DRAW-A-PIN

Authentication using finger-drawn PIN on touch devices

Toan Van Nguyen, Napa Sae-Bae, Nasir Memon

    Research output: Contribution to journalArticle

    Abstract

    This paper presents DRAW-A-PIN, a user authentication system on a device with a touch interface that supports the use of PINs. In the proposed system, the user is asked to draw her PIN on the touch screen instead of typing it on a keypad. Consequently, DRAW-A-PIN could offer better security by utilizing drawing traits or behavioral biometrics as an additional authentication factor beyond just the secrecy of the PIN. In addition, DRAW-A-PIN inherently provides acceptability and usability by leveraging user familiarity with PINs. To evaluate the security and usability of the approach, DRAW-A-PIN was implemented on Android phones and 3203 legitimate finger-drawn PINs and 4655 forgery samples were collected through an extensive and unsupervised field experiment over 10 consecutive days. Experimental results show that DRAW-A-PIN achieves an equal error rate of 4.84% in a scenario where the attacker already knows the PIN by shoulder surfing. Finally, results from a user study based on the System Usability Scale questionnaire confirm that DRAW-A-PIN is highly usable.

    Original languageEnglish (US)
    Pages (from-to)115-128
    Number of pages14
    JournalComputers and Security
    Volume66
    DOIs
    StatePublished - May 1 2017

    Fingerprint

    Authentication
    Computer keyboards
    Touch screens
    Biometrics
    secrecy
    Experiments
    scenario
    questionnaire
    experiment

    Keywords

    • Behavioral biometric
    • Finger-drawn PIN
    • Gesture authentication
    • Shoulder surfing
    • Touch devices

    ASJC Scopus subject areas

    • Computer Science(all)
    • Law

    Cite this

    DRAW-A-PIN : Authentication using finger-drawn PIN on touch devices. / Nguyen, Toan Van; Sae-Bae, Napa; Memon, Nasir.

    In: Computers and Security, Vol. 66, 01.05.2017, p. 115-128.

    Research output: Contribution to journalArticle

    Nguyen, Toan Van ; Sae-Bae, Napa ; Memon, Nasir. / DRAW-A-PIN : Authentication using finger-drawn PIN on touch devices. In: Computers and Security. 2017 ; Vol. 66. pp. 115-128.
    @article{5438fd72511d44fdbe9bb21dd2724f59,
    title = "DRAW-A-PIN: Authentication using finger-drawn PIN on touch devices",
    abstract = "This paper presents DRAW-A-PIN, a user authentication system on a device with a touch interface that supports the use of PINs. In the proposed system, the user is asked to draw her PIN on the touch screen instead of typing it on a keypad. Consequently, DRAW-A-PIN could offer better security by utilizing drawing traits or behavioral biometrics as an additional authentication factor beyond just the secrecy of the PIN. In addition, DRAW-A-PIN inherently provides acceptability and usability by leveraging user familiarity with PINs. To evaluate the security and usability of the approach, DRAW-A-PIN was implemented on Android phones and 3203 legitimate finger-drawn PINs and 4655 forgery samples were collected through an extensive and unsupervised field experiment over 10 consecutive days. Experimental results show that DRAW-A-PIN achieves an equal error rate of 4.84{\%} in a scenario where the attacker already knows the PIN by shoulder surfing. Finally, results from a user study based on the System Usability Scale questionnaire confirm that DRAW-A-PIN is highly usable.",
    keywords = "Behavioral biometric, Finger-drawn PIN, Gesture authentication, Shoulder surfing, Touch devices",
    author = "Nguyen, {Toan Van} and Napa Sae-Bae and Nasir Memon",
    year = "2017",
    month = "5",
    day = "1",
    doi = "10.1016/j.cose.2017.01.008",
    language = "English (US)",
    volume = "66",
    pages = "115--128",
    journal = "Computers and Security",
    issn = "0167-4048",
    publisher = "Elsevier Limited",

    }

    TY - JOUR

    T1 - DRAW-A-PIN

    T2 - Authentication using finger-drawn PIN on touch devices

    AU - Nguyen, Toan Van

    AU - Sae-Bae, Napa

    AU - Memon, Nasir

    PY - 2017/5/1

    Y1 - 2017/5/1

    N2 - This paper presents DRAW-A-PIN, a user authentication system on a device with a touch interface that supports the use of PINs. In the proposed system, the user is asked to draw her PIN on the touch screen instead of typing it on a keypad. Consequently, DRAW-A-PIN could offer better security by utilizing drawing traits or behavioral biometrics as an additional authentication factor beyond just the secrecy of the PIN. In addition, DRAW-A-PIN inherently provides acceptability and usability by leveraging user familiarity with PINs. To evaluate the security and usability of the approach, DRAW-A-PIN was implemented on Android phones and 3203 legitimate finger-drawn PINs and 4655 forgery samples were collected through an extensive and unsupervised field experiment over 10 consecutive days. Experimental results show that DRAW-A-PIN achieves an equal error rate of 4.84% in a scenario where the attacker already knows the PIN by shoulder surfing. Finally, results from a user study based on the System Usability Scale questionnaire confirm that DRAW-A-PIN is highly usable.

    AB - This paper presents DRAW-A-PIN, a user authentication system on a device with a touch interface that supports the use of PINs. In the proposed system, the user is asked to draw her PIN on the touch screen instead of typing it on a keypad. Consequently, DRAW-A-PIN could offer better security by utilizing drawing traits or behavioral biometrics as an additional authentication factor beyond just the secrecy of the PIN. In addition, DRAW-A-PIN inherently provides acceptability and usability by leveraging user familiarity with PINs. To evaluate the security and usability of the approach, DRAW-A-PIN was implemented on Android phones and 3203 legitimate finger-drawn PINs and 4655 forgery samples were collected through an extensive and unsupervised field experiment over 10 consecutive days. Experimental results show that DRAW-A-PIN achieves an equal error rate of 4.84% in a scenario where the attacker already knows the PIN by shoulder surfing. Finally, results from a user study based on the System Usability Scale questionnaire confirm that DRAW-A-PIN is highly usable.

    KW - Behavioral biometric

    KW - Finger-drawn PIN

    KW - Gesture authentication

    KW - Shoulder surfing

    KW - Touch devices

    UR - http://www.scopus.com/inward/record.url?scp=85011841697&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=85011841697&partnerID=8YFLogxK

    U2 - 10.1016/j.cose.2017.01.008

    DO - 10.1016/j.cose.2017.01.008

    M3 - Article

    VL - 66

    SP - 115

    EP - 128

    JO - Computers and Security

    JF - Computers and Security

    SN - 0167-4048

    ER -