1 / 9

ByPass

ByPass. A platform to evaluate Android authentication techniques. Payas Gupta & Sarah Smith. ByPass Introduction. User study to examine the entropy of the traditional Android authentication system

rhona
Download Presentation

ByPass

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ByPass A platform to evaluate Android authentication techniques Payas Gupta & Sarah Smith

  2. ByPass Introduction • User study to examine the entropy of the traditional Android authentication system • Determine the security, usability, and memorability of the current grid versus more complex layouts • Develop an authentication system to have stronger and more advanced unlock patterns

  3. Experiment Goals • Security • Entropy: greater than the existing 3 x 3 grid • Hot spots: all spots are equally likely to be used • Usability • Fast and easy to use without too many mistakes • Use as the primary authentication • Memorability • Cognitive load should be minimal • Easier to remember than other authentication models

  4. Research Questions • What is the optimal grid layout? • What is a strong pattern password? • How can we nudge users into creating stronger pattern passwords?

  5. Additional Research Questions • Are there any hot spots or common patterns that impact the entropy of the system? • Is the Android pattern based authentication memorable over time? • Do the situations surrounding the lockscreenbalance the complexity of the patterns and usability? • Does complexity increase the overall security without too much additional cost? • What is the average length of the patterns? Can users be nudged to design better patterns?

  6. Current Authentication Status • PINs and text-based passwords • Impractical, difficult to enter quickly, accurately • Biometric, facial recognition, fingerprint scans • Some can be easily replicable • Simple swipe-to-unlock patterns • Vulnerable to smudge attacks

  7. Experiment Procedure • First Section: • Participants create patterns on the traditional Android 3 x 3 grid • Participants create patterns on a 3 x 3 grid with triangles pointing in different directions • Second Section: • Participants create patterns on a pentagonal grid • Participants create patterns on a pentagonal grid with triangles pointing in different directions • Participants use the ByPass authentication app for 3 weeks, logging in once daily • Two pattern password sets per section: priming in the scenarios for creating a bank password versus creating a phone-unlock password

  8. Post-Study Questions • How does the entropy change from the traditional Android authentication to the entropy from ByPass’s authentication system? • Are the projected increases in complexity resistant to potential declining usability and memorability? • How did the users perceive security in the scope of this authentication app? • Surveys administered to address the following: • Uniqueness, general security, memorability, ease of entry, length or number of connected nodes

  9. Questions?

More Related