research-article

Secure and usable authentication on mobile devices

Authors:

Roland Schlöglhofer,

Johannes SametingerAuthors Info & Claims

MoMM '12: Proceedings of the 10th International Conference on Advances in Mobile Computing & Multimedia

Pages 257 - 262

https://doi.org/10.1145/2428955.2429004

Published: 03 December 2012 Publication History

Abstract

Mobile devices contain a multitude of sensitive data and provide access to even more data as well as services somewhere on the Internet. Even if only temporarily in the hands of non-entitled persons, privacy is at stake. Authentication protects against unauthorized usage. Today's operating systems of mobile devices offer authentication mechanisms. However, they are either vulnerable in some situations or not user friendly enough to be widely adopted. In this paper we suggest a novel authentication system which meets both the requirements of security and usability. For that purpose, we have analyzed existing authentication methods as well as targeting attacks. The resulting Android application SecureLock is a generic authentication system, which offers PIN and password, but also a property-based authentication method by means of NFC tags, and a novel image-based method called GesturePuzzle. The application has been evaluated and compared with other approaches for security and usability.

References

[1]

Almuairfi, S., Veeraraghavan, P., and Chilamkurti, N. 2011. IPAS: Implicit Password Authentication System. In IEEE Workshops of International Conference on Advanced Information Networking and Applications Workshops (Biopolis, Singapur, March 22--25, 2011). WAINA'11. IEEE, Piscataway, NJ, 430--435.

Digital Library

[2]

Khan, W. Z., Xiang, Y., Aalsalem, M. Y., and Arshad, Q. 2011. A Hybrid Graphical Password Based System. In 11th International Conference on Algorithms and Architectures for Parallel Processing (Melbourne, Australia, Oct. 24--26, 2011), ICA300'11. Springer, Berlin, Heidelberg, 153--164.

Digital Library

[3]

Chavira, G., Nava, S. W., Herváz, R., Villarreal, V., Bravo, J., Martín, S., and Castro, M. 2008. Services through NFC technology in AmI environment. In Proceedings of the 10th International Conference on Information Integration and Web-based Applications & Services (Linz, Austria, November 24--26, 2008). iiWAS '08. ACM, NY, 666--669.

Digital Library

[4]

Maltoni, D. and Cappelli, R. 2008. Fingerprint Recognition. In Handbook of Biometrics, A. K. Jain, P. J. Flynn and A. A. Ross, Eds. Springer, New York, NY, 23--42.

[5]

Clarke, N. 2011. Transparent User Authentication. Biometrics, RFID and Behavioral Profiling. Springer, London, NY.

Digital Library

[6]

Goodchild, J. 2012. Social Engineering: The Basics. http://www.csoonline.com/article/514063/social-engineering-the-basics. Accessed 23 July 2012.

[7]

Orgill, G. L., Romney, G. W., Bailey, M. G., and Orgill, P. M. 2004. The Urgency for Effective User Privacy-education to Counter Social Engineering Attacks on Secure Computer Systems. In Proceedings of the 5th conference on Information technology education (Salt Lake City, Utah, October, 28--30, 2004). SIGITE '04. ACM, New York, NY, 177--181.

Digital Library

[8]

Gong, L., Lomas, M. A., Needham, R. M., and Saltzer, J. H. 1993. Protecting Poorly Chosen Secrets from Guessing Attacks. IEEE Journal on Selected Areas in Communications 11, 5 (Jun. 1993), 648--656.

Digital Library

[9]

Barber, R. 2001. Social engineering: A People Problem? Network Security 2001, 7 (Jul. 2001), 9--11.

Digital Library

[10]

Adams, C. 2011. Dictionary Attack. In Encyclopedia of Cryptography and Security, H. C. A. van Tilborg and S. Jajodia, Eds. Springer, New York, Dordrecht, Heidelberg, London, 332--332.

[11]

Vu, K.-P. L., Proctor, R. W., Bhargav-Spantzel, A., Tai, B.-L., Cook, J., and Schultz, E. E. 2007. Improving password security and memorability to protect personal and organizational information. International Journal of Human-Computer Studies 65, 8 (Aug. 2007), 744--757.

Digital Library

[12]

Federal Bureau of Investigation 2011. Taking a Trip to the ATM? Beware of 'Skimmers'. http://www.fbi.gov/news/stories/2011/july/atm_071411. Accessed 23 July 2012.

[13]

Android Developers 2012. Platform Versions. http://developer.android.com/resources/dashboard/platform-versions.html. Accessed 13 October 2012.

[14]

Hoog, A. 2011. Android Forensics. Investigation, Analysis and Mobile Security for Google Android. Elsevier, Waltham, MA.

Digital Library

[15]

Flick, T. and Morehouse, J. 2011. Securing the Smart Grid: Next Generation Power Grid Security. Elsevier Science, Burlington, MA.

