Independent Study Defense – Sai Krishna Chigurupati

Time: 10am, August 11, 2017.
Student: Sai Krishna Chigurupati.
Remotely through

Pattern unlock is one of the most frequently used screen unlock mechanisms to protect the devices from unauthorized accesses. However, the popularity of pattern unlock has made it the target of various attacks. In this study, we focus on smudge attacks which were specifically proposed against pattern unlock.By observing the oily smudge left on the device screen, the attacker can easily recover the user’s unlock pattern. Current solutions improve the security of pattern unlock by either changing the user interface for pattern entry or requiring users to use complex patterns, which significantly reduce the usability of pattern unlock. To this end, we propose a novel scheme called M-pattern which can improve the security of pattern unlock against smudge attacks without significantly compromising the usability. In stead of using a single pattern, M-pattern uses multiple patterns for screen unlocking. The unlock pattern to be used for unlocking can be inferred from a visual cue (the background image in our study) displayed on the device screen. With M-pattern, users can choose multiple simple patterns that result in smudges overlapped with each other. Thus, the unlock patterns are much harder to be recovered by the attacker. We performed a theoretical security analysis to demonstrate that M-pattern has significantly better security than normal pattern unlock. A pilot user study was also carried out to investigate the usability of M-pattern. The preliminary result showed that the average authentication time is about 1 s longer than that of normal pattern unlock. This degree of compromising in usability is acceptable for the much stronger security.

Posted on .