Ravi Kuber scite author profile

Android's graphical authentication mechanism requires users to unlock their devices by "drawing" a pattern that connects a sequence of contact points arranged in a 3x3 grid. Prior studies demonstrated that human-generated 3x3 patterns are weak (CCS'13); large portions can be trivially guessed with sufficient training. An obvious solution would be to increase the grid size to increase the complexity of chosen patterns. In this paper we ask the question: Does increasing the grid size increase the security of human-generated patterns? We conducted two large studies to answer this question, and our analysis shows that for both 3x3 and 4x4 patterns, there is a high incidence of repeated patterns and symmetric pairs (patterns that derive from others based on a sequence of flips and rotations), and many 4x4 patterns are expanded versions of 3x3 patterns. Leveraging this information, we developed an advanced guessing algorithm and used it to quantified the strength of the patterns using the partial guessing entropy. We find that guessing the first 20% (G0.2) of patterns for both 3x3 and 4x4 can be done as efficiently as guessing a random 2-digit PIN. While guessing larger portions of 4x4 patterns (G0.5) requires 2-bits more entropy than guessing the same ratio of 3x3 patterns, it remains on the order of cracking random 3-digit PINs. Of the patterns tested, our guessing algorithm successful cracks 15% of 3x3 patterns within 20 guesses (a typical phone lockout) and 19% of 4x4 patterns within 20 guesses; however, after 50,000 guesses, we correctly guess 95.9% of 3x3 patterns but only 66.7% of 4x4 patterns. While there may be some benefit to expanding the grid size to 4x4, we argue the majority of patterns chosen by users will remain trivially guessable and insecure against broad guessing attacks. Publication rights licensed to ACM. ACM acknowledges that this contribution was authored or co-authored by an employee, contractor or affiliate of the United States government. As such, the Government retains a nonexclusive, royalty-free right to publish or reproduce this article, or to allow others to do so, for Government purposes only.

show abstract

Towards Baselines for Shoulder Surfing on Mobile Authentication

Aviv

Davin

Wolf

et al. 2017

View full text Add to dashboard Cite

Given the nature of mobile devices and unlock procedures, unlock authentication is a prime target for credential leaking via shoulder sur ng, a form of an observation a ack. While the research community has investigated solutions to minimize or prevent the threat of shoulder sur ng, our understanding of how the a ack performs on current systems is less well studied. In this paper, we describe a large online experiment (n = 1173) that works towards establishing a baseline of shoulder sur ng vulnerability for current unlock authentication systems. Using controlled video recordings of a victim entering in a set of 4-and 6-length PINs and Android unlock pa erns on di erent phones from di erent angles, we asked participants to act as a ackers, trying to determine the authentication input based on the observation. We nd that 6-digit PINs are the most elusive a acking surface where a single observation leads to just 10.8% successful a acks (26.5% with multiple observations). As a comparison, 6-length Android pa erns, with one observation, were found to have an a ack rate of 64.2% (79.9% with multiple observations). Removing feedback lines for pa erns improves security to 35.3% (52.1% with multiple observations). is evidence, as well as other results related to hand position, phone size, and observation angle, suggests the best and worst case scenarios related to shoulder sur ng vulnerability which can both help inform users to improve their security choices, as well as establish baselines for researchers. CCS CONCEPTS•Security and privacy → Graphical / visual passwords; Social aspects of security and privacy;

show abstract

"Siri Talks at You"

2018

View full text Add to dashboard Cite

An empirical investigation into the difficulties experienced by visually impaired Internet users

Murphy

Kuber

McAllister

et al. 2007

Univ Access Inf Soc

View full text Add to dashboard Cite

In this paper, an empirical based study is described which has been conducted to gain a deeper understanding of the challenges faced by the visually impaired community when accessing the Web. The study, involving 30 blind and partially sighted computer users, has identified navigation strategies, perceptions of page layout and graphics using assistive devices such as screen readers. Analysis of the data has revealed that current assistive technologies impose navigational constraints and provide limited information on web page layout. Conveying additional spatial information could enhance the exploration process for visually impaired Internet users. It could also assist the process of collaboration between blind and sighted users when performing web-based tasks. The findings from the survey have informed the development of a non-visual interface, which uses the benefits of multimodal technologies to present spatial and navigational cues to the user.

show abstract

Towards developing assistive haptic feedback for visually impaired internet users

Kuber

McAllister

2007

View full text Add to dashboard Cite

Haptic technologies are thought to have the potential to help blind individuals overcome the challenges experienced when accessing the Web. This paper proposes a structured participatory-based approach for developing targeted haptic sensations for purposes of web page exploration, and reports preliminary results showing how HTML elements can be represented through the use of force-feedback. Findings are then compared with mappings from previous studies, demonstrating the need for providing tailored haptic sensations for blind Internet users. This research aims to culminate in a framework, encompassing a vocabulary of haptic sensations with accompanying recommendations for designers to reference when developing inclusive web solutions.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Ravi Kuber

Is Bigger Better? Comparing User-Generated Passwords on 3x3 vs. 4x4 Grid Sizes for Android's Pattern Unlock

Towards Baselines for Shoulder Surfing on Mobile Authentication

"Siri Talks at You"

An empirical investigation into the difficulties experienced by visually impaired Internet users

Towards developing assistive haptic feedback for visually impaired internet users

Contact Info

Product

Resources

About