Description
TitleSecurity analysis of gesture passwords
Date Created2020
Other Date2020-01 (degree)
Extent1 online resource (xvi, 123 pages) : illustrations
DescriptionTouchscreens, the dominant input type for mobile devices, require unique authentication solutions. Gesture passwords have been proposed as an alternative ubiquitous authentication technique. Gesture authentication relies on recognition, wherein raw data is collected from user input and recognized by measuring the similarity between gestures with different algorithms. Our work analyzed the different aspects of gesture password security. First, since preprocessing in gesture recognizers is implemented to improve recognition accuracy, we examined the effects of three variables in preprocessing: location, rotation, and scale. We found that an authentication-optimal combination (location invariant, scale variant, and rotation variant) reduced the error rate by 45% on average compared to the recognition-optimal combination (all invariant). Secondly, we designed, implemented and evaluated a novel secure, robust and usable multi-expert recognizer for gesture passwords: Garda. Compared to 12 alternative approaches for building a recognizer, Garda achieved the lowest error rate (0.015) in authentication accuracy, and the lowest error rate (0.040) under imitation attacks; Garda also resisted all brute-force attacks. Furthermore, we proposed the first approach for measuring the security of gesture that includes guessing attacks that model real-world attacker behavior. Our dictionary of guessing attacks achieves a cracking rate of 48% after 10^9 guesses, which is a difference of 36 percentage points compared to the 12% cracking rate of the brute-force attack. Lastly, we quantified the security of various recognition passwords, including gestures and signatures, based on the passwords' distribution, modeling and enumerating the unseen passwords across a dataset. We compared the security of these recognition passwords to text passwords and Android unlock patterns with a partial guessing metric, a password security metric based on datasets of user-chosen passwords. We found that the baseline security of gestures and signatures is much higher than the security of Android unlock patterns.
NotePh.D.
NoteIncludes bibliographical references
Genretheses, ETD doctoral
LanguageEnglish
CollectionSchool of Graduate Studies Electronic Theses and Dissertations
Organization NameRutgers, The State University of New Jersey
RightsThe author owns the copyright to this work.