Skip to main content
SpringerLink
Log in

Towards Constructing Consistent Pattern Strength Meters with User’s Visual Perception

  • Conference paper
  • First Online:
Information Security and Cryptology – ICISC 2022 (ICISC 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13849))

Included in the following conference series:

  • 6494 Accesses

Abstract

Pattern lock strength meters designed for securing Android devices are inconsistent in their metering, e.g., assigning higher scores to weaker patterns. In this paper, we raise this inconsistency problem by analyzing five existing pattern strength meters. We reveal that they commonly miss some important visual features and even assign erroneous weights to features. As a preliminary study toward a consistent pattern strength meter in the future, we design a rigorous user study to identify the visual features of a pattern that correspond to real-world users’ criteria to score the strength of the pattern. We conducted an online survey for 3,851 users to collect reliable labels for 625 patterns. The statistical result of the user study sheds light on a pattern strength meter that reflects the user’s visual perception with various visual features.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Abdelrahman, Y., Khamis, M., Schneegass, S., Alt, F.: Stay Cool! Understanding thermal attacks on mobile-based user authentication. In: Conference on Human Factors in Computing Systems, pp. 3751–3763. CHI 2017, ACM, USA (2017). https://doi.org/10.1145/3025453.3025461. http://doi.acm.org/10.1145/3025453.3025461

  2. Andriotis, P., Tryfonas, T., Oikonomou, G.: Complexity metrics and user strength perceptions of the pattern-lock graphical authentication method. In: Tryfonas, T., Askoxylakis, I. (eds.) HAS 2014. LNCS, vol. 8533, pp. 115–126. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-07620-1_11

    Chapter  Google Scholar 

  3. Aviv, A.J., Budzitowski, D., Kuber, R.: Is Bigger better? comparing user-generated passwords on 3x3 vs. 4x4 grid sizes for android’s pattern unlock. In: Annual Computer Security Applications Conference, pp. 301–310. ACSAC 2015. ACM (2015)

    Google Scholar 

  4. Aviv, A.J., Gibson, K., Mossop, E., Blaze, M., Smith, J.M.: Smudge attacks on smartphone touch screens. In: Workshop on Offensive Technologies, pp. 1–7. WOOT 2010. USENIX (2010)

    Google Scholar 

  5. Biddle, R., Chiasson, S., Van Oorschot, P.C.: Graphical passwords: learning from the first twelve years. ACM Comput. Surv. (CSUR) 44(4), 19 (2012)

    Article  MATH  Google Scholar 

  6. Bier, A., Kapczyński, A., Sroczyński, Z.: Pattern lock evaluation framework for mobile devices: human perception of the pattern strength measure. In: Gruca, A., Czachórski, T., Harezlak, K., Kozielski, S., Piotrowska, A. (eds.) ICMMI 2017. AISC, vol. 659, pp. 33–42. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-67792-7_4

    Chapter  Google Scholar 

  7. Buriro, A., Crispo, B., DelFrari, F., Wrona, K.: Hold and sign: a novel behavioral biometrics for smartphone user authentication. In: the Security and Privacy Workshops, pp. 276–285. SPW 2016. IEEE (2016)

    Google Scholar 

  8. Burr, W., Dodson, D., Polk, W.: Electronic authentication guideline. Tech. rep, National Institute of Standards and Technology (2004)

    Google Scholar 

  9. Castelluccia, C., Dürmuth, M., Perito, D.: Adaptive password-strength meters from Markov models. In: NDSS (2012)

    Google Scholar 

  10. Cha, S., Kwag, S., Kim, H., Huh, J.H.: Boosting the guessing attack performance on android lock patterns with smudge attacks. In: Asia Conference on Computer and Communications Security, pp. 313–326. AsiaCCS 2017. ACM (2017)

    Google Scholar 

  11. Cho, G., Huh, J.H., Cho, J., Oh, S., Song, Y., Kim, H.: SysPal: system-guided pattern locks for android. In: Symposium on Security and Privacy, pp. 338–356. S & P 2017. IEEE (2017)

    Google Scholar 

  12. Crawford, H., Ahmadzadeh, E.: Authentication on the go: assessing the effect of movement on mobile device keystroke dynamics. In: Symposium on Usable Privacy and Security, pp. 163–173. SOUPS 2017. USENIX (2017)

    Google Scholar 

  13. De Carnavalet, X.D.C., Mannan, M., et al.: From very weak to very strong: analyzing password-strength meters. In: NDSS, vol.14, pp. 23–26 (2014)

    Google Scholar 

  14. Egelman, S., Sotirakopoulos, A., Muslukhov, I., Beznosov, K., Herley, C.: Does my password go up to eleven?: the impact of password meters on password selection. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 2379–2388. ACM (2013)

    Google Scholar 

  15. Frank, M., Biedert, R., Ma, E., Martinovic, I., Song, D.: Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometric for Continuous Authentication. IEEE Trans. Inf. Forensics Secur. 8(1), 136–148 (2013)

    Google Scholar 

  16. Harbach, M., De Luca, A., Egelman, S.: The anatomy of smartphone unlocking: a field study of android lock screens. In: Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems, pp. 4806–4817. ACM (2016)

    Google Scholar 

  17. Higashikawa, S., Kosugi, T., Kitajima, S., Mambo, M.: Shoulder-surfing resistant authentication using pass pattern of pattern lock. IEICE Trans. Inf. Syst. 101(1), 45–52 (2018)

    Article  Google Scholar 

  18. Jermyn, I., Mayer, A., Monrose, F., Reiter, M.K., Rubin, A.D.: The design and analysis of graphical passwords. In: 8th Usenix Security Symposium. USENIX (1999)

    Google Scholar 

  19. Komanduri, S., Shay, R., Cranor, L.F., Herley, C., Schechter, S.: Telepathwords: preventing weak passwords by reading users’ minds. In: 23rd \(\{\)USENIX\(\}\) Security Symposium (\(\{\)USENIX\(\}\) Security 14), pp. 591–606 (2014)

    Google Scholar 

  20. Ku, Y., Park, L.H., Shin, S., Kwon, T.: Draw it as shown: behavioral pattern lock for mobile user authentication. IEEE Access 7, 69363–69378 (2019)

    Article  Google Scholar 

  21. Kunda, D., Chishimba, M.: A survey of android mobile phone authentication schemes. Mobile Netw. Appl. 26, 2558–2566 (2018)

    Google Scholar 

  22. Lashkari, A.H., Farmand, S., Zakaria, D., Bin, O., Saleh, D., et al.: shoulder surfing attack in graphical password authentication. arXiv preprint arXiv:0912.0951 (2009)

  23. Li, L., Zhao, X., Xue, G.: Unobservable re-authentication for smartphones. In: Network and Distributed System Security Symposium, NDSS 2013 (2013)

    Google Scholar 

  24. Pedregosa, F., et al.: Scikit-learn: Machine learning in Python. J. Mach. Learn. Res. 12, 2825–2830 (2011)

    MathSciNet  MATH  Google Scholar 

  25. Rao, V.V., Chakravarthy, A.: Analysis and bypassing of pattern lock in android smartphone. In: 2016 IEEE International Conference on Computational Intelligence and Computing Research (ICCIC), pp. 1–3. IEEE (2016)

    Google Scholar 

  26. Sitová, Z., et al.: HMOG: new behavioral biometric features for continuous authentication of smartphone users. IEEE Trans. Inf. Forensics Secur. 11(5), 877–892 (2016)

    Google Scholar 

  27. Song, Y., Cho, G., Oh, S., Kim, H., Huh, J.H.: On the effectiveness of pattern lock strength meters: measuring the strength of real world pattern locks. In: Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems, pp. 2343–2352. ACM (2015)

    Google Scholar 

  28. Standing, L., Conezio, J., Haber, R.N.: Perception and memory for pictures: single-trial learning of 2500 visual stimuli. Psychonomic Sci. 19(2), 73–74 (1970)

    Article  Google Scholar 

  29. Sun, C., Wang, Y., Zheng, J.: Dissecting pattern unlock: the effect of pattern strength meter on pattern selection. J. Inf. Secur. Appl. 19(4–5), 308–320 (2014)

    Google Scholar 

  30. Tao, H., Adams, C.: Pass-go: a proposal to improve the usability of graphical passwords. IJ Netw. Secur. 7(2), 273–292 (2008)

    Google Scholar 

  31. Tari, F., Ozok, A., Holden, S.H.: A Comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords. In: Symposium on Usable Privacy and Security, pp. 56–66. SOUPS 2006. ACM (2006)

    Google Scholar 

  32. Uellenbeck, S., Dürmuth, M., Wolf, C., Holz, T.: Quantifying the security of graphical passwords: the case of android unlock patterns. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 161–172. ACM (2013)

    Google Scholar 

  33. Ur, B., et al.: Design and evaluation of a data-driven password meter. In: Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems, pp. 3775–3786. ACM (2017)

    Google Scholar 

  34. Ur, B., et al.: How does your password measure up? the effect of strength meters on password creation. In: Presented as part of the 21st \(\{\)USENIX\(\}\) Security Symposium (\(\{\)USENIX\(\}\) Security 12), pp. 65–80 (2012)

    Google Scholar 

  35. Van Bruggen, D.: Studying the impact of security awareness efforts on user behavior, Ph. D. thesis, University of Notre Dame (2014)

    Google Scholar 

  36. Von Zezschwitz, E., De Luca, A., Janssen, P., Hussmann, H.: Easy to draw, but hard to trace?: on the observability of grid-based (un) lock patterns. In: Conference on Human Factors in Computing Systems, pp. 2339–2342. CHI 2015. ACM (2015)

    Google Scholar 

  37. Von Zezschwitz, E., Dunphy, P., De Luca, A.: Patterns in the wild: a field study of the usability of pattern and pin-based authentication on mobile devices. In: Proceedings of the 15th International Conference on Human-computer Interaction With Mobile Devices and Services, pp. 261–270. ACM (2013)

    Google Scholar 

  38. Von Zezschwitz, E., Koslow, A., De Luca, A., Hussmann, H.: Making Graphic-based Authentication Secure against Smudge Attacks. In: Proceedings International Conference on Intelligent User Interfaces, pp. 277–286. IUI 2013. ACM (2013)

    Google Scholar 

  39. Wheeler, D.L.: zxcvbn: Low-budget password strength estimation. In: 25th \(\{\)USENIX\(\}\) Security Symposium (\(\{\)USENIX\(\}\) Security 16), pp. 157–173 (2016)

    Google Scholar 

  40. Xu, H., Zhou, Y., Lyu, M.R.: Towards continuous and passive authentication via touch biometrics: an experimental study on smartphones. In: Symposium on Usable Privacy and Security. SOUPS 2014, vol. 14, pp. 187–198 (2014)

    Google Scholar 

  41. Ye, G., et al.: Cracking android pattern lock in five attempts. In: Network and Distributed System Security Symposium, NDSS 2017 (2017)

    Google Scholar 

  42. Ye, G., et al.: A video-based attack for android pattern lock. ACM Trans. Privacy Secur. (TOPS) 21(4), 19 (2018)

    Google Scholar 

  43. Zakaria, N.H., Griffiths, D., Brostoff, S., Yan, J.: Shoulder surfing defence for recall-based graphical passwords. In: Symposium on Usable Privacy and Security, p. 6. SOUPS 2011. ACM (2011)

    Google Scholar 

Download references

Acknowledgements

This work was supported by the National Research Foundation of Korea (NRF) grant funded by the Korea government (MSIT) (No. NRF-2019R1A2C1088802).

Author information

Authors and Affiliations

  1. Yonsei University, Seoul, South Korea

    Leo Hyun Park, Eunbi Hwang & Taekyoung Kwon

  2. Ministry of National Defense, Seoul, South Korea

    Donggun Lee

Authors
  1. Leo Hyun Park
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Eunbi Hwang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Donggun Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Taekyoung Kwon
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Taekyoung Kwon .

Editor information

Editors and Affiliations

  1. Hanyang University, Ansan, Korea (Republic of)

    Seung-Hyun Seo

  2. Hansung University, Seoul, Korea (Republic of)

    Hwajeong Seo

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Park, L.H., Hwang, E., Lee, D., Kwon, T. (2023). Towards Constructing Consistent Pattern Strength Meters with User’s Visual Perception. In: Seo, SH., Seo, H. (eds) Information Security and Cryptology – ICISC 2022. ICISC 2022. Lecture Notes in Computer Science, vol 13849. Springer, Cham. https://doi.org/10.1007/978-3-031-29371-9_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-29371-9_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-29370-2

  • Online ISBN: 978-3-031-29371-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation