Android unlock pattern is the most widely used scheme. However, traditional Android unlock pattern is vulnerable to different threats due to the limited pattern space. To enhance the security, one major direction is to combine biometric features with Android unlock pattern. In this work, motivated by this trend, we propose an enhanced Android unlock scheme based on zoom actions. More specifically, users can select two dots and perform a zoom action (either zoom-in or zoom-out) over each dot for authentication. In the study with 30 participants, our scheme demonstrates good performance in terms of usability and security.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Aviv, A.J., Gibson, K., Mossop, E., Blaze, M., Smith, J.M.: Smudge attacks on smartphone touch screens. In: Proceedings of the 4th USENIX Conference on Offensive Technologies, pp. 1–7. USENIX Association, (2010)

    Google Scholar 

  2. Chiasson, S., Biddle, R., van Oorschot, P.C.: A second look at the usability of click-based graphical passwords. In: Proceedings of the 3rd Symposium on Usable Privacy and Security (SOUPS), pp. 1–12. ACM, New York (2007)

    Google Scholar 

  3. Chiasson, S., Stobert, E., Forget, A., Biddle, R.: Persuasive cued click-points: design, implementation, and evaluation of a knowledge-based authentication mechanism. IEEE Trans. Dependable Secure Comput. 9(2), 222–235 (2012)

    Article  Google Scholar 

  4. Chakraborty, N., Anand, S.V., Mondal, S.: Towards identifying and preventing behavioral side channel attack on recording attack resilient unaided authentication services. Comput. Secur. 84, 193–205 (2019)

    Article  Google Scholar 

  5. De Luca, A., Hang, A., Brudy, F., Lindner, C., Hussmann, H.: Touch Me Once and I Know It’s You!: implicit authentication based on touch screen patterns. In: Proceedings of CHI, pp. 987–996. ACM (2012)

    Google Scholar 

  6. Dirik, A.E., Memon, N., Birget, J.C.: Modeling user choice in the passpoints graphical password scheme. In: Proceedings of the 3rd Symposium on Usable privacy and security (SOUPS), pp. 20–28. ACM, New York (2007)

    Google Scholar 

  7. Dunphy, P., Yan, J.: Do background images improve “a secret” graphical passwords? In: Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS), pp. 36–47 (2007)

    Google Scholar 

  8. Feng, T., Liu, Z., Kwon, K.-A., Shi, W., Carbunary, B., Jiang, Y., Nguyen, N.: Continuous mobile authentication using touchscreen gestures. In: Proceedings of the 2012 IEEE Conference on Technologies for Homeland Security (HST), pp. 451–456. IEEE, USA (2012)

    Google Scholar 

  9. Fox, S.: Future Online Password Could be a Map (2010). http://www.livescience.com/8622-future-online-password-map.html

  10. Frank, M., Biedert, R., Ma, E., Martinovic, I., Song, D.: Touchalytics: on the applicability of touchscreen input as a behavioral biometric for continuous authentication. IEEE Trans. Inf. Forensics Secur. 8(1), 136–148 (2013)

    Article  Google Scholar 

  11. Forman, T.J., Aviv, A.J.: Double patterns: a usable solution to increase the security of android unlock patterns. In: ACSAC 2020, pp. 219–233 (2020)

    Google Scholar 

  12. Frik, A., Kim, J., Sanchez, J.R., Ma, J.: Users’ expectations about and use of smartphone privacy and security settings. In: CHI 2022, 407, pp. 1–407:24 (2022)

    Google Scholar 

  13. Gołofit, K.: Click passwords under investigation. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 343–358. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74835-9_23

    Chapter  Google Scholar 

  14. Jermyn, I., Mayer, A., Monrose, F., Reiter, M.K., Rubin, A.D.: The Design and Analysis of Graphical Passwords. In: Proceedings of the 8th Conference on USENIX Security Symposium, pp. 1–14. USENIX Association, Berkeley (1999)

    Google Scholar 

  15. LIBSVM - A Library for Support Vector Machines. https://www.csie.ntu.edu.tw/cjlin/libsvm/

  16. Lin, D., Dunphy, P., Olivier, P., Yan, J.: Graphical passwords & qualitative spatial relations. In: Proceedings of the 3rd Symposium on Usable Privacy and Security (SOUPS), pp. 161–162 (2007)

    Google Scholar 

  17. Li, W., Tan, J., Meng, W., Wang, Y., Li, J.: SwipeVLock: a supervised unlocking mechanism based on swipe behavior on smartphones. In: The 2nd International Conference on Machine Learning for Cyber Security (ML4CS), pp, 140-153 (2019)

    Google Scholar 

  18. Li, W., Tan, J., Meng, W., Wang, Y.: A swipe-based unlocking mechanism with supervised learning on smartphones: design and evaluation. J. Netw. Comput. Appl. 165, 102687 (2020)

    Article  Google Scholar 

  19. Li, W., Meng, W., Furnell, S.: Exploring touch-based behavioral authentication on smartphone email applications in IoT-enabled Smart Cities. Pattern Recogn. Lett. 144, 35–41 (2021)

    Google Scholar 

  20. Li, W., Wang, Y., Tan, J., Zhu, N.: DCUS: evaluating double-click-based unlocking scheme on smartphones. Mob. Networks Appl. 27(1), 382–391 (2022)

    Google Scholar 

  21. W. Li, J. Tan, N. Zhu.: Double-X: towards double-cross-based unlock mechanism on smartphones. In: Proceedings of the 37th International Conference on ICT Systems Security and Privacy Protection (IFIP SEC), pp. 412–428 (2022)

    Google Scholar 

  22. Meng, W.: Graphical authentication. In: Jajodia, S., Samarati, P., Yung, M. (eds.) Encyclopedia of Cryptography, Security and Privacy. Springer (2021)

    Google Scholar 

  23. Meng, Y.: Designing Click-Draw Based Graphical Password Scheme for Better Authentication. In: Proceedings of the 7th IEEE International Conference on Networking, Architecture, and Storage (NAS), pp. 39–48 (2012)

    Google Scholar 

  24. Meng, Y., Li, W.: Evaluating the effect of tolerance on click-draw based graphical password scheme. In: Chim, T.W., Yuen, T.H. (eds.) ICICS 2012. LNCS, vol. 7618, pp. 349–356. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34129-8_32

    Chapter  Google Scholar 

  25. Meng, Y., Li, W.: Evaluating the effect of user guidelines on creating click-draw based graphical passwords. In: Proceedings of the 2012 ACM Research in Applied Computation Symposium (RACS), pp. 322–327 (2012)

    Google Scholar 

  26. Meng, Y., Wong, D.S., Schlegel, R., Kwok, L.: Touch gestures based biometric authentication scheme for touchscreen mobile phones. In: Kutyłowski, M., Yung, M. (eds.) Inscrypt 2012. LNCS, vol. 7763, pp. 331–350. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38519-3_21

    Chapter  Google Scholar 

  27. Meng, Y., Li, W., Kwok, L.-F.: Enhancing click-draw based graphical passwords using multi-touch on mobile phones. In: Proceedings of the 28th IFIP TC 11 International Information Security and Privacy Conference (IFIP SEC), IFIP Advances in Information and Communication Technology 405, pp. 55–68 (2013)

    Google Scholar 

  28. Meng, W., Wong, D.S., Furnell, S., Zhou, J.: Surveying the development of biometric user authentication on mobile phones. IEEE Commun. Surv. Tutorials 17(3), 1268–1293 (2015)

    Article  Google Scholar 

  29. Meng, W.: RouteMap: a route and map based graphical password scheme for better multiple password memory. In: Proceedings of the 9th International Conference on Network and System Security (NSS), pp. 147–161 (2015)

    Google Scholar 

  30. Meng, W.: Evaluating the effect of multi-touch behaviours on android unlock patterns. Inf. Comput. Secur. 24(3), 277–287, Emerald (2016)

    Google Scholar 

  31. Meng, W., Li, W., Jiang, L., Meng, L.: On multiple password interference of touch screen patterns and text passwords. In: ACM Conference on Human Factors in Computing Systems (CHI 2016), pp. 4818–4822 (2016)

    Google Scholar 

  32. Meng, W., Li, W., Wong, D.S., Zhou, J.: TMGuard: a touch movement-based security mechanism for screen unlock patterns on smartphones. In: Proceedings of the 14th International Conference on Applied Cryptography and Network Security (ACNS), pp. 629–647 (2016)

