1 2 3 3 1 Secret Tap Secret Tap Secret Flick 1 An Examination of Icon-based User Authentication Method Using Flick Input for Mobile Terminals Kaoru Wasai 1 Fumio Sugai 2 Yosihiro Kita 3 Mi RangPark 3 Naonobu Okazaki 1 Abstract: Some authentication methods that lock and unlock the screen are widely used in order to prevent from information be stolen. However, there is no method suitable for mobile terminals that have both shoulder-surfing resistant and high usability. Secret Tap method uses icon and tap input and has high shoulder-surfing resistant. However, in order to have sufficiently low probability for breaking the authentication by accident, it needs many times of tap input in an authentication. In this paper we propose a new authentication method called Secret Flick method that extends the Secret Tap method with flick input. The proposed method achieves high usability by less number of inputs. Keywords: mobile terminals, shoulder-surfing attack, personal authentication 1. Android PIN(Personal Identification Number) 1 Uniersity of Miyazaki 2 Uniersity of Miyazaki 3 Kanagawa Institute of Technology c 2012 Information Processing Society of Japan 1
Secret Tap [1] 1 Secret Tap Secret Flick 2. 2.1...... 2.2.. 1 3. 3.1 Android Password Pattern [2] 4 3.2 Convex Hull Click Scheme(CHC)[3] 3.3 Secret Tap [1] c 2012 Information Processing Society of Japan 2
1 4 4. 2 2 4, 1 4,,., 1,,...,.,,,.,. Secret Tap 1 1/4,10 PIN 4 7. PIN Android password patturn.,,. 2 1.. 1 Secret Tap 16 4 1 1 Secret Tap [1] Fig. 1 Authentication screen of Secret Tap 4. 4.1 Secret Tap,., Secret Tap 1 Secret Tap 3.3 PIN Secret Tap Secret Flick 4.2 (1) (2). c 2012 Information Processing Society of Japan 3
.. (3) 10 PIN4. ATM 10 PIN4. brute-force (4) PIN4 4 4.0. 4.3 Secret Flick 2 2 +1. 3 +1 3 1 4 1 1 Secret Tap 1/4 1/20 10 PIN4 7 4 3.3 1 2 Secret Flick Fig. 2 Schematic diagram of the authentication screen of Secret Flick 5. 5.1 Java Android SDK Eclipse Android 5.2 Secret Flick Secret Tap 6. 6.1 Secret Tap 10 PIN4 1 10 4 PIN c 2012 Information Processing Society of Japan 4
1 Table 1 Comparison of proposed methods and existing methods for the probability of success by accident 3 4 5 Secret Tap 1/64 1/256 1/1024 Secret Flick 1/8000 1/160000 1/320000 10 PIN 1/1000 1/10000 10 5 6 7 n Secret Tap 1/4096 1/16384 4 n Secret Flick 1/16400000 1/128000000 20 n 10 PIN 10 6 10 7 10 n 3 Secret Flick Fig. 3 Authentication screen of Secret Flick 1 1 4 Secret Flick Fig. 4 Password icon setting screen of Secret Flick n Secret Tap 1/4 n Secret Flick 1/20 n Secret Tap 7 1/16384 4 10 PIN 7 Secret Flick 3 1/8000, 10 PIN PIN 4 1/160000 4 10 PIN 4 10 PIN 6.2 11 10 2 1 4.5% 6.3 Secret Tap SD(Semantic Differential) ( ) SD 2 Table 2 2 Measurment items and scores on the impression of each method Table 3 3 1 5 1 5 1 5 1 5 1 5 1 5 SD Results of the questionnaire using semantic differential method () () Secret Tap 4.1(0.8) 4.2(0.4) 3.8(1.0) 4.5(0.7) 2.7(1.1) 4.3(0.7) 4.4(0.9) Secret Flick 4.3(0.9) 3.7(0.9) 3.3(1.1) 4.6(0.7) 4.7(0.5) 4.2(0.8) 3.8(0.4) SD 3 Secret Tap Secret Flick c 2012 Information Processing Society of Japan 5
Secret Flick Secret Tap Secret Flick Secret Tap Secret Tap 4.4 Secret Flick 3.8 Secret Tap Secret Flick Secret Flick Secret Tap PIN Secret Flick 11 9 Secret Flick 7. Secret Flick [1],,,,,,, (DICOMO2012), pp.2402-2409(2012). [2] Google Android-open source project http://sourve.android.com/ [3] S.Wiedenbeck J.Waters L.Sobrado and J.Birget, Design and Evaluation of a Shoulder-Surfing Resistant Graphical Password Scheme in International Working Conference on Advanced Visual Interfaces(AVI) May 2006. c 2012 Information Processing Society of Japan 6