Optical character recognition
Password security: a case history
Communications of the ACM
Graphical dictionaries and the memorable space of graphical passwords
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
On user choice in graphical password schemes
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
The design and analysis of graphical passwords
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Human-seeded attacks and exploiting hot-spots in graphical passwords
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Reconsidering physical key secrecy: teleduplication via optical decoding
Proceedings of the 15th ACM conference on Computer and communications security
YAGP: Yet Another Graphical Password Strategy
ACSAC '08 Proceedings of the 2008 Annual Computer Security Applications Conference
Visual passwords: cure-all or snake-oil?
Communications of the ACM - Finding the Fun in Computer Science Education
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Heat of the moment: characterizing the efficacy of thermal camera-based attacks
WOOT'11 Proceedings of the 5th USENIX conference on Offensive technologies
TapLogger: inferring user inputs on smartphone touchscreens using on-board motion sensors
Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks
Touch me once and i know it's you!: implicit authentication based on touch screen patterns
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Graphical passwords: Learning from the first twelve years
ACM Computing Surveys (CSUR)
Multi-touch passwords for mobile device access
Proceedings of the 2012 ACM Conference on Ubiquitous Computing
A user-specific machine learning approach for improving touch accuracy on mobile devices
Proceedings of the 25th annual ACM symposium on User interface software and technology
Fingerprint attack against touch-enabled devices
Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices
Video-passwords: advertising while authenticating
Proceedings of the 2012 workshop on New security paradigms
Practicality of accelerometer side channels on smartphones
Proceedings of the 28th Annual Computer Security Applications Conference
Making graphic-based authentication secure against smudge attacks
Proceedings of the 2013 international conference on Intelligent user interfaces
A pilot study on the security of pattern screen-lock methods and soft side channel attacks
Proceedings of the sixth ACM conference on Security and privacy in wireless and mobile networks
Back-of-device authentication on smartphones
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Improving user authentication on mobile devices: a touchscreen graphical password
Proceedings of the 15th international conference on Human-computer interaction with mobile devices and services
A tap and gesture hybrid method for authenticating smartphone users
Proceedings of the 15th international conference on Human-computer interaction with mobile devices and services
Proceedings of the 19th annual international conference on Mobile computing & networking
Modifying smartphone user locking behavior
Proceedings of the Ninth Symposium on Usable Privacy and Security
Exploring the design space of graphical passwords on smartphones
Proceedings of the Ninth Symposium on Usable Privacy and Security
Usability and security evaluation of GeoPass: a geographic location-password scheme
Proceedings of the Ninth Symposium on Usable Privacy and Security
Single password authentication
Computer Networks: The International Journal of Computer and Telecommunications Networking
When kids' toys breach mobile phone security
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Quantifying the security of graphical passwords: the case of android unlock patterns
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
PIN skimmer: inferring PINs through the camera and microphone
Proceedings of the Third ACM workshop on Security and privacy in smartphones & mobile devices
FROST: forensic recovery of scrambled telephones
ACNS'13 Proceedings of the 11th international conference on Applied Cryptography and Network Security
On the security of picture gesture authentication
SEC'13 Proceedings of the 22nd USENIX conference on Security
Extended PIN Authentication Scheme Allowing Multi-Touch Key Input
Proceedings of International Conference on Advances in Mobile Computing & Multimedia
TrustID: trustworthy identities for untrusted mobile devices
Proceedings of the 4th ACM conference on Data and application security and privacy
Electronic Commerce Research
| Hi-index | 0.00 |
Touch screens are an increasingly common feature on personal computing devices, especially smartphones, where size and user interface advantages accrue from consolidating multiple hardware components (keyboard, number pad, etc.) into a single software definable user interface. Oily residues, or smudges, on the touch screen surface, are one side effect of touches from which frequently used patterns such as a graphical password might be inferred. In this paper we examine the feasibility of such smudge attacks on touch screens for smartphones, and focus our analysis on the Android password pattern. We first investigate the conditions (e.g., lighting and camera orientation) under which smudges are easily extracted. In the vast majority of settings, partial or complete patterns are easily retrieved. We also emulate usage situations that interfere with pattern identification, and show that pattern smudges continue to be recognizable. Finally, we provide a preliminary analysis of applying the information learned in a smudge attack to guessing an Android password pattern.