@MISC{_user-generatedfree-form, author = {}, title = {User-Generated Free-Form Gestures for Authentication: Security and Memorability}, year = {} }
Share
OpenURL
Abstract
This paper studies the security and memorability of free-form mul-titouch gestures for mobile authentication. Towards this end, we collected a dataset with a generate-test-retest paradigm where par-ticipants (N=63) generated free-form gestures, repeated them, and were later retested for memory. Half of the participants decided to generate one-finger gestures, and the other half generated multi-finger gestures. Although there has been recent work on template-based gestures, there are yet no metrics to analyze security of either template or free-form gestures. For example, entropy-based met-rics used for text-based passwords are not suitable for capturing the security and memorability of free-form gestures. Hence, we mod-ify a recently proposed metric for analyzing information capacity of continuous full-body movements for this purpose. Our metric com-puted estimated mutual information in repeated sets of gestures. Surprisingly, one-finger gestures had higher average mutual infor-mation. Gestures with many hard angles and turns had the highest mutual information. The best-remembered gestures included sig-natures and simple angular shapes. We also implemented a multi-touch recognizer to evaluate the practicality of free-form gestures in a real authentication system and how they perform against shoul-der surfing attacks. We discuss strategies for generating secure and memorable free-form gestures. We conclude that free-form ges-tures present a robust method for mobile authentication.