LanguageTerm (authority = ISO 639-3:2007); (type = text)
English
Abstract (type = abstract)
Touchscreens, the dominant input type for mobile devices, require unique authentication solutions. Gesture passwords have been proposed as an alternative ubiquitous authentication technique. Gesture authentication relies on recognition, wherein raw data is collected from user input and recognized by measuring the similarity between gestures with different algorithms. Our work analyzed the different aspects of gesture password security. First, since preprocessing in gesture recognizers is implemented to improve recognition accuracy, we examined the effects of three variables in preprocessing: location, rotation, and scale. We found that an authentication-optimal combination (location invariant, scale variant, and rotation variant) reduced the error rate by 45% on average compared to the recognition-optimal combination (all invariant). Secondly, we designed, implemented and evaluated a novel secure, robust and usable multi-expert recognizer for gesture passwords: Garda. Compared to 12 alternative approaches for building a recognizer, Garda achieved the lowest error rate (0.015) in authentication accuracy, and the lowest error rate (0.040) under imitation attacks; Garda also resisted all brute-force attacks. Furthermore, we proposed the first approach for measuring the security of gesture that includes guessing attacks that model real-world attacker behavior. Our dictionary of guessing attacks achieves a cracking rate of 48% after 10^9 guesses, which is a difference of 36 percentage points compared to the 12% cracking rate of the brute-force attack. Lastly, we quantified the security of various recognition passwords, including gestures and signatures, based on the passwords' distribution, modeling and enumerating the unseen passwords across a dataset. We compared the security of these recognition passwords to text passwords and Android unlock patterns with a partial guessing metric, a password security metric based on datasets of user-chosen passwords. We found that the baseline security of gestures and signatures is much higher than the security of Android unlock patterns.
Subject (authority = local)
Topic
Authentication
Subject (authority = RUETD)
Topic
Electrical and Computer Engineering
Subject (authority = LCSH)
Topic
Computers -- Access control
RelatedItem (type = host)
TitleInfo
Title
Rutgers University Electronic Theses and Dissertations
I hereby grant to the Rutgers University Libraries and to my school the non-exclusive right to archive, reproduce and distribute my thesis or dissertation, in whole or in part, and/or my abstract, in whole or in part, in and from an electronic format, subject to the release date subsequently stipulated in this submittal form and approved by my school. I represent and stipulate that the thesis or dissertation and its abstract are my original work, that they do not infringe or violate any rights of others, and that I make these grants as the sole owner of the rights to my thesis or dissertation and its abstract. I represent that I have obtained written permissions, when necessary, from the owner(s) of each third party copyrighted matter to be included in my thesis or dissertation and will supply copies of such upon request by my school. I acknowledge that RU ETD and my school will not distribute my thesis or dissertation or its abstract if, in their reasonable judgment, they believe all such rights have not been secured. I acknowledge that I retain ownership rights to the copyright of my work. I also retain the right to use all or part of this thesis or dissertation in future works, such as articles or books.