智能手机的手势认证:手势密码选择策略的评估

Eunyong Cheon, Yonghwan Shin, J. Huh, Hyoungshick Kim, Ian Oakley
{"title":"智能手机的手势认证:手势密码选择策略的评估","authors":"Eunyong Cheon, Yonghwan Shin, J. Huh, Hyoungshick Kim, Ian Oakley","doi":"10.1109/SP40000.2020.00034","DOIUrl":null,"url":null,"abstract":"Touchscreen gestures are attracting research attention as an authentication method. While studies have showcased their usability, it has proven more complex to determine, let alone enhance, their security. Problems stem both from the small scale of current data sets and the fact that gestures are matched imprecisely – by a distance metric. This makes it challenging to assess entropy with traditional algorithms. To address these problems, we captured a large set of gesture passwords (N=2594) from crowd workers, and developed a security assessment framework that can calculate partial guessing entropy estimates, and generate dictionaries that crack 23.13% or more gestures in online attacks (within 20 guesses). To improve the entropy of gesture passwords, we designed novel blacklist and lexical policies to, respectively, restrict and inspire gesture creation. We close by validating both our security assessment framework and policies in a new crowd-sourced study (N=4000). Our blacklists increase entropy and resistance to dictionary based guessing attacks.","PeriodicalId":6849,"journal":{"name":"2020 IEEE Symposium on Security and Privacy (SP)","volume":"28 1","pages":"249-267"},"PeriodicalIF":0.0000,"publicationDate":"2020-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":"{\"title\":\"Gesture Authentication for Smartphones: Evaluation of Gesture Password Selection Policies\",\"authors\":\"Eunyong Cheon, Yonghwan Shin, J. Huh, Hyoungshick Kim, Ian Oakley\",\"doi\":\"10.1109/SP40000.2020.00034\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Touchscreen gestures are attracting research attention as an authentication method. While studies have showcased their usability, it has proven more complex to determine, let alone enhance, their security. Problems stem both from the small scale of current data sets and the fact that gestures are matched imprecisely – by a distance metric. This makes it challenging to assess entropy with traditional algorithms. To address these problems, we captured a large set of gesture passwords (N=2594) from crowd workers, and developed a security assessment framework that can calculate partial guessing entropy estimates, and generate dictionaries that crack 23.13% or more gestures in online attacks (within 20 guesses). To improve the entropy of gesture passwords, we designed novel blacklist and lexical policies to, respectively, restrict and inspire gesture creation. We close by validating both our security assessment framework and policies in a new crowd-sourced study (N=4000). Our blacklists increase entropy and resistance to dictionary based guessing attacks.\",\"PeriodicalId\":6849,\"journal\":{\"name\":\"2020 IEEE Symposium on Security and Privacy (SP)\",\"volume\":\"28 1\",\"pages\":\"249-267\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-05-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"10\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2020 IEEE Symposium on Security and Privacy (SP)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SP40000.2020.00034\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 IEEE Symposium on Security and Privacy (SP)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SP40000.2020.00034","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 10

摘要

触摸屏手势作为一种身份验证方法正引起研究人员的关注。虽然研究表明了它们的可用性,但事实证明,确定它们的安全性更为复杂,更不用说增强它们的安全性了。问题源于当前数据集的小规模,以及手势不精确匹配的事实——通过距离度量。这使得用传统算法评估熵具有挑战性。为了解决这些问题,我们从人群工作人员那里捕获了大量的手势密码(N=2594),并开发了一个安全评估框架,可以计算部分猜测熵估计,并生成字典,可以破解23.13%或更多的在线攻击手势(在20次猜测内)。为了提高手势密码的熵,我们设计了新的黑名单和词法策略,分别限制和激励手势的创建。最后,我们在一项新的众包研究(N=4000)中验证了我们的安全评估框架和策略。我们的黑名单增加了熵和对基于字典的猜测攻击的抵抗力。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
Gesture Authentication for Smartphones: Evaluation of Gesture Password Selection Policies
Touchscreen gestures are attracting research attention as an authentication method. While studies have showcased their usability, it has proven more complex to determine, let alone enhance, their security. Problems stem both from the small scale of current data sets and the fact that gestures are matched imprecisely – by a distance metric. This makes it challenging to assess entropy with traditional algorithms. To address these problems, we captured a large set of gesture passwords (N=2594) from crowd workers, and developed a security assessment framework that can calculate partial guessing entropy estimates, and generate dictionaries that crack 23.13% or more gestures in online attacks (within 20 guesses). To improve the entropy of gesture passwords, we designed novel blacklist and lexical policies to, respectively, restrict and inspire gesture creation. We close by validating both our security assessment framework and policies in a new crowd-sourced study (N=4000). Our blacklists increase entropy and resistance to dictionary based guessing attacks.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
Unexpected Data Dependency Creation and Chaining: A New Attack to SDN TextExerciser: Feedback-driven Text Input Exercising for Android Applications Ijon: Exploring Deep State Spaces via Fuzzing Efficient and Secure Multiparty Computation from Fixed-Key Block Ciphers EverCrypt: A Fast, Verified, Cross-Platform Cryptographic Provider
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1