User Identification based on Touch Dynamics

Touch interaction has quickly become the de-facto means of interacting with handheld devices due to its perceived attractiveness and low hardware cost. This study proposes a strategy for identifying users based on touch dynamics. Users' touch behavior is monitored and several unique features are extracted including left versus right hand dominance, one- handed versus bimanual operation, stroke size, stroke timing, symmetry, stroke speed and timing regularity. An experiment involving 20 users reveals that the strategy is successful in identifying users and their traits according to the touch dynamics. The results can be used for automatic user interface customization. However, more research is needed before touch characteristics can be applied to increasing the security of handheld touch-based devices

I (don\u27t) see what you typed there! Shoulder-surfing resistant password entry on gamepads

Using gamepad-driven devices like games consoles is an activity frequently shared with others. Thus, shoulder-surfing is a serious threat. To address this threat, we present the first investigation of shoulder-surfing resistant text password entry on gamepads by (1) identifying the requirements of this context; (2) assessing whether shoulder-surfing resistant authentication schemes proposed in non-gamepad contexts can be viably adapted to meet these requirements; (3) proposing ``Colorwheels\u27\u27, a novel shoulder-surfing resistant authentication scheme specifically geared towards this context; (4) using two different methodologies proposed in the literature for evaluating shoulder-surfing resistance to compare ``Colorwheels\u27\u27, on-screen keyboards (the de facto standard in this context), and an existing shoulder-surfing resistant scheme which we identified during our assessment and adapted for the gamepad context; (5) evaluating all three schemes regarding their usability. Having applied different methodologies to measure shoulder-surfing resistance, we discuss their strengths and pitfalls and derive recommendations for future research

Usability and verifiability of secure features for authenticating identity

Almost all financial transactions and personal data is nowadays online. A world with easy access to data and finances simplifies everyday life. Matters can be handled at ease where ever there is an internet connection. Contacting others can be done in ways unimaginable a decade or two ago. Instant messaging apps and video meetings bring the whole world close when working. If an end user finds something hard to handle they start sabotaging it with their personal behavior. They use less secure methods to keep their data secure because it is more convenient. The world of software security is a balancing act between designing features secure enough and being able to verify the functionality of secure features against malicious attackers and making secure features usable. Usability improves the chances that the end user complies to use of every day security. Designing features secure enough to fight against malicious attackers has gained too large proportion of the effort. According to literature reviewed in this thesis usability of the secure features has not been seen as a priority. This thesis examines usability and verifiability of secure features and methods. It is important to study the usability in this context, as better usability will allow secure features to appeal to a larger end user base, and adding the overall security. It will go through typical authentication methods and assesses their usability based on literature about usability and every day observations. It follows a high-level approach to secure features to be able to see what an end user encounters when using secure features. This is done to better evaluate the usability of the features. Especially when specifications are not fully available. The thesis also introduces a formal testing process structure that can be used as a guideline in planning and executing tests for any software feature. Helpful toolsets to aid in creating functional test environments and support functions are presented. The thesis introduces different kinds of existing and future method that will make security and usability of the authentication methods better

A Shoulder Surfing Resistant Graphical Authentication System

Authentication based on passwords is used largely in applications for computer security and privacy. However, human actions such as choosing bad passwords and inputting passwords in an insecure way are regarded as ”the weakest link” in the authentication chain. Rather than arbitrary alphanumeric strings, users tend to choose passwords either short or meaningful for easy memorization. With web applications and mobile apps piling up, people can access these applications anytime and anywhere with various devices. This evolution brings great convenience but also increases the probability of exposing passwords to shoulder surfing attacks. Attackers can observe directly or use external recording devices to collect users’ credentials. To overcome this problem, we proposed a novel authentication system PassMatrix, based on graphical passwords to resist shoulder surfing attacks. With a one-time valid login indicator and circulative horizontal and vertical bars covering the entire scope of pass-images, PassMatrix offers no hint for attackers to figure out or narrow down the password even they conduct multiple camera-based attacks. We also implemented a PassMatrix prototype on Android and carried out real user experiments to evaluate its memorability and usability. From the experimental result, the proposed system achieves better resistance to shoulder surfing attacks while maintaining usability

Designing leakage-resilient password entry on touchscreen mobile devices

Singapore Management Universit