Abstract
With the increasing capability of software and hardware, mobile devices especially smartphones are changing the way of peoples’ communication and living styles. For the sake of convenience, people often store a lot of personal data like images on the device and use it for completing sensitive tasks like payment and financial transfer. This makes data protection more important on smartphones. To secure the device from unauthorized access, one simple and efficient method is to design a device or screen unlock mechanism, which can authenticate the identity of current user. However, most existing unlock schemes can be compromised if an attacker gets the correct pattern. In this work, we advocate that behavioral biometrics can be useful to improve the security of unlock mechanisms. We thus design DCUS, a double-click-based unlocking scheme on smartphones, which requires users to unlock the device by double clicking on the right location on an image. For user authentication, our scheme needs to check the selected images, image location and double-click patterns. In the evaluation, we perform a user study with 60 participants and make a comparison between our scheme and a similar unlock scheme. With several typical supervised classifiers, it is found that participants can perform well under our scheme.
Similar content being viewed by others
References
Li W, Tan J, Zhu N, Wang Y (2020) Designing double-click-based unlocking mechanism on smartphones. In: Proceedings of the first international symposium on Emerging Information Security and Applications (EISA). Springer
Aviv AJ, Gibson K, Mossop E, Blaze M, Smith JM (2010) Smudge attacks on smartphone touch screens. In: Proceedings of the 4th USENIX conference on offensive technologies. USENIX Association, pp 1–7
Bonneau J (2012) The science of guessing analyzing an anonymized corpus of 70 million passwords. In: Proceedings of the 2012 IEEE symposium on security and privacy, pp 538-552
De Luca A, Hang A, Brudy F, Lindner C, Hussmann H (2012) Touch me once and I Know it’s you!: Implicit authentication based on touch screen patterns. In: Proceedings of CHI. ACM, pp 987–996
Deloitte’s 2019 global mobile consumer survey. https://www2.deloitte.com/content/dam/insights/us/articles/glob43115_2019-global-mobile-survey/DI_2019-global-mobile-survey.pdf
Fang L, Zhu H, Lv B, Liu Z, Meng W, Yu Y, Ji S, Cao Z (2020) HandiText: Handwriting recognition based on dynamic characteristics with incremental LSTM. ACM Transactions on data science. In: Press. https://doi.org/10.1145/3385189, vol 4. ACM, pp 25:1–25:18
Feng T, Liu Z, Kwon K. -A., Shi W, Carbunary B, Jiang Y, Nguyen N (2012) Continuous mobile authentication using touchscreen gestures. In: Proceedings of the 2012 IEEE Conference on Technologies for Homeland Security (HST). IEEE, USA, pp 451–456
Findling RD, Mayrhofer R (2012) Towards face unlock: on the difficulty of reliably detecting faces on mobile phones. MoMM: 275–280
Frank M, Biedert R, Ma E, Martinovic I, Song D (2013) Touchalytics: on the applicability of touchscreen input as a behavioral biometric for continuous authentication. IEEE Trans Inf Forensics Secur 8(1):136–148
Gomez-Barrero M, Galbally J (2020) Reversing the irreversible: A survey on inverse biometrics. Comput Secur 90:101700
Guo Y, Yang L, Ding X, Han J, Liu Y (2013) OpenSesame: Unlocking smart phone through handshaking biometrics. INFOCOM: 365–369
Izuta R, Murao K, Terada T, Iso T, Inamura H, Tsukamoto M (2016) Screen unlocking method using behavioral characteristics when taking mobile phone from pocket. MoMM: 110–114
Jiang L, Meng W (2016) Smartphone user authentication using touch dynamics in the big data era: challenges and opportunities. Biometric security and privacy - opportunities & challenges in the big data era (Book). Springer: 163–178
Larrucea X, Moffie M, Asaf S, Santamaria I (2020) Towards a GDPR compliant way to secure European cross border Healthcare Industry 4.0. Comput Stand Interfaces 69:103408
LIBSVM – a library for support vector machines. https://www.csie.ntu.edu.tw/cjlin/libsvm/
Li Y, Wang Z, Li Y, Deng RH, Chen B, Meng W, Li H (2019) A closer look tells more: a facial distortion based liveness detection for face authentication. AsiaCCS: 241–246
Li Y, Cheng Y, Meng W, Li Y, Deng RH (2021) Designing leakage-resilient password entry on head-mounted smart wearable glass devices. IEEE Trans Inf Forensics Secur 16:307– 321
Li W, Tan J, Meng W, Wang Y, Li J (2019) SwipeVLock: a supervised unlocking mechanism based on swipe behavior on smartphones. The 2nd International Conference on Machine Learning for Cyber Security (ML4CS): 140–153
Li W, Tan J, Meng W, Wang Y (2020) A swipe-based unlocking mechanism with supervised learning on smartphones: Design and evaluation. J Netw Comput Appl 165:102687. Elsevier
Li W, Wang Y, Li J, Xiang Y (2591) Towards supervised shape-based behavioral authentication on smartphones. J Inf Secur Appl 55(10):2020
Li W, Meng W, Furnell S (2021) Exploring touch-based behavioral authentication on smartphone email applications in IoT-enabled smart cities. Pattern Recognition Letters, In press. Elsevier. https://doi.org/10.1016/j.patrec.2021.01.019
Lin Z, Meng W, Li W, Wong DS (2019). In: Jiang R (ed) Developing cloud-based intelligent touch behavioral authentication on mobile phones. Deep biometrics (Book). Springer, Berlin
Meng Y (2012) Designing click-draw based graphical password scheme for better authentication. In: Proceedings of the 7th IEEE international conference on networking, architecture, and storage (NAS), pp 39-48
Meng Y, Li W, Kwok L. -F. (2013) Enhancing click-draw based graphical passwords using multi-touch on mobile phones. In: Proceedings of the 28th IFIP TC 11 International Information Security and Privacy Conference (IFIP SEC), IFIP Advances in Information and Communication Technology 405, pp 55– 68
Meng W, Wong DS, Furnell S, Zhou J (2015) Surveying the development of biometric user authentication on mobile phones. IEEE Commun Surv Tutor 17(3):1268–1293
Meng W (2015) RouteMap: a route and map based graphical password scheme for better multiple password memory. In: Proceedings of the 9th international conference on network and system security (NSS), pp 147–161
Meng W (2016) Evaluating the effect of multi-touch behaviours on android unlock patterns, vol 24. Emerald
Meng W, Li W, Wong DS, Zhou J (2016) TMGuard: a touch movement-based security mechanism for screen unlock patterns on smartphones. In: Proceedings of the 14th international conference on applied cryptography and network security (ACNS), pp 629–647
Meng W, Lee WH, Liu Z, Su C, Li Y (2017) Evaluating the impact of juice filming charging attack in practical environments. In: Proceedings of ICISC, pp 327-338
Meng W, Fei F, Li W, Au MH (2017) Harvesting smartphone privacy through enhanced juice filming charging attacks. In: Proceedings of ISC, pp 291-308
Meng W, Li W, Kwok L. -F., Choo K. -K. R. (2017) Towards enhancing click-draw based graphical passwords using multi-touch behaviours on smartphones. Comput Secur 65:213– 229
Meng W, Li W, Lee W, Jiang L, Zhou J (2017) A pilot study of multiple password interference between text and map-based passwords. In: Proceedings of the 15th International Conference on Applied Cryptography and Network Security (ACNS), pp 145-162
Meng W, Lee W, Au MH, Liu Z (2017) Exploring effect of location number on map-based graphical password authentication. In: Proceedings of the 22nd Australasian Conference on Information Security and Privacy (ACISP), pp 301–313
Meng W, Liu Z (2018) TMGMap: designing touch movement-based geographical password authentication on smartphones. In: Proceedings of the 14th international conference on information security practice and experience (ISPEC), pp 373–390
Nyang D, Kim H, Lee W, Kang S, Cho G, Lee MK, Mohaisen A (2018) Two-thumbs-up: physical protection for PIN entry secure against recording attacks. Comput Secur 78:1–15
Shepard RN (1967) Recognition memory for words, sentences, and pictures. J Verbal Learn Verbal Behav 6(1):156–163
Smith-Creasey M, Rajarajan M (2016) A continuous user authentication scheme for mobile devices. In: Proceedings of the 14th annual conference on privacy, security and trust (PST), pp 104–113
Spitzer J, Singh C, Schweitzer D (2010) A security class project in graphical passwords. J Comput Sci Coll 26(2):7–13
Shahzad M, Liu AX, Samuel A (2017) Behavior based human authentication on touch screen devices using gestures and signatures. IEEE Trans Mob Comput 16(10):2726–2741
Sharma V, Enbody R (2017) User authentication and identification from user interface interactions on touch-enabled devices. In: Proceedings of the 10th ACM conference on security and privacy in wireless and mobile networks (WiSec), pp 1–11
Suo X, Zhu Y, Owen GS (2005) Graphical passwords: a survey. In: Proceedings of the 21st annual computer security applications conference (ACSAC). IEEE Computer Society, USA, pp 463–472
Sun H, Chen Y, Fang C, Chang S (2012) PassMap: a map based graphical-password authentication system. In: Proceedings of AsiaCCS, pp 99–100
Tao H, Adams C (2008) Pass-Go, a proposal to improve the usability of graphical passwords. Int J Netw Secur 2(7):273–292
Thorpe J, MacRae B, Salehi-Abari A (2013) Usability and security evaluation of GeoPass: a geographic location-password scheme. In: Proceedings of the 9th symposium on usable privacy and security (SOUPS), pp 1–14
Wang L, Huang K, Sun K, Wang W, Tian C, Xie L, Gu Q (2018) Unlock with your heart: heartbeat-based authentication on commercial mobile phones. Proc ACM Interact Mob.Wearable Ubiquitous Technol 2(3):140:1–140:22
Weka: Machine Learning Software in Java. https://www.cs.waikato.ac.nz/ml/weka/
Wiedenbeck S, Waters J, Birget J. -C., Brodskiy A, Memon N (2005) Passpoints: design and longitudinal evaluation of a graphical password system. Int J Human-Computer Stud 63(1-2):102–127
Weir M, Aggarwal S, Collins M, Stern H (2010) Testing metrics for password creation policies by attacking large sets of revealed passwords. In: Proceedings of CCS, pp 162–175
Yi S, Qin Z, Carter N, Li Q (2017) WearLock, unlocking your phone via acoustics using smartwatch. ICDCS: 469–479
Zheng N, Bai K, Huang H, Wang H (2014) You are how you touch: User verification on smartphones via tapping behaviors. In: Proceedings of the 2014 International Conference on Network Protocols (ICNP), pp 221–232
Acknowledgements
We would like to thank the participants for their hard work in the user study. This work was partially supported by National Natural Science Foundation of China (No. 61802080 and 61802077).
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of Interests
All authors declare that they have no conflict of interest.
Additional information
Publisher’s Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
A preliminary version of this paper has been presented at the First International Symposium on Emerging Information Security and Applications (EISA) in conjunction with SpaCCS 2020 [1].
Rights and permissions
About this article
Cite this article
Li, W., Wang, Y., Tan, J. et al. DCUS: Evaluating Double-Click-Based Unlocking Scheme on Smartphones. Mobile Netw Appl 27, 382–391 (2022). https://doi.org/10.1007/s11036-021-01842-1
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11036-021-01842-1