Developing and evaluating a gestural and tactile mobile interface to support user authentication

Thumbnail Image

Files

Ali141.pdf (2.55 MB)
Ali141.epub (600.85 KB)

Links to Files

https://www.ideals.illinois.edu/handle/2142/89290

Permanent Link

https://doi.org/10.9776/16141
 http://hdl.handle.net/11603/19891

Collections

UMBC Information Systems Department
UMBC Faculty Collection

Author/Creator

Author/Creator ORCID

Date

2016-03-08

Type of Work

conference papers and proceedings
Text

Department

Program

Citation of Original Publication

Ali, Abdullah; Aviv, Adam J.; Kuber, Ravi; Developing and evaluating a gestural and tactile mobile interface to support user authentication; IConference 2016 Proceedings; https://www.ideals.illinois.edu/handle/2142/89290

Rights

This item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author.
Public Domain Mark 1.0
This work was written as part of one of the author's official duties as an Employee of the United States Government and is therefore a work of the United States Government. In accordance with 17 U.S.C. 105, no copyright protection is available for such works under U.S. Law.

Subjects

Abstract

As awareness grows surrounding the importance of protecting sensitive data, stored on or accessed through a mobile device, a need has been identified to develop authentication schemes which better match the needs of users, and are more resistant to observer attacks. This paper describes the design and evaluation of H4Plock (pronounced “Hap-lock”), a novel authentication mechanism to address the situation. In order to authenticate, the user enters up to four pre-selected on-screen gestures, informed by tactile prompts. The system has been designed in such a way that the sequence of gestures will vary on each authentication attempt, reducing the capability of a shoulder surfer to recreate entry. 94.1% of participants were able to properly authenticate using H4Plock, with 73.3% successfully accessing the system after a gap of five days without rehearsal. Only 23.5% of participants were able to successfully recreate passcodes in a video-based attack scenario, where gestures were unique in design and entered at different locations around the interface.