Skip to main content
SpringerLink
Log in

RePaLM: A Data-Driven AI Assistant for Making Stronger Pattern Choices

  • Conference paper
  • First Online:
Human-Computer Interaction – INTERACT 2023 (INTERACT 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14144))

Included in the following conference series:

  • 661 Accesses

Abstract

Security mechanisms based on patterns, such as Pattern Lock, are commonly used to prevent unauthorized access. They introduce several benefits, such as ease of use, an additional layer of security, convenience, and versatility. However, many users tend to create simple and easily predictable patterns. To address this issue, we propose a data-driven real-time assistant approach called RePaLM. RePaLM is a neural network-based assistant that provides users with information about less commonly used pattern points, aiming to help users to make stronger, less predictable pattern choices. Our user study shows that RePaLM can effectively nudge users towards using less predictable patterns without compromising memorability. Overall, RePaLM is a promising solution for enhancing the security of pattern-based authentication systems.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    We use the term “Pattern Lock” to describe securing a device by creating a custom pattern in a 3\(\,\times \,\)3 grid. In literature, similar terms are “unlock pattern”, “unlock gesture”, “Android password pattern” and “Android unlock pattern”.

References

  1. Abdelrahman, Y., Khamis, M., Schneegass, S., Alt, F.: Stay Cool! Understanding thermal attacks on mobile-based user authentication. In: Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems, pp. 3751–3763. CHI 2017, Association for Computing Machinery, New York, USA (2017). https://doi.org/10.1145/3025453.3025461

  2. Alotaibi, N., Williamson, J., Khamis, M.: ThermoSecure: investigating the effectiveness of AI-driven thermal attacks on commonly used computer keyboards. ACM Trans. Priv. Secur. (2022). https://doi.org/10.1145/3563693

    Article  Google Scholar 

  3. Alt, F., Mikusz, M., Schneegass, S., Bulling, A.: Memorability of cued-recall graphical passwords with saliency masks. In: Proceedings of the 15th International Conference on Mobile and Ubiquitous Multimedia, pp. 191–200. MUM 2016, Association for Computing Machinery, New York, USA (2016). https://doi.org/10.1145/3012709.3012730

  4. Andriotis, P., Kirby, M., Takasu, A.: Bu-Dash: a universal and dynamic graphical password scheme. Int. J. Inf. Secur. 22, 1–21 (2022)

    Google Scholar 

  5. Anwar, M., Imran, A.: A comparative study of graphical and alphanumeric passwords for mobile device authentication. In: Modern Artificial Intelligence & Cognitive Science Conference (MAICS), pp. 13–18 (2015)

    Google Scholar 

  6. Arias-Cabarcos, P., Krupitzer, C., Becker, C.: A survey on adaptive authentication. ACM Comput. Surv. 52(4), 1–30 (2019). https://doi.org/10.1145/3336117

  7. Aviv, A.J., Dürmuth, M.: A survey of collection methods and cross-data set comparison of Android Unlock patterns. arXiv preprint arXiv:1811.10548 (2018)

  8. Aviv, A.J., Gibson, K., Mossop, E., Blaze, M., Smith, J.M.: Smudge attacks on smartphone touch screens. In: 4th USENIX Workshop on Offensive Technologies (WOOT 10) (2010)

    Google Scholar 

  9. De Luca, A., et al.: Now you see me, now you don’t: protecting smartphone authentication from shoulder surfers. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 2937–2946. CHI 2014, Association for Computing Machinery, New York, USA (2014). https://doi.org/10.1145/2556288.2557097

  10. Forman, T.J., Roche, D.S., Aviv, A.J.: Twice as nice? A preliminary evaluation of double Android Unlock patterns. In: Extended Abstracts of the 2020 CHI Conference on Human Factors in Computing Systems, pp. 1–7. CHI EA 2020, Association for Computing Machinery, New York, USA (2020). https://doi.org/10.1145/3334480.3382922

  11. Furnell, S.: Assessing website password practices - unchanged after fifteen years? Computers & Security (2022)

    Google Scholar 

  12. Golla, M., Rimkus, J., Aviv, A.J., Dürmuth, M.: On the in-accuracy and influence of Android pattern strength meters. In: Workshop on Usable Security, USEC. vol. 19 (2019)

    Google Scholar 

  13. Guerar, M., Merlo, A., Migliardi, M.: ClickPattern: a pattern lock system resilient to smudge and side-channel attacks. J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl. 8(2), 64–78 (2017)

    Google Scholar 

  14. Gugenheimer, J., De Luca, A., Hess, H., Karg, S., Wolf, D., Rukzio, E.: ColorSnakes: using colored decoys to secure authentication in sensitive contexts. In: Proceedings of the 17th International Conference on Human-Computer Interaction with Mobile Devices and Services, pp. 274–283. MobileHCI 2015, Association for Computing Machinery, New York, USA (2015). https://doi.org/10.1145/2785830.2785834

  15. Hartwig, K., Englisch, A., Thomson, J.P., Reuter, C.: Finding secret treasure? Improving memorized secrets through gamification. In: Proceedings of the 2021 European Symposium on Usable Security, pp. 105–117. EuroUSEC 2021, Association for Computing Machinery, New York, USA (2021). https://doi.org/10.1145/3481357.3481509

  16. Katsini, C., Abdrabou, Y., Raptis, G.E., Khamis, M., Alt, F.: The role of eye gaze in security and privacy applications: survey and future HCI research directions. In: Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems, pp. 1–21. CHI 2020, Association for Computing Machinery, New York, USA (2020). https://doi.org/10.1145/3313831.3376840

  17. Loge, M., Duermuth, M., Rostad, L.: On user choice for Android Unlock patterns. In: European Workshop on Usable Security, ser. EuroUSEC. vol. 16 (2016)

    Google Scholar 

  18. Melicher, W., et al.: Fast, lean, and accurate: Modeling password guess ability using neural networks. In: 25th USENIX Security Symposium (USENIX Security 16), pp. 175–191 (2016)

    Google Scholar 

  19. Munyendo, C.W., Grant, M., Markert, P., Forman, T.J., Aviv, A.J.: Using a blocklist to improve the security of user selection of Android patterns. In: Seventeenth Symposium on Usable Privacy and Security (SOUPS 2021), pp. 37–56 (2021)

    Google Scholar 

  20. Raptis, G.E., Katsini, C., Cen, A.J.l., Arachchilage, N.A.G., Nacke, L.E.: Better, funner, stronger: A gameful approach to nudge people into making less predictable graphical password choices. In: Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems. CHI 2021, Association for Computing Machinery, New York, USA (2021). https://doi.org/10.1145/3411764.3445658

  21. Schneegass, S., Steimle, F., Bulling, A., Alt, F., Schmidt, A.: SmudgeSafe: geometric image transformations for smudge-resistant user authentication. In: Proceedings of the 2014 ACM International Joint Conference on Pervasive and Ubiquitous Computing, pp. 775–786. UbiComp 2014, Association for Computing Machinery, New York, USA (2014). https://doi.org/10.1145/2632048.2636090

  22. Song, Y., Cho, G., Oh, S., Kim, H., Huh, J.H.: On the effectiveness of pattern lock strength meters: measuring the strength of real world pattern locks. In: Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems, pp. 2343–2352. CHI 2015, Association for Computing Machinery, New York, USA (2015). https://doi.org/10.1145/2702123.2702365

  23. Sun, C., Wang, Y., Zheng, J.: Dissecting pattern unlock: the effect of pattern strength meter on pattern selection. J. Inf. Secur. Appl. 19(4–5), 308–320 (2014)

    Google Scholar 

  24. Ur, B., et al.: Design and evaluation of a data-driven password meter. In: Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems, pp. 3775–3786. CHI 2017, Association for Computing Machinery, New York, USA (2017). https://doi.org/10.1145/3025453.3026050

  25. Ye, G., et al.: Cracking Android Pattern Lock in five attempts. In: Proceedings of the 2017 Network and Distributed System Security Symposium 2017 (NDSS 17). Internet Society (2017)

    Google Scholar 

  26. von Zezschwitz, E., et al.: On quantifying the effective password space of grid-based unlock gestures. In: Proceedings of the 15th International Conference on Mobile and Ubiquitous Multimedia, pp. 201–212. MUM 2016, Association for Computing Machinery, New York, USA (2016). https://doi.org/10.1145/3012709.3012729

Download references

Author information

Authors and Affiliations

  1. Aristotle University of Thessaloniki, Thessaloniki, Greece

    Christina Milousi & Christos Katsanos

  2. Human Opsis, Patras, Greece

    George E. Raptis & Christina Katsini

Authors
  1. Christina Milousi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. George E. Raptis
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Christina Katsini
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Christos Katsanos
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to George E. Raptis .

Editor information

Editors and Affiliations

  1. University of West London, London, UK

    José Abdelnour Nocera

  2. Reykjavik University, Reykjavik, Iceland

    Marta Kristín Lárusdóttir

  3. University of York, York, UK

    Helen Petrie

  4. University of Bari Aldo Moro, Bari, Italy

    Antonio Piccinno

  5. Université Côte d’Azur, Sophia Antipolis Cedex, France

    Marco Winckler

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Milousi, C., Raptis, G.E., Katsini, C., Katsanos, C. (2023). RePaLM: A Data-Driven AI Assistant for Making Stronger Pattern Choices. In: Abdelnour Nocera, J., Kristín Lárusdóttir, M., Petrie, H., Piccinno, A., Winckler, M. (eds) Human-Computer Interaction – INTERACT 2023. INTERACT 2023. Lecture Notes in Computer Science, vol 14144. Springer, Cham. https://doi.org/10.1007/978-3-031-42286-7_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-42286-7_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-42285-0

  • Online ISBN: 978-3-031-42286-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation