A Pilot Study on the Security of Pattern Screen-Lock Methods and Soft Side Channel Attacks

Panagiotis Andriotis; Theo Tryfonas; George Oikonomou; Can Yildiz

doi:10.1145/2462096.2462098

A Pilot Study on the Security of Pattern Screen-Lock Methods and Soft Side Channel Attacks

Panagiotis Andriotis, Theo Tryfonas, George Oikonomou, Can Yildiz

Research output: Chapter in Book/Report/Conference proceeding › Conference Contribution (Conference Proceeding)

57 Citations (Scopus)

Abstract

Graphical passwords that allow a user to unlock a smartphone's screen are one of the Android operating system's features and many users prefer them instead of traditional text-based codes. A variety of attacks has been proposed against this mechanism, of which notable are methods that recover the lock patterns using the oily residues left on screens when people move their fingers to reproduce the unlock code. In this paper we present a pilot study on user habits when setting a pattern lock and on their perceptions regarding what constitutes a secure pattern. We use our survey's results to establish a scheme, which combines a behaviour-based attack and a physical attack on graphical lock screen methods, aiming to reduce the search space of possible combinations forming a pattern, to make it partially or fully retrievable.

Original language	English
Title of host publication	Security and Privacy in Wireless and Mobile Networks - WiSec 13
Publisher	Association for Computing Machinery (ACM)
Pages	1-6
DOIs	https://doi.org/10.1145/2462096.2462098
Publication status	Published - 2013
Event	Security and Privacy in Wireless and Mobile Networks - WiSec 13 - Budapest, Hungary Duration: 17 Apr 2013 → 19 Apr 2013

Conference

Conference	Security and Privacy in Wireless and Mobile Networks - WiSec 13
Country	Hungary
City	Budapest
Period	17/04/13 → 19/04/13

Keywords

Android
smudge attacks
usability
pattern lock

Access to Document

10.1145/2462096.2462098

Fingerprint Dive into the research topics of 'A Pilot Study on the Security of Pattern Screen-Lock Methods and Soft Side Channel Attacks'. Together they form a unique fingerprint.

Projects

1 Finished

Forensic Tools Against Illegal Use of Internet (ForToo)

Andriotis, P., Haghighi, M., Li, S., Oikonomou, G., Wojcik, M. & Tryfonas, T.

17/06/11 → 16/10/14

Project: Research

Activities

2 Invited talk

City University London Invited Talk

George Oikonomou (Speaker)

27 Mar 2014

Activity: Participating in or organising an event types › Invited talk

Bournemouth University Invited Talk

George Oikonomou (Speaker)

9 Oct 2013

Activity: Participating in or organising an event types › Invited talk

Cite this

Andriotis, P., Tryfonas, T., Oikonomou, G., & Yildiz, C. (2013). A Pilot Study on the Security of Pattern Screen-Lock Methods and Soft Side Channel Attacks. In Security and Privacy in Wireless and Mobile Networks - WiSec 13 (pp. 1-6). Association for Computing Machinery (ACM). https://doi.org/10.1145/2462096.2462098

@inproceedings{bb00baed79704764aa08b3a9fc3abaa9,

title = "A Pilot Study on the Security of Pattern Screen-Lock Methods and Soft Side Channel Attacks",

abstract = "Graphical passwords that allow a user to unlock a smartphone's screen are one of the Android operating system's features and many users prefer them instead of traditional text-based codes. A variety of attacks has been proposed against this mechanism, of which notable are methods that recover the lock patterns using the oily residues left on screens when people move their fingers to reproduce the unlock code. In this paper we present a pilot study on user habits when setting a pattern lock and on their perceptions regarding what constitutes a secure pattern. We use our survey's results to establish a scheme, which combines a behaviour-based attack and a physical attack on graphical lock screen methods, aiming to reduce the search space of possible combinations forming a pattern, to make it partially or fully retrievable.",

keywords = "Android, smudge attacks, usability, pattern lock",

author = "Panagiotis Andriotis and Theo Tryfonas and George Oikonomou and Can Yildiz",

year = "2013",

doi = "10.1145/2462096.2462098",

language = "English",

pages = "1--6",

booktitle = "Security and Privacy in Wireless and Mobile Networks - WiSec 13",

publisher = "Association for Computing Machinery (ACM)",

address = "United States",

note = "Security and Privacy in Wireless and Mobile Networks - WiSec 13 ; Conference date: 17-04-2013 Through 19-04-2013",

}

Andriotis, P, Tryfonas, T , Oikonomou, G & Yildiz, C 2013, A Pilot Study on the Security of Pattern Screen-Lock Methods and Soft Side Channel Attacks. in Security and Privacy in Wireless and Mobile Networks - WiSec 13. Association for Computing Machinery (ACM), pp. 1-6, Security and Privacy in Wireless and Mobile Networks - WiSec 13, Budapest, Hungary, 17/04/13. https://doi.org/10.1145/2462096.2462098

A Pilot Study on the Security of Pattern Screen-Lock Methods and Soft Side Channel Attacks. / Andriotis, Panagiotis; Tryfonas, Theo ; Oikonomou, George; Yildiz, Can.

Security and Privacy in Wireless and Mobile Networks - WiSec 13. Association for Computing Machinery (ACM), 2013. p. 1-6.

Research output: Chapter in Book/Report/Conference proceeding › Conference Contribution (Conference Proceeding)

TY - GEN

T1 - A Pilot Study on the Security of Pattern Screen-Lock Methods and Soft Side Channel Attacks

AU - Andriotis, Panagiotis

AU - Tryfonas, Theo

AU - Oikonomou, George

AU - Yildiz, Can

PY - 2013

Y1 - 2013

N2 - Graphical passwords that allow a user to unlock a smartphone's screen are one of the Android operating system's features and many users prefer them instead of traditional text-based codes. A variety of attacks has been proposed against this mechanism, of which notable are methods that recover the lock patterns using the oily residues left on screens when people move their fingers to reproduce the unlock code. In this paper we present a pilot study on user habits when setting a pattern lock and on their perceptions regarding what constitutes a secure pattern. We use our survey's results to establish a scheme, which combines a behaviour-based attack and a physical attack on graphical lock screen methods, aiming to reduce the search space of possible combinations forming a pattern, to make it partially or fully retrievable.

AB - Graphical passwords that allow a user to unlock a smartphone's screen are one of the Android operating system's features and many users prefer them instead of traditional text-based codes. A variety of attacks has been proposed against this mechanism, of which notable are methods that recover the lock patterns using the oily residues left on screens when people move their fingers to reproduce the unlock code. In this paper we present a pilot study on user habits when setting a pattern lock and on their perceptions regarding what constitutes a secure pattern. We use our survey's results to establish a scheme, which combines a behaviour-based attack and a physical attack on graphical lock screen methods, aiming to reduce the search space of possible combinations forming a pattern, to make it partially or fully retrievable.

KW - Android

KW - smudge attacks

KW - usability

KW - pattern lock

U2 - 10.1145/2462096.2462098

DO - 10.1145/2462096.2462098

M3 - Conference Contribution (Conference Proceeding)

SP - 1

EP - 6

BT - Security and Privacy in Wireless and Mobile Networks - WiSec 13

PB - Association for Computing Machinery (ACM)

T2 - Security and Privacy in Wireless and Mobile Networks - WiSec 13

Y2 - 17 April 2013 through 19 April 2013

ER -