Digital Library

Cited By

Abbasi MNascimento BSantos RSá FCardoso FSilva JMartins P(2023)IoT Smart Collect - Routing Process and Driver Guidance2023 18th Iberian Conference on Information Systems and Technologies (CISTI)10.23919/CISTI58278.2023.10212061(1-7)Online publication date: 20-Jun-2023
https://doi.org/10.23919/CISTI58278.2023.10212061
Yi XZhang SPan ZShi LHan FKong YLi HShi Y(2023)Squeez’In: Private Authentication on Smartphones based on Squeezing GesturesProceedings of the 2023 CHI Conference on Human Factors in Computing Systems10.1145/3544548.3581419(1-15)Online publication date: 19-Apr-2023
https://dl.acm.org/doi/10.1145/3544548.3581419
Al-Hamouz S(2022)Using Orientation Sensors as a New Secure Lock Screen System for Smartphones2022 International Conference on Electrical and Computing Technologies and Applications (ICECTA)10.1109/ICECTA57148.2022.9990168(235-240)Online publication date: 23-Nov-2022
https://doi.org/10.1109/ICECTA57148.2022.9990168
Show More Cited By

Index Terms

Secure and usable authentication on mobile devices

Recommendations

A Secure and Efficient Deniable Authentication Protocol
ICIE '09: Proceedings of the 2009 WASE International Conference on Information Engineering - Volume 02

A deniable authentication can be used to provide secure negotiation on the Internet. Although many deniable authentication protocols have been proposed, most of them are interactive or vulnerable to various cryptanalytic attacks. To find a secure and ...
A Usable and Secure Two-Factor Authentication Scheme

There are many secure authentication schemes that are secure but difficult to use. Most existing network applications authenticate users with a username and password pair. Such systems using the reusable passwords are susceptible to attacks based on the ...
Design of a Secure Authentication and Key Agreement Scheme Preserving User Privacy Usable in Telecare Medicine Information Systems

Authentication and key agreement schemes play a very important role in enhancing the level of security of telecare medicine information systems (TMISs). Recently, Amin and Biswas demonstrated that the authentication scheme proposed by Giri et al. is ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

MoMM '12: Proceedings of the 10th International Conference on Advances in Mobile Computing & Multimedia

December 2012

323 pages

ISBN:9781450313070

DOI:10.1145/2428955

Conference Chair:
Matthias Steinbauer
Johannes Kepler University Linz, Austria
,
Editor:
Ismail Khalil
Johannes Kepler University Linz, Austria
,
General Chair:
Eric Pardede
La Trobe University, Australia
,
Program Chair:
David Taniar
Monash University, Australia

Copyright © 2012 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

@WAS: International Organization of Information Integration and Web-based Applications and Services

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 December 2012

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

MoMM '12

Sponsor:

@WAS

MoMM '12: The 10th International Conference on Advances in Mobile Computing & Multimedia

December 3 - 5, 2012

Bali, Indonesia

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

23
Total Citations
View Citations
1,316
Total Downloads

Downloads (Last 12 months)22
Downloads (Last 6 weeks)3

Reflects downloads up to 07 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Abbasi MNascimento BSantos RSá FCardoso FSilva JMartins P(2023)IoT Smart Collect - Routing Process and Driver Guidance2023 18th Iberian Conference on Information Systems and Technologies (CISTI)10.23919/CISTI58278.2023.10212061(1-7)Online publication date: 20-Jun-2023
https://doi.org/10.23919/CISTI58278.2023.10212061
Yi XZhang SPan ZShi LHan FKong YLi HShi Y(2023)Squeez’In: Private Authentication on Smartphones based on Squeezing GesturesProceedings of the 2023 CHI Conference on Human Factors in Computing Systems10.1145/3544548.3581419(1-15)Online publication date: 19-Apr-2023
https://dl.acm.org/doi/10.1145/3544548.3581419
Al-Hamouz S(2022)Using Orientation Sensors as a New Secure Lock Screen System for Smartphones2022 International Conference on Electrical and Computing Technologies and Applications (ICECTA)10.1109/ICECTA57148.2022.9990168(235-240)Online publication date: 23-Nov-2022
https://doi.org/10.1109/ICECTA57148.2022.9990168
Boumpa ETsoukas VGkogkidis ASpathoulas GKakarountas A(2022)Security and Privacy Concerns for Healthcare Wearable Devices and Emerging Alternative ApproachesWireless Mobile Communication and Healthcare10.1007/978-3-031-06368-8_2(19-38)Online publication date: 7-Jun-2022
https://doi.org/10.1007/978-3-031-06368-8_2
Shirvanian MAgrawal S(2021)2D-2FA: A New Dimension in Two-Factor AuthenticationProceedings of the 37th Annual Computer Security Applications Conference10.1145/3485832.3485910(482-496)Online publication date: 6-Dec-2021
https://dl.acm.org/doi/10.1145/3485832.3485910
Ndako Adama VOyebisi Oyefolahan INdunagu JLamas DNeves Cabral Domingos LOgunyemi AOrji RBidwell NMboya A(2021)Pure Recall-Based Graphical User Authentication Schemes: Perspectives from a Closer Look3rd African Human-Computer Interaction Conference: Inclusiveness and Empowerment10.1145/3448696.3448721(141-145)Online publication date: 8-Mar-2021
https://dl.acm.org/doi/10.1145/3448696.3448721
Takahashi AMasegi YNakanishi I(2021)A Smartphone User Verification Method Based on Finger-Writing of a Simple SymbolHCI International 2021 - Posters10.1007/978-3-030-78642-7_60(447-454)Online publication date: 3-Jul-2021
https://doi.org/10.1007/978-3-030-78642-7_60
Silva DZhang BAyhan H(2019)Optimal strategies for managing complex authentication systemsAnnals of Operations Research10.1007/s10479-019-03270-7Online publication date: 15-May-2019
https://doi.org/10.1007/s10479-019-03270-7
Hui DYuen KZahor BWei KZaaba Z(2018)An assessment of user authentication methods in mobile phones10.1063/1.5055518(020116)Online publication date: 2018
https://doi.org/10.1063/1.5055518
Kunda DChishimba M(2018)A Survey of Android Mobile Phone Authentication SchemesMobile Networks and Applications10.1007/s11036-018-1099-7Online publication date: 9-Aug-2018
https://doi.org/10.1007/s11036-018-1099-7
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten