On the security of picture gesture authentication

Ziming Zhao, Gail Joon Ahn, Jeong Jin Seo, Hongxin Hu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

31 Scopus citations

Abstract

Computing devices with touch-screens have experienced unprecedented growth in recent years. Such an evolutionary advance has been facilitated by various applications that are heavily relying on multi-touch gestures. In addition, picture gesture authentication has been recently introduced as an alternative login experience to text-based password on such devices. In particular, the new Microsoft Windows 8™ operating system adopts such an alternative authentication to complement traditional text-based authentication. In this paper, we present an empirical analysis of picture gesture authentication on more than 10, 000 picture passwords collected from over 800 subjects through online user studies. Based on the findings of our user studies, we also propose a novel attack framework that is capable of cracking passwords on previously unseen pictures in a picture gesture authentication system. Our approach is based on the concept of selection function that models users' password selection processes. Our evaluation results show the proposed approach could crack a considerable portion of collected picture passwords under different settings.

Original languageEnglish (US)
Title of host publicationProceedings of the 22nd USENIX Security Symposium
PublisherUSENIX Association
Pages383-398
Number of pages16
ISBN (Electronic)9781931971034
StatePublished - Jan 1 2013
Event22nd USENIX Security Symposium - Washington, United States
Duration: Aug 14 2013Aug 16 2013

Publication series

NameProceedings of the 22nd USENIX Security Symposium

Conference

Conference22nd USENIX Security Symposium
CountryUnited States
CityWashington
Period8/14/138/16/13

    Fingerprint

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Information Systems
  • Safety, Risk, Reliability and Quality

Cite this

Zhao, Z., Ahn, G. J., Seo, J. J., & Hu, H. (2013). On the security of picture gesture authentication. In Proceedings of the 22nd USENIX Security Symposium (pp. 383-398). (Proceedings of the 22nd USENIX Security Symposium). USENIX Association.