11th International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services

Research Article

The Use of Pseudo Pressure in Authenticating Smartphone Users

Download556 downloads
  • @INPROCEEDINGS{10.4108/icst.mobiquitous.2014.257919,
        author={Ahmed Arif and Ali Mazalek and Wolfgang Stuerzlinger},
        title={The Use of Pseudo Pressure in Authenticating Smartphone Users},
        proceedings={11th International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services},
        publisher={ICST},
        proceedings_a={MOBIQUITOUS},
        year={2014},
        month={11},
        keywords={user authentication digit-lock touchscreen smartphones mobile security mobile phones pressure pseudo pressure password pin force},
        doi={10.4108/icst.mobiquitous.2014.257919}
    }
    
  • Ahmed Arif
    Ali Mazalek
    Wolfgang Stuerzlinger
    Year: 2014
    The Use of Pseudo Pressure in Authenticating Smartphone Users
    MOBIQUITOUS
    ICST
    DOI: 10.4108/icst.mobiquitous.2014.257919
Ahmed Arif1,*, Ali Mazalek1, Wolfgang Stuerzlinger2
  • 1: Ryerson University
  • 2: Simon Fraser University
*Contact email: asarif@ryerson.ca

Abstract

In this article, we present a new user authentication technique for touchscreen-based smartphone users that augments pseudo touch pressure as an extra security measure to the conventional digit-lock technique. The new technique enhances security by offering more unique password combinations than the most popular ones, by making each password specific to its owner, and by reducing the threat of smudge attacks. A study comparing the new technique with the digit-lock technique showed that overall it is slower and more error-prone, but performs substantially better in short term. Also, most users felt more secure using it and wanted to use it dominantly on their smartphones. A second study confirmed that it does enhance security by making it relatively more resistant to smudge at-tacks and less vulnerable to situations where attackers are already in possession of users’ passwords.