    Google Scholar 

  33. Meng, W., Lee, W.H., Liu, Z., Su, C., Li, Y.: Evaluating the impact of juice filming charging attack in practical environments. In: Proceedings of ICISC, pp. 327-338 (2017)

    Google Scholar 

  34. Meng, W., Fei, F., Li, W., Au, M.H.: Harvesting smartphone privacy through enhanced juice filming charging attacks. In: Proceedings of ISC, pp. 291–308 (2017)

    Google Scholar 

  35. Meng, W., Li, W., Kwok, L.-F., Choo, K.-K.R.: Towards enhancing click-draw based graphical passwords using multi-touch behaviours on smartphones. Comput. Secur. 65, 213–229 (2017)

    Article  Google Scholar 

  36. Meng, W., Li, W., Lee, W., Jiang, L., Zhou, J.: A pilot study of multiple password interference between text and map-based passwords. In: Proceedings of the 15th International Conference on Applied Cryptography and Network Security (ACNS), pp. 145–162 (2017)

    Google Scholar 

  37. Meng, W., Lee, W., Au, M.H., Liu, Z.: Exploring effect of location number on map-based graphical password authentication. In: Proceedings of the 22nd Australasian Conference on Information Security and Privacy (ACISP), pp. 301-313 (2017)

    Google Scholar 

  38. Meng, W., Jiang, L., Wang, Y., Li, J., Zhang, J., Xiang, Y.: JFCGuard: detecting juice filming charging attack via processor usage analysis on smartphones. Comput. Secur. 76, 252–264 (2018)

    Article  Google Scholar 

  39. Meng, W., Zhu, L., Li, W., Han, J., Li, Y.: Enhancing the security of FinTech applications with map-based graphical password authentication. Futur. Gener. Comput. Syst. 101, 1018–1027 (2019)

    Article  Google Scholar 

  40. Meng, W., Jiang, L., Choo, K.K.R., Wang, Y., Jiang, C.: Towards detection of juice filming charging attacks via supervised CPU usage analysis on smartphones. Comput. Electr. Eng. 78, 230–241 (2019)

    Article  Google Scholar 

  41. Nelson, D.L., Reed, V.S., Walling, J.R.: Pictorial superiority effect. J. Exp. Psychol. Hum. Learn. Memory 2(5), 523–528 (1976)

    Article  Google Scholar 

  42. Nyang, D., Kim, H., Lee, W., Kang, S., Cho, G., Lee, M.K., Mohaisen, A.: Two-thumbs-up: physical protection for PIN entry secure against recording attacks. Comput. Secur. 78, 1–15 (2018)

    Article  Google Scholar 

  43. Passfaces. http://www.realuser.com/

  44. Quinlan, J.R.: Improved use of continuous attributes in C4.5. J. Artif. Intell. Res. 4(1), 77–90 (1996)

    Google Scholar 

  45. Rennie, J.D.M., Shih, L., Teevan, J., Karger, D.R.: Tackling the poor assumptions of naive bayes text classifiers. In: Proceedings of the 20th International Conference on Machine Learning, pp. 616–623 (2003)

    Google Scholar 

  46. Rumelhart, D., Hinton, G., Williams, R.: Learning representations by back-propagating errors. Nature 323, 533–536 (1986)

    Article  Google Scholar 

  47. Spitzer, J., Singh, C., Schweitzer, D.: A security class project in graphical passwords. J. Comput. Sci. Coll. 26(2), 7–13 (2010)

    Google Scholar 

  48. Shahzad, M., Liu, A.X., Samuel, A.: Behavior based human authentication on touch screen devices using gestures and signatures. IEEE Trans. Mob. Comput. 16(10), 2726–2741 (2017)

    Article  Google Scholar 

  49. Sharma, V., Enbody, R.: User authentication and identification from user interface interactions on touch-enabled devices. In: Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), pp. 1–11 (2017)

    Google Scholar 

  50. Suo, X., Zhu, Y., Owen, G.S.: Graphical passwords: a survey. In: Proceedings of the 21st Annual Computer Security Applications Conference (ACSAC), pp. 463–472. IEEE Computer Society, USA (2005)

