A Pilot Study on the Security of Pattern Screen-Lock Methods and Soft Side Channel Attacks

Panagiotis Andriotis; Theo Tryfonas; George Oikonomou; Can Yildiz

doi:10.1145/2462096.2462098

A Pilot Study on the Security of Pattern Screen-Lock Methods and Soft Side Channel Attacks

Panagiotis Andriotis, Theo Tryfonas, George Oikonomou, Can Yildiz

Research output: Chapter in Book/Report/Conference proceeding › Conference Contribution (Conference Proceeding)

85 Citations (Scopus)

Abstract

Graphical passwords that allow a user to unlock a smartphone's screen are one of the Android operating system's features and many users prefer them instead of traditional text-based codes. A variety of attacks has been proposed against this mechanism, of which notable are methods that recover the lock patterns using the oily residues left on screens when people move their fingers to reproduce the unlock code. In this paper we present a pilot study on user habits when setting a pattern lock and on their perceptions regarding what constitutes a secure pattern. We use our survey's results to establish a scheme, which combines a behaviour-based attack and a physical attack on graphical lock screen methods, aiming to reduce the search space of possible combinations forming a pattern, to make it partially or fully retrievable.

Original language	English
Title of host publication	Security and Privacy in Wireless and Mobile Networks - WiSec 13
Publisher	Association for Computing Machinery (ACM)
Pages	1-6
DOIs	https://doi.org/10.1145/2462096.2462098
Publication status	Published - 2013
Event	Security and Privacy in Wireless and Mobile Networks - WiSec 13 - Budapest, Hungary Duration: 17 Apr 2013 → 19 Apr 2013

Conference

Conference	Security and Privacy in Wireless and Mobile Networks - WiSec 13
Country/Territory	Hungary
City	Budapest
Period	17/04/13 → 19/04/13

Keywords

Android
smudge attacks
usability
pattern lock

Access to Document

10.1145/2462096.2462098

Handle.net

Persistent link

Forensic Tools Against Illegal Use of Internet (ForToo)
Andriotis, P. (Researcher), Haghighi, M. (Researcher), Li, S. (Researcher), Oikonomou, G. (Researcher), Wojcik, M. (Researcher) & Tryfonas, T. (Principal Investigator)
17/06/11 → 16/10/14
Project: Research

City University London Invited Talk
Oikonomou, G. (Speaker)
27 Mar 2014
Activity: Participating in or organising an event types › Invited talk
Bournemouth University Invited Talk
Oikonomou, G. (Speaker)
9 Oct 2013
Activity: Participating in or organising an event types › Invited talk

Cite this

@inproceedings{bb00baed79704764aa08b3a9fc3abaa9,

title = "A Pilot Study on the Security of Pattern Screen-Lock Methods and Soft Side Channel Attacks",

abstract = "Graphical passwords that allow a user to unlock a smartphone's screen are one of the Android operating system's features and many users prefer them instead of traditional text-based codes. A variety of attacks has been proposed against this mechanism, of which notable are methods that recover the lock patterns using the oily residues left on screens when people move their fingers to reproduce the unlock code. In this paper we present a pilot study on user habits when setting a pattern lock and on their perceptions regarding what constitutes a secure pattern. We use our survey's results to establish a scheme, which combines a behaviour-based attack and a physical attack on graphical lock screen methods, aiming to reduce the search space of possible combinations forming a pattern, to make it partially or fully retrievable.",

keywords = "Android, smudge attacks, usability, pattern lock",

author = "Panagiotis Andriotis and Theo Tryfonas and George Oikonomou and Can Yildiz",

year = "2013",

doi = "10.1145/2462096.2462098",

language = "English",

pages = "1--6",

booktitle = "Security and Privacy in Wireless and Mobile Networks - WiSec 13",

publisher = "Association for Computing Machinery (ACM)",

address = "United States",

note = "Security and Privacy in Wireless and Mobile Networks - WiSec 13 ; Conference date: 17-04-2013 Through 19-04-2013",

}

Andriotis, P, Tryfonas, T , Oikonomou, G & Yildiz, C 2013, A Pilot Study on the Security of Pattern Screen-Lock Methods and Soft Side Channel Attacks. in Security and Privacy in Wireless and Mobile Networks - WiSec 13. Association for Computing Machinery (ACM), pp. 1-6, Security and Privacy in Wireless and Mobile Networks - WiSec 13, Budapest, Hungary, 17/04/13. https://doi.org/10.1145/2462096.2462098

A Pilot Study on the Security of Pattern Screen-Lock Methods and Soft Side Channel Attacks. / Andriotis, Panagiotis; Tryfonas, Theo ; Oikonomou, George et al.
Security and Privacy in Wireless and Mobile Networks - WiSec 13. Association for Computing Machinery (ACM), 2013. p. 1-6.

Research output: Chapter in Book/Report/Conference proceeding › Conference Contribution (Conference Proceeding)

TY - GEN

T1 - A Pilot Study on the Security of Pattern Screen-Lock Methods and Soft Side Channel Attacks

AU - Andriotis, Panagiotis

AU - Tryfonas, Theo

AU - Oikonomou, George

AU - Yildiz, Can

PY - 2013

Y1 - 2013

N2 - Graphical passwords that allow a user to unlock a smartphone's screen are one of the Android operating system's features and many users prefer them instead of traditional text-based codes. A variety of attacks has been proposed against this mechanism, of which notable are methods that recover the lock patterns using the oily residues left on screens when people move their fingers to reproduce the unlock code. In this paper we present a pilot study on user habits when setting a pattern lock and on their perceptions regarding what constitutes a secure pattern. We use our survey's results to establish a scheme, which combines a behaviour-based attack and a physical attack on graphical lock screen methods, aiming to reduce the search space of possible combinations forming a pattern, to make it partially or fully retrievable.

AB - Graphical passwords that allow a user to unlock a smartphone's screen are one of the Android operating system's features and many users prefer them instead of traditional text-based codes. A variety of attacks has been proposed against this mechanism, of which notable are methods that recover the lock patterns using the oily residues left on screens when people move their fingers to reproduce the unlock code. In this paper we present a pilot study on user habits when setting a pattern lock and on their perceptions regarding what constitutes a secure pattern. We use our survey's results to establish a scheme, which combines a behaviour-based attack and a physical attack on graphical lock screen methods, aiming to reduce the search space of possible combinations forming a pattern, to make it partially or fully retrievable.

KW - Android

KW - smudge attacks

KW - usability

KW - pattern lock

U2 - 10.1145/2462096.2462098

DO - 10.1145/2462096.2462098

M3 - Conference Contribution (Conference Proceeding)

SP - 1

EP - 6

BT - Security and Privacy in Wireless and Mobile Networks - WiSec 13

PB - Association for Computing Machinery (ACM)

T2 - Security and Privacy in Wireless and Mobile Networks - WiSec 13

Y2 - 17 April 2013 through 19 April 2013

ER -

A Pilot Study on the Security of Pattern Screen-Lock Methods and Soft Side Channel Attacks

Abstract

Conference

Keywords

Access to Document

Handle.net

Fingerprint

Projects

Forensic Tools Against Illegal Use of Internet (ForToo)

Activities

City University London Invited Talk

Bournemouth University Invited Talk

Cite this