BlindLock:一种有效防范污迹攻击的图案锁系统

计算机科学 ›› 2015, Vol. 42 ›› Issue (Z11): 364-367.

BlindLock:一种有效防范污迹攻击的图案锁系统

吴继杰,曹天杰,翟靖轩

中国矿业大学计算机科学与技术学院徐州221000,中国矿业大学计算机科学与技术学院徐州221000,中国矿业大学计算机科学与技术学院徐州221000

出版日期:2018-11-14 发布日期:2018-11-14
基金资助:
本文受江苏省“333工程”科研项目(BRA2014047),江苏省“六大人才高峰”科研项目(2014-WLW-023)资助

BlindLock:An Effective Pattern Lock System Against Smudge Attack

WU Ji-jie, CAO Tian-jie and ZHAI Jing-xuan

Online:2018-11-14 Published:2018-11-14

摘要/Abstract

摘要： 现阶段,越来越多的智能手机使用图案锁作为身份认证机制。为解锁智能手机,用户需要将解锁图案绘制在屏幕上,这样就不可避免地留下油性残留物,又称污迹。敌手可以利用污迹重现解锁图案,使用户的隐私受到威胁。通过对现有图案锁的研究,提出了一种能在衣服口袋中进行解锁的系统:BlindLock图案锁系统。BlindLock图案锁利用覆盖原理抵抗污迹攻击,同时利用视觉闭塞原理抵抗肩窥攻击。用户研究表明:BlindLock可在不改变原有图形记忆方式和增加最少解锁时间的情况下显著提升系统安全性、可用性和密码空间。

关键词: 图案锁,智能手机,污迹攻击,肩窥攻击,认证

Abstract: Recently,a growing number of mobile devices use pattern lock as the identity authentication mechanism.To unlock a smartphone,a user must draw a memorized graphical pattern with a finger on the touchscreen where the finger actually leaves its oily residues,also called smudges.The smudges can be exploited by adversaries to reproduce the secret pattern,so that the user’s privacy is always revealed.Based on the research of the existing patten lock,we presented BlindLock as our main result.BlindLock can not only unlock in a pocket,but also use the cover principle to resist smudge attacks and use theory of visual occlusion to resist shoulder surfing attacks.Our user study also shows that BlindLock can significantly improve security,usability and password space of the pattern lock system while incurring minimal cost increase in terms of unlocking time and keeping the original graphics memory.

Key words: Pattern lock,Smartphone,Smudge attack,Shoulder-surfing attack,Authentication

吴继杰,曹天杰,翟靖轩. BlindLock:一种有效防范污迹攻击的图案锁系统[J]. 计算机科学, 2015, 42(Z11): 364-367. https://doi.org/

WU Ji-jie, CAO Tian-jie and ZHAI Jing-xuan. BlindLock:An Effective Pattern Lock System Against Smudge Attack[J]. Computer Science, 2015, 42(Z11): 364-367. https://doi.org/

参考文献

[1] Suo X,Zhu Y,Owen G S.Analysis and design of graphical password techniques[M]∥Advances in Visual Computing.Springer Berlin Heidelberg,2006:741-749
[2] Suo X,Zhu Y,Owen G S.Graphical passwords:A survey[C]∥21st Annual Computer Security Applications Conference.IEEE,2005:472
[3] Aviv A J,Gibson K,Mossop E,et al.Smudge attacks on smartphone touch screens[C]∥Proceedings of the 4th USENIX Conference on Offensive Technologies.USENIX Association,2010:1-7
[4] Von Zezschwitz E,Koslow A,De Luca A,et al.Making graphic-based authentication secure against smudge attacks[C]∥Proceedings of the 2013 International Conference on Intelligent user Interfaces.ACM,2013:277-286
[5] Kim S,Yi H,Yi J H.FakePIN:Dummy Key Based Mobile User Authentication Scheme[M]∥Ubiquitous Information Technologies and Applications.Springer Berlin Heidelberg,2014:157-164
[6] Kim H W,Kang A,Barolli L,et al.Efficient locking schemewith OPOF on smart devices[M]∥Advances in Computer Science and its Applications.Springer Berlin Heidelberg,2014:369-378
[7] Andriotis P,Tryfonas T,Oikonomou G,et al.A pilot study on the security of pattern screen-lock methods and soft side channel attacks[C]∥Proceedings of the Sixth ACM Conference on Security and Privacy in Wireless and Mobile Networks.ACM,2013:1-6
[8] Airowaily K,Alrubaian M.Oily residuals security threat on smart phones[C]∥2011 First International Conferenceon Robot,Vision and Signal Processing(RVSP).IEEE,2011:300-302
[9] Tari F,Ozok A,Holden S H.A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords[C]∥Proceedings of the Second Symposium on Usable Privacy and Security.ACM,2006:56-66
[10] Schaub F,Deyhle R,Weber M.Password entry usability andshoulder surfing susceptibility on different smartphone platforms[C]∥Proceedings of the 11th International Conference on Mobile and Ubiquitous Multimedia.ACM,2012:13
[11] Wu T S,Lee M L,Lin H Y,et al.Shoulder-surfing-proof graphi-cal password authentication scheme[J].International journal of information security,2014,13(3):245-254
[12] Chakraborty N,Mondal S.SLASS:Secure login against shoulder surfing[M]∥Recent Trends in Computer Networks and Distributed Systems Security.Springer Berlin Heidelberg,2014:346-357
[13] Hirotaka N.Reassessing current cell phone designs:usingthumb input effectively[C]∥Extended Abstracts on Human Factors in Computing Systems(CHI’03).ACM,2003:938-939
[14] Jermyn I,Mayer A,Monrose F,et al.The design and analysis of graphical passwords[C]∥Proceedings of the 8th USENIX Security Symposium.1999:1
[15] Wiedenbeck S,Waters J,Birget J C,et al.PassPoints:Design and longitudinal evaluation of a graphical password system[J].International Journal of Human-Computer Studies,2005,63(1):102-127
[16] Bicakci K,Atalay N B,Yuceel M,et al.Towards usable solutions to graphical password hotspot problem[C]∥33rd Annual IEEE International Computer Software and Applications Conference,2009(COMPSAC’09).IEEE,2009:318-323

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed