Publication of the week: Nasiru Ibrahim & Dr Harin Sellahewa

Ibrahim, N. & H. Sellahewa, “Touch gesture-based authentication: A security analysis of Pattern Unlock”, IEEE International Conference on Identity, Security and Behavior Analysis (New Delhi, 2017). DOI: 10.1109/ISBA.2017.7947711.

Pattern Unlock is one in a family of graphical passwords used on smart mobile devices. They were proposed as an alternative to PIN and Password, as a result of a study that showed better human memorability of visual words than textual. Researchers have made several attempts to analyse and quantify the security of Pattern Unlock. However, only a few studies have been done on human characteristics and the correlation to choice of patterns.

In this paper, the authors investigate the Android Pattern Unlock authentication and present a comprehensive analysis of user pattern characteristics and strength of patterns generated by users. They extended the analysis by looking in depth into gender and also different Android operated devices were looked into to get the lock-out and wait time, to lay the foundations of a practical security framework.

The results (125 participants) indicated how users weakly choose their patterns by simply embedding and reusing patterns that are alphabetic or numeric-like, and having a strength score less than 27bits of entropy. The results highlighted the need to make users more aware and conscious when choosing their authentication patterns.

The full text of the paper is available via BEAR (Buckingham E-Archive of Research) or IEEE Xplore.

Nasiru Ibrahim is a DPhil research student in the Department of Applied Computing. Dr Harin Sellahewa is Head of Department and Senior Lecturer.