SWIPASS: An Image-Based User Authentication on Touch Screen Devices

Abstract

Users of smartphones and/or tablet computers browse and download confidential document files routinely. Therefore, the higher security level is needed for smartphones and tablet computers than conventional mobile phones (feature phones). From this kind of background, Takahashi and Uchida proposed an image-based user authentication method for touch screen devices by using the latest image shot by user oneself as the pass-image. The authentication method proposed by Takahashi and Uchida has resistance to smudge attacks, one of the most serious threats for touch screen devices. However, the volume of the password space of their method is smaller than the one of 4 digit PIN codes. Therefore, in this paper, we propose SWIPASS, an image-based user authentication method for touch screen devices that has both resistance to smudge attacks and high security strength, by improving the method proposed by Takahashi and Uchida. The volume of the password space of SWIPASS is 41,472. Then the security strength of SWIPASS is superior to the one of 4 digit PIN codes. Moreover, we conduct several experiments assuming shoulder surfing attacks to evaluate the resistance against shoulder surfing attacks.