TWC: Small: Collaborative: Secure and Usable Mobile Authentication for People with Visual Impairment

Project: Research project

Project Details


TWC: Small: Collaborative: Secure and Usable Mobile Authentication for People with Visual Impairment 1 Introduction Mobile devices such as smartphones, tablets, and eReaders have penetrated into everyday life. According to a recent Cisco report [1], the number of mobile-connected devices will exceed the world population in 2013 and hit 10 billion in 2016. In particular, the number of active smartphone users around the world has surpassed one billion and will double by 2015 [2], and the number of smartphone users in the US will grow from 115.8 million in 2012 to 192.4 million by 2016 [3]. In addition, eMarketer projected that the number of tablet users in the US will rise from 69.6 million in 2012 to 133.5 million by 2015 [4]. People are using mobile devices in every aspect of life, including voice/video communications, Internet browsing, web transactions, online banking, reading, multimedia playing, gaming, business operations, route planning and navigation, personal health and wellbeing, etc. Mobile authenticationletting mobile devices ascertain whom they are interacting withis necessary for preventing unauthorized access to mobile devices with increasingly more private information. In particular, the losses and thefts of mobile devices are quickly rising along with their explosive popularity. For example, statistics show that 113 mobile phones are lost or stolen every minute in the US, 120,000 mobile phones are lost annually on Chicago taxi cabs [5], and more than two million mobile phones are stolen in the UK every year, causing a financial loss of 390 million British pounds a year [6]. In addition, a single mobile device may be commonly shared by multiple users on a temporary or permanent basis. For example, we may let our children play age-appropriate games on the tablet and let a friend temporarily use it for checking and sending emails. Sound mechanisms thus are needed to prevent a device holder from either logging into the mobile device in the cases of device losses/thefts or performing unauthorized actions (e.g., reading sensitive information) in the cases of device sharing. As such, many mobile authentication techniques have been proposed/implemented and can be broadly classified into three categories: something you know such as alphanumeric/graphical/gesture passwords [7], something you have such as a hardware token [8, 9], and someone you are such as biological and behavioral characteristics [10, 11]. Despite significant progress in mobile authentication for sighted people, secure and usable mobile authentication for people with visual impairment remains largely under-explored. TheWorld Health Organization estimated that about 285 million people worldwide are visually impaired [12]. In addition, 21.5 million US adults age 18 and older are visually impaired according to the 2010 National Health Interview Survey [13]. More and more visually impaired people are using smartphones and tablets with accessibility features such as iPhone/iPad with the VoiceOver feature and Samsung Galaxy Nexus with the TalkBack feature. Mobile authentication techniques developed for the general sighted population, however, are inaccessible to the visually impaired [14]. For example, entering alphanumeric/graphical passwords are an obvious obstacle for them and also susceptible to shoulder surfing attacks because the passwords can be potentially observed by malicious bystanders [15]; the token-based methods [8, 9] require specially built hardware devices not available on the market; and biometric techniques based on face, iris, and voice recognition are vulnerable to well known spoofing mechanisms [9]. For example, the fingerprint authentication feature on the latest iPhone 5S has been quickly broken [16, 17]. To the best of our knowledge, PassChords [14] is the only work dedicated to mobile authentication for the visually impaired. Aiming at multi-touch smartphones and tablets, PassChords requires a user to unlock a mobile device by tapping several times on the multi-touch screen with one or more fingers, and the sets of fingers in all the taps together compose a password to be compared with one stored on the mobile device. Although promising results have been shown from usability studies, the first-order entropy of a 4-tap password is only about 12.6 bits with an authentication failure rate at 16.3% [14]. In addition, the strength of PassChords passwords is not rigorously studied. Our preliminary experiments also reveal that PassChords is very vulnerable to shoulder-surfing attacks [15]. There is thus a pressing need for more secure and usable mobile authentication techniques for the visually impaired. 1.1 Proposed Research This proposal outlines a challenging research plan on developing, prototyping, and evaluating secure and usable mobile authentication techniques for the visually impaired. Harnessing the hardware advances in modern mobile devices, our proposed techniques combine the something-you-know, something-you-have, and someone-you-are methodologies in a unique fashion. There are four main research thrusts. Multi-touch authentication: This thrust is to investigate novel authentication techniques based on the multitouch screen which is becoming a standard feature on modern modern devices. 1
Effective start/end date8/1/147/31/18


  • National Science Foundation (NSF): $350,000.00


Explore the research topics touched on by this project. These labels are generated based on the underlying awards/grants. Together they form a unique fingerprint.