Security analysis of gesture passwords

RUcore: Rutgers University Community Repository

Search
- All
- Text
- Images
- Audio
- Video
Advanced Search | Help

Search all content in all RUcore collections.
Services
Collections

Help Contact Us My Account

Home

Resource

Staff View

Security analysis of gesture passwords

Descriptive Metadata

Rights Metadata

Technical Metadata

Descriptive

TitleInfo

Title

Security analysis of gesture passwords

Name (type = personal)

NamePart (type = family)

Liu

NamePart (type = given)

Can

NamePart (type = date)

1987-

DisplayForm

Can Liu

Role

RoleTerm (authority = RULIB)

author

Name (type = personal)

NamePart (type = family)

Lindqvist

NamePart (type = given)

Janne

DisplayForm

Janne Lindqvist

Affiliation

Advisory Committee

Role

RoleTerm (authority = RULIB)

chair

Name (type = personal)

NamePart (type = family)

Trappe

NamePart (type = given)

Wade

DisplayForm

Wade Trappe

Affiliation

Advisory Committee

Role

RoleTerm (authority = RULIB)

internal member

Name (type = personal)

NamePart (type = family)

Howard

NamePart (type = given)

Richard

DisplayForm

Richard Howard

Affiliation

Advisory Committee

Role

RoleTerm (authority = RULIB)

internal member

Name (type = personal)

NamePart (type = family)

Firner

NamePart (type = given)

Bernhard

DisplayForm

Bernhard Firner

Affiliation

Advisory Committee

Role

RoleTerm (authority = RULIB)

outside member

Name (type = corporate)

NamePart

Rutgers University

Role

RoleTerm (authority = RULIB)

degree grantor

Name (type = corporate)

NamePart

School of Graduate Studies

Role

RoleTerm (authority = RULIB)

school

TypeOfResource

Text

Genre (authority = marcgt)

theses

OriginInfo

DateCreated (encoding = w3cdtf); (keyDate = yes); (qualifier = exact)

2020

DateOther (encoding = w3cdtf); (qualifier = exact); (type = degree)

2020-01

CopyrightDate (encoding = w3cdtf); (qualifier = exact)

2020

Language

LanguageTerm (authority = ISO 639-3:2007); (type = text)

English

Abstract (type = abstract)

Touchscreens, the dominant input type for mobile devices, require unique authentication solutions. Gesture passwords have been proposed as an alternative ubiquitous authentication technique. Gesture authentication relies on recognition, wherein raw data is collected from user input and recognized by measuring the similarity between gestures with different algorithms. Our work analyzed the different aspects of gesture password security. First, since preprocessing in gesture recognizers is implemented to improve recognition accuracy, we examined the effects of three variables in preprocessing: location, rotation, and scale. We found that an authentication-optimal combination (location invariant, scale variant, and rotation variant) reduced the error rate by 45% on average compared to the recognition-optimal combination (all invariant). Secondly, we designed, implemented and evaluated a novel secure, robust and usable multi-expert recognizer for gesture passwords: Garda. Compared to 12 alternative approaches for building a recognizer, Garda achieved the lowest error rate (0.015) in authentication accuracy, and the lowest error rate (0.040) under imitation attacks; Garda also resisted all brute-force attacks. Furthermore, we proposed the first approach for measuring the security of gesture that includes guessing attacks that model real-world attacker behavior. Our dictionary of guessing attacks achieves a cracking rate of 48% after 10^9 guesses, which is a difference of 36 percentage points compared to the 12% cracking rate of the brute-force attack. Lastly, we quantified the security of various recognition passwords, including gestures and signatures, based on the passwords' distribution, modeling and enumerating the unseen passwords across a dataset. We compared the security of these recognition passwords to text passwords and Android unlock patterns with a partial guessing metric, a password security metric based on datasets of user-chosen passwords. We found that the baseline security of gestures and signatures is much higher than the security of Android unlock patterns.

Subject (authority = local)

Topic

Authentication

Subject (authority = RUETD)

Topic

Electrical and Computer Engineering

Subject (authority = LCSH)

Topic

Computers -- Access control

RelatedItem (type = host)

TitleInfo

Title

Rutgers University Electronic Theses and Dissertations

Identifier (type = RULIB)

ETD

Identifier

ETD_10447

PhysicalDescription

Form (authority = gmd)

InternetMediaType

application/pdf

InternetMediaType

text/xml

Extent

1 online resource (xvi, 123 pages) : illustrations

Note (type = degree)

Ph.D.

Note (type = bibliography)

Includes bibliographical references

RelatedItem (type = host)

TitleInfo

Title

School of Graduate Studies Electronic Theses and Dissertations

Identifier (type = local)

rucore10001600001

Location

PhysicalLocation (authority = marcorg); (displayLabel = Rutgers, The State University of New Jersey)

NjNbRU

Identifier (type = doi)

doi:10.7282/t3-rksy-9279

Genre (authority = ExL-Esploro)

ETD doctoral

Back to the top

Rights

RightsDeclaration (ID = rulibRdec0006)

The author owns the copyright to this work.

RightsHolder (type = personal)

Name

FamilyName

Liu

GivenName

Can

Role

RightsEvent

Type

Permission or license

DateTime (encoding = w3cdtf); (qualifier = exact); (point = start)

2019-12-24 18:13:26

AssociatedEntity

Name

Can Liu

Role

Affiliation

Rutgers University. School of Graduate Studies

AssociatedObject

Type

License

Name

Author Agreement License

Detail

I hereby grant to the Rutgers University Libraries and to my school the non-exclusive right to archive, reproduce and distribute my thesis or dissertation, in whole or in part, and/or my abstract, in whole or in part, in and from an electronic format, subject to the release date subsequently stipulated in this submittal form and approved by my school. I represent and stipulate that the thesis or dissertation and its abstract are my original work, that they do not infringe or violate any rights of others, and that I make these grants as the sole owner of the rights to my thesis or dissertation and its abstract. I represent that I have obtained written permissions, when necessary, from the owner(s) of each third party copyrighted matter to be included in my thesis or dissertation and will supply copies of such upon request by my school. I acknowledge that RU ETD and my school will not distribute my thesis or dissertation or its abstract if, in their reasonable judgment, they believe all such rights have not been secured. I acknowledge that I retain ownership rights to the copyright of my work. I also retain the right to use all or part of this thesis or dissertation in future works, such as articles or books.

RightsEvent

Type

Embargo

DateTime (encoding = w3cdtf); (qualifier = exact); (point = start)

2020-01-31

DateTime (encoding = w3cdtf); (qualifier = exact); (point = end)

2022-01-30

Detail

Access to this PDF has been restricted at the author's request. It will be publicly available after January 30th, 2022.

Status

Availability

Status

Open

Reason

Permission or license

Back to the top

Technical

RULTechMD (ID = TECHNICAL1)

ContentModel

ETD

OperatingSystem (VERSION = 5.1)

windows xp

CreatingApplication

Version

1.5

ApplicationName

pdfTeX-1.40.18

DateCreated (point = end); (encoding = w3cdtf); (qualifier = exact)

2020-01-10T00:27:07

DateCreated (point = end); (encoding = w3cdtf); (qualifier = exact)

2020-01-10T00:27:07

Back to the top

Version 8.5.5