Picture gesture authentication

Empirical analysis, automated attacks, and scheme evaluation

Ziming Zhao, Gail-Joon Ahn, Hongxin Hu

Research output: Contribution to journalArticle

12 Citations (Scopus)

Abstract

Picture gesture authentication has been recently introduced as an alternative login experience to text-based password on touch-screen devices. In particular, the newly on market Microsoft Windows 8TM operating system adopts such an alternative authentication to complement its traditional text-based authentication. We present an empirical analysis of picture gesture authentication on more than 10,000 picture passwords collected from more than 800 subjects through online user studies. Based on the findings of our user studies, we propose a novel attack framework that is capable of cracking passwords on previously unseen pictures in a picture gesture authentication system. Our approach is based on the concept of selection function that models users' thought processes in selecting picture passwords. Our evaluation results show the proposed approach could crack a considerable portion of picture passwords under different settings. Based on the empirical analysis and attack results, we comparatively evaluate picture gesture authentication using a set of criteria for a better understanding of its advantages and limitations.

Original languageEnglish (US)
Article number14
JournalACM Transactions on Information and System Security
Volume17
Issue number4
DOIs
StatePublished - Apr 1 2015

Fingerprint

Authentication
Windows operating system
Touch screens
Cracks

Keywords

  • Automated attacks
  • Empirical analysis
  • Picture gesture authentication
  • Scheme evaluation

ASJC Scopus subject areas

  • Computer Science(all)
  • Safety, Risk, Reliability and Quality

Cite this

Picture gesture authentication : Empirical analysis, automated attacks, and scheme evaluation. / Zhao, Ziming; Ahn, Gail-Joon; Hu, Hongxin.

In: ACM Transactions on Information and System Security, Vol. 17, No. 4, 14, 01.04.2015.

Research output: Contribution to journalArticle

@article{d26ceac153254a61888b347550bd26f9,
title = "Picture gesture authentication: Empirical analysis, automated attacks, and scheme evaluation",
abstract = "Picture gesture authentication has been recently introduced as an alternative login experience to text-based password on touch-screen devices. In particular, the newly on market Microsoft Windows 8TM operating system adopts such an alternative authentication to complement its traditional text-based authentication. We present an empirical analysis of picture gesture authentication on more than 10,000 picture passwords collected from more than 800 subjects through online user studies. Based on the findings of our user studies, we propose a novel attack framework that is capable of cracking passwords on previously unseen pictures in a picture gesture authentication system. Our approach is based on the concept of selection function that models users' thought processes in selecting picture passwords. Our evaluation results show the proposed approach could crack a considerable portion of picture passwords under different settings. Based on the empirical analysis and attack results, we comparatively evaluate picture gesture authentication using a set of criteria for a better understanding of its advantages and limitations.",
keywords = "Automated attacks, Empirical analysis, Picture gesture authentication, Scheme evaluation",
author = "Ziming Zhao and Gail-Joon Ahn and Hongxin Hu",
year = "2015",
month = "4",
day = "1",
doi = "10.1145/2701423",
language = "English (US)",
volume = "17",
journal = "ACM Transactions on Information and System Security",
issn = "1094-9224",
publisher = "Association for Computing Machinery (ACM)",
number = "4",

}

TY - JOUR

T1 - Picture gesture authentication

T2 - Empirical analysis, automated attacks, and scheme evaluation

AU - Zhao, Ziming

AU - Ahn, Gail-Joon

AU - Hu, Hongxin

PY - 2015/4/1

Y1 - 2015/4/1

N2 - Picture gesture authentication has been recently introduced as an alternative login experience to text-based password on touch-screen devices. In particular, the newly on market Microsoft Windows 8TM operating system adopts such an alternative authentication to complement its traditional text-based authentication. We present an empirical analysis of picture gesture authentication on more than 10,000 picture passwords collected from more than 800 subjects through online user studies. Based on the findings of our user studies, we propose a novel attack framework that is capable of cracking passwords on previously unseen pictures in a picture gesture authentication system. Our approach is based on the concept of selection function that models users' thought processes in selecting picture passwords. Our evaluation results show the proposed approach could crack a considerable portion of picture passwords under different settings. Based on the empirical analysis and attack results, we comparatively evaluate picture gesture authentication using a set of criteria for a better understanding of its advantages and limitations.

AB - Picture gesture authentication has been recently introduced as an alternative login experience to text-based password on touch-screen devices. In particular, the newly on market Microsoft Windows 8TM operating system adopts such an alternative authentication to complement its traditional text-based authentication. We present an empirical analysis of picture gesture authentication on more than 10,000 picture passwords collected from more than 800 subjects through online user studies. Based on the findings of our user studies, we propose a novel attack framework that is capable of cracking passwords on previously unseen pictures in a picture gesture authentication system. Our approach is based on the concept of selection function that models users' thought processes in selecting picture passwords. Our evaluation results show the proposed approach could crack a considerable portion of picture passwords under different settings. Based on the empirical analysis and attack results, we comparatively evaluate picture gesture authentication using a set of criteria for a better understanding of its advantages and limitations.

KW - Automated attacks

KW - Empirical analysis

KW - Picture gesture authentication

KW - Scheme evaluation

UR - http://www.scopus.com/inward/record.url?scp=84928468420&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84928468420&partnerID=8YFLogxK

U2 - 10.1145/2701423

DO - 10.1145/2701423

M3 - Article

VL - 17

JO - ACM Transactions on Information and System Security

JF - ACM Transactions on Information and System Security

SN - 1094-9224

IS - 4

M1 - 14

ER -