Skip to main content
SpringerLink
Log in

Swipe Authentication: Exploring Over-the-Shoulder Attack Performance

  • Conference paper
  • First Online:
Advances in Human Factors in Cybersecurity

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 501))

  • 1572 Accesses

Abstract

Swipe passwords are a popular method for authenticating on mobile phones. In public, these passwords may become visible to attackers who engage in shoulder surfing. There is a need for strategies that protect swipe passwords from over-the-shoulder attacks (OSAs). We empirically explored the impact of providing gesture visual feedback on OSA performance during successful and unsuccessful swipe login attempts on mobile phones. We found evidence that entry visual feedback facilitates OSAs. As users are biased towards symmetrical swipe patterns, we investigated their impact on attack performance. We found that symmetrical swipe patterns were less vulnerable than asymmetrical patterns, possibly due to the speed of entry. As users tend toward simple patterns, we investigated the impact that nonadjacent, diagonal knight moves have on OSAs. We found that knight moves significantly decreased OSA performance. We recommend users turn off gesture entry visual feedback and use knight moves for greater password security.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Schlöglhofer, R., Sametinger, J.: Secure and usable authentication on mobile devices. In: Proceedings of the 10th International Conference on Advances in Mobile Computing & Multimedia, pp. 257–262. ACM (2012)

    Google Scholar 

  2. Niu, Y., Chen, H.: Gesture authentication with touch input for mobile devices. In: Security and Privacy in Mobile Information and Communication Systems, pp. 13–24. Springer, Berlin (2012)

    Google Scholar 

  3. Aloul, F., Zahidi, S., El-Hajj, W.: Multi factor authentication using mobile phones. Int. J. Math. Comput. Sci. 4(2), 65–80 (2009)

    Google Scholar 

  4. Van Bruggen, D., Liu, S., Kajzer, M., Striegel, A., Crowell, C.R., D’Arcy, J.: Modifying smartphone user locking behavior. In: Proceedings of the Ninth Symposium on Usable Privacy and Security, pp. 10–24. ACM (2013)

    Google Scholar 

  5. Paivio, A.: Imagery and verbal processes. Psychology Press, Hove (2013)

    Google Scholar 

  6. Shadmehr, R., Brashers-Krug, T.: Functional stages in the formation of human long-term motor memory. J. Neurosci. 17(1), 409–419 (1997)

    Google Scholar 

  7. Liu, X., Qiu, J., Ma, L., Gao, H., Ren, Z.: A novel cued-recall graphical password scheme. In: 2011 Sixth International Conference on Image and Graphics (ICIG), pp. 949–956. IEEE (2011)

    Google Scholar 

  8. Suo, X.: A design and analysis of graphical password. M.S. thesis, College of Arts and Sciences, Geogia State University (2006)

    Google Scholar 

  9. Brennen, V.A.: Cryptography Dictionary, vol. 2005, 1.0.0 edn. (2004)

    Google Scholar 

  10. Andriotis, P., Tryfonas, T., Oikonomou, G., Yildiz, C.: A pilot study on the security of pattern screen-lock methods and soft side channel attacks. In: Proceedings of the Sixth ACM Conference on Security and Privacy in Wireless and Mobile Networks, pp. 1–6. ACM (2013)

    Google Scholar 

  11. Sae-Bae, N., Memon, N., Isbister, K., Ahmed, K.: Multitouch gesture-based authentication. Inf. Forensics Secur. IEEE Trans. 9(4), 568–582 (2014)

    Article  Google Scholar 

  12. Sherman, M., Clark, G., Yang, Y., Sugrim, S., Modig, A., Lindqvist, J., Roos, T.: User-generated free-form gestures for authentication: security and memorability. In: Proceedings of the 12th Annual International Conference on Mobile Systems, Applications, and Services, pp. 176–189. ACM (2014)

    Google Scholar 

  13. Jermyn, I., Mayer, A.J., Monrose, F., Reiter, M.K., Rubin, A.D.: The design and analysis of graphical passwords. In: Usenix Security (1999)

    Google Scholar 

  14. Zakaria, N.H., Griffiths, D., Brostoff, S., Yan, J.: Shoulder surfing defense for recall-based graphical passwords. In: Proceedings of the Seventh Symposium on Usable Privacy and Security, pp. 6–18. ACM (2011)

    Google Scholar 

  15. Liu, X., Ren, Z., Chang, X., Gao, H., Aickelin, U.: Poster: draw a line on your PDA to authenticate (2010)

    Google Scholar 

  16. Uellenbeck, S., Dürmuth, M., Wolf, C., Holz, T.: Quantifying the security of graphical passwords: the case of android unlock patterns. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 161–172. ACM (2013)

    Google Scholar 

Download references

Acknowledgments

We thank Cameron Weigel, Tim Dovedot, Christina Vo, Auriana Shokrpour, Ashley Palma, and Michelle Gomez for contributing to this research.

Author information

Authors and Affiliations

  1. Department of Psychology, Old Dominion University, 250 Mills Goodwin Building, Norfolk, VA, 23529, USA

    Ashley A. Cain & Jeremiah D. Still

  2. Department of Psychology, San Jose State University, 157 Dudley Moorhead Hall, San Jose, CA, 95192, USA

    Liya Chiu & Felicia Santiago

Authors
  1. Ashley A. Cain
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Liya Chiu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Felicia Santiago
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jeremiah D. Still
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jeremiah D. Still .

Editor information

Editors and Affiliations

  1. Soar Technology, Inc. , Orlando, USA

    Denise Nicholson

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Cain, A.A., Chiu, L., Santiago, F., Still, J.D. (2016). Swipe Authentication: Exploring Over-the-Shoulder Attack Performance. In: Nicholson, D. (eds) Advances in Human Factors in Cybersecurity. Advances in Intelligent Systems and Computing, vol 501. Springer, Cham. https://doi.org/10.1007/978-3-319-41932-9_27

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-41932-9_27

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-41931-2

  • Online ISBN: 978-3-319-41932-9

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation