A User Authentication Method for Smartphones Having the Tolerance to Smudge Attacks

Abstract

Smartphone users browse and download confidential document files routinely. Therefore, the higher security level is needed for smartphones than conventional mobile phones. For Android smartphones, there exist three authentication methods; the PIN authentication method, the password authentication method, and the pattern authentication method. In the pattern authentication method, to release the lock of smartphones users trace four or more of nine points appeared on the screen in the predetermined order. Therefore, the pattern authentication method can be considered as taking advantage of characteristics of a touch screen. However, there exists an attack for it called the smudge attack that is a way of attacking that attackers guess the authentication pattern from the smudge on the screen. Then, in this study, we propose a user authentication method for smartphones having the tolerance to smudge attacks. In the proposed method, users can release the lock of smartphones by selecting the pass-image from a number of images and flicking it. The method has also the tolerance to observation attacks and so on because the latest image shot by the user oneself is used as the pass-image, that is, the pass-image is updated at each time of taking pictures.