ADVERTISEMENT
  About the SA Blog Network













Observations

Observations


Opinion, arguments & analyses from the editors of Scientific American
Observations HomeAboutContact

Squiggly Lines Secure Smartphones

The views expressed are those of the author and are not necessarily those of Scientific American.


Email   PrintPrint



Researchers studied the practicality of using free-form gestures for access authentication on smart phones and tablets. Image courtesy of Michael Sherman, Gradeigh Clark, Yulong Yang, Shridatt Sugrim, Arttu Modig, Janne Lindqvist, Antti Oulasvirta, and Teemu Roos; Rutgers University, Max-Planck Institute for Informatics and University of Helsinki.

To protect your financial and personal data, most mobiles come with PIN-based security, biometrics or number grids that require you to retrace a particular pattern to access your device. But is that good enough in crowded places full of spying eyes?

Not necessarily, according to a team of researchers from Rutgers University in New Jersey, Max Planck Institute for Informatics and Saarland University in Germany, and the University of Helsinki in Finland. Thieves snagged about 3.1 million smartphones in the U.S. alone last year, according to a Consumer Reports study released in May. Most of those phones are not likely to be protected by screen locks—only about one third of mobile phone users surveyed use a four-digit PIN. And even passcode-protected phones are vulnerable to “shoulder surfing” thieves who can glean PINs by observing their victims using their devices in a crowded location before striking, according to the researchers.

As an alternative to PINs and passcodes, the researchers are studying the feasibility of touchscreen drawings, which they call “gestures.”  In such a scenario, users would set their “password” by using one or more fingers to draw a line, curve or some other pattern on their touchscreens. The device would assign a value to the gesture. Users would have to replicate that same gesture on the screen—coming reasonably close to the assigned value—to later unlock the device.

“Once the user has come up with a repeatable gesture, it is really hard for others to do [the gesture] accurately because of your unique characteristics of your hand, muscles and joints,” says Janne Lindqvist, one of the project’s leaders and an assistant professor in Rutgers’ School of Engineering’s Department of Electrical and Computer Engineering. A “recognizer” program then identifies such a gesture as unique to that user.

In a study, the researchers asked participants to draw a pattern, replicate the pattern and then reproduce it again during a second session at least 10 days later. Because reproducing patterns and designs with total accuracy isn’t likely, the software accepts motions that deviate from the original to a certain degree. Likely, that degree would be adjustable depending on the level of security desired.

A secure gesture should have both “inherent complexity and easiness to perform,” the researchers concluded in a study they will present June 18 at the MobiSys 2014 conference in New Hampshire. Signatures fit both categories well because, though complex for a thief to reproduce, they are easy for a device owner to remember and replicate.

This novel idea is still in the lab and may not necessarily make its way to future generations of iPhones. Still, the researchers’ look into free-form gesture recognition as a security mechanism turned up some interesting results.

  • Unlike an alphanumeric password, longer or more complicated gestures were not necessarily more secure than shorter, simpler patterns.
  • The most secure gestures featured many sharp turns, not coincidentally, of the kind used to draw letters in a signature.
  • Less secure gestures had fewer turns. In addition, those turns were gentle and tended to curve in the same direction—a circle, for example.
  • In general, participants had little difficulty reproducing the shape of the gesture they had chosen. Most of their errors came when they tried to create and then replicate a gesture that required multiple fingers.
Larry Greenemeier About the Author: Larry Greenemeier is the associate editor of technology for Scientific American, covering a variety of tech-related topics, including biotech, computers, military tech, nanotech and robots. Follow on Twitter @lggreenemeier.

The views expressed are those of the author and are not necessarily those of Scientific American.





Rights & Permissions

Comments 2 Comments

Add Comment
  1. 1. peter@alpega.com 7:09 pm 06/17/2014

    I’ve been using one of these “gestures” for over 70 years now. I call it a signature. Seems to work a treat, just needs to be made to work on electronic devices.
    Peter A

    Link to this
  2. 2. Richieo 5:45 am 06/18/2014

    So, what happened to fingerprint, palm-print and eye reading, which were going to be the “ultimate” security measure???

    Link to this

Add a Comment
You must sign in or register as a ScientificAmerican.com member to submit a comment.

More from Scientific American

Scientific American Holiday Sale

Black Friday/Cyber Monday Blow-Out Sale

Enter code:
HOLIDAY 2014
at checkout

Get 20% off now! >

X

Email this Article

X