    Google Scholar 

  51. Sun, H., Chen, Y., Fang, C., Chang, S.: PassMap: a map based graphical-password authentication system. In: Proceedings of AsiaCCS, pp. 99–100 (2012)

    Google Scholar 

  52. Stylios, I., Kokolakis, S., Thanou, O., Chatzis, S.: Behavioral biometrics & continuous user authentication on mobile devices: A survey. Inf. Fusion 66, 76–99 (2021)

    Article  Google Scholar 

  53. Tao, H., Adams, C.: Pass-Go: a proposal to improve the usability of graphical passwords. Int. J. Network Secur. 2(7), 273–292 (2008)

    Google Scholar 

  54. Thorpe, J., MacRae, B., Salehi-Abari, A.: Usability and security evaluation of GeoPass: a geographic location-password scheme. In: Proceedings of the 9th Symposium on Usable Privacy and Security (SOUPS), pp. 1–14 (2013)

    Google Scholar 

  55. Wang, L., Meng, W., Li, W.: Towards DTW-based unlock scheme using handwritten graphics on smartphones. In: The 17th International Conference on Mobility, Sensing and Networking (IEEE MSN), pp. 486–493 (2021)

    Google Scholar 

  56. Weka: Machine Learning Software in Java. https://www.cs.waikato.ac.nz/ml/weka/

  57. Wiedenbeck, S., Waters, J., Birget, J.-C., Brodskiy, A., Memon, N.: Passpoints: design and longitudinal evaluation of a graphical password system. Int. J. Hum Comput Stud. 63(1–2), 102–127 (2005)

    Article  Google Scholar 

  58. Yan, J., Blackwell, A., Anderson, R., Grant, A.: Password memorability and security: empirical results. IEEE Secur. Priv. 2, 25–31 (2004)

    Article  Google Scholar 

  59. Yu, X., Wang, Z., Li, Y., Li, L., Zhu, W.T., Song, L.: EvoPass: evolvable graphical password against shoulder-surfing attacks. Comput. Secur. 70, 179–198 (2017)

    Article  Google Scholar 

  60. Zheng, N., Bai, K., Huang, H., Wang, H.: You are how you touch: user verification on smartphones via tapping behaviors. In: Proceedings of the 2014 International Conference on Network Protocols (ICNP), pp. 221–232 (2014)

    Google Scholar 

  61. Zhou, T., Liu, L., Wang, H., Li, W., Jiang, C.: PassGrid: towards graph-supplemented textual shoulder surfing resistant authentication. In: Proceedings of the 5th International Symposium on Security and Privacy in Social Networks and Big Data (SocialSec), pp. 251–263 (2019)

    Google Scholar 

Download references

Acknowledgments

We would like to thank all the participants for their hard work in the user study. This work was partially supported by National Natural Science Foundation of China (No. 62102106).

Author information

Authors and Affiliations

  1. Department of Electronic Systems, Aalborg University, Aalborg, Denmark

    Thomas Gleerup

  2. Department of Electronic and Information Engineering, The Hong Kong Polytechnic University, Hung Hom, China

    Wenjuan Li

  3. Institute of Artificial Intelligence and Blockchain, Guangzhou University, Guangzhou, China

    Wenjuan Li & Yu Wang

  4. KOTO Research Center, Macao, China

    Jiao Tan

Authors
  1. Thomas Gleerup
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Wenjuan Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jiao Tan
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yu Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Wenjuan Li .

Editor information

Editors and Affiliations

  1. University of Aizu, Aizuwakamatsu, Fukushima, Japan

    Chunhua Su

  2. Kyushu University, Fukuoka, Japan

    Kouichi Sakurai

  3. Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China

    Feng Liu

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Gleerup, T., Li, W., Tan, J., Wang, Y. (2022). ZoomPass: A Zoom-Based Android Unlock Scheme on Smart Devices. In: Su, C., Sakurai, K., Liu, F. (eds) Science of Cyber Security. SciSec 2022. Lecture Notes in Computer Science, vol 13580. Springer, Cham. https://doi.org/10.1007/978-3-031-17551-0_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-17551-0_16

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-17550-3

  • Online ISBN: 978-3-031-17551-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation