DRAW-A-PIN: Authentication using finger-drawn PIN on touch devices

Toan Van Nguyen, Napa Sae-Bae, Nasir Memon

Research output: Contribution to journalArticle

Abstract

This paper presents DRAW-A-PIN, a user authentication system on a device with a touch interface that supports the use of PINs. In the proposed system, the user is asked to draw her PIN on the touch screen instead of typing it on a keypad. Consequently, DRAW-A-PIN could offer better security by utilizing drawing traits or behavioral biometrics as an additional authentication factor beyond just the secrecy of the PIN. In addition, DRAW-A-PIN inherently provides acceptability and usability by leveraging user familiarity with PINs. To evaluate the security and usability of the approach, DRAW-A-PIN was implemented on Android phones and 3203 legitimate finger-drawn PINs and 4655 forgery samples were collected through an extensive and unsupervised field experiment over 10 consecutive days. Experimental results show that DRAW-A-PIN achieves an equal error rate of 4.84% in a scenario where the attacker already knows the PIN by shoulder surfing. Finally, results from a user study based on the System Usability Scale questionnaire confirm that DRAW-A-PIN is highly usable.

Original languageEnglish (US)
Pages (from-to)115-128
Number of pages14
JournalComputers and Security
Volume66
DOIs
StatePublished - May 1 2017

Fingerprint

Authentication
Computer keyboards
Touch screens
Biometrics
secrecy
Experiments
scenario
questionnaire
experiment

Keywords

  • Behavioral biometric
  • Finger-drawn PIN
  • Gesture authentication
  • Shoulder surfing
  • Touch devices

ASJC Scopus subject areas

  • Computer Science(all)
  • Law

Cite this

DRAW-A-PIN : Authentication using finger-drawn PIN on touch devices. / Nguyen, Toan Van; Sae-Bae, Napa; Memon, Nasir.

In: Computers and Security, Vol. 66, 01.05.2017, p. 115-128.

Research output: Contribution to journalArticle

Nguyen, Toan Van ; Sae-Bae, Napa ; Memon, Nasir. / DRAW-A-PIN : Authentication using finger-drawn PIN on touch devices. In: Computers and Security. 2017 ; Vol. 66. pp. 115-128.
@article{5438fd72511d44fdbe9bb21dd2724f59,
title = "DRAW-A-PIN: Authentication using finger-drawn PIN on touch devices",
abstract = "This paper presents DRAW-A-PIN, a user authentication system on a device with a touch interface that supports the use of PINs. In the proposed system, the user is asked to draw her PIN on the touch screen instead of typing it on a keypad. Consequently, DRAW-A-PIN could offer better security by utilizing drawing traits or behavioral biometrics as an additional authentication factor beyond just the secrecy of the PIN. In addition, DRAW-A-PIN inherently provides acceptability and usability by leveraging user familiarity with PINs. To evaluate the security and usability of the approach, DRAW-A-PIN was implemented on Android phones and 3203 legitimate finger-drawn PINs and 4655 forgery samples were collected through an extensive and unsupervised field experiment over 10 consecutive days. Experimental results show that DRAW-A-PIN achieves an equal error rate of 4.84{\%} in a scenario where the attacker already knows the PIN by shoulder surfing. Finally, results from a user study based on the System Usability Scale questionnaire confirm that DRAW-A-PIN is highly usable.",
keywords = "Behavioral biometric, Finger-drawn PIN, Gesture authentication, Shoulder surfing, Touch devices",
author = "Nguyen, {Toan Van} and Napa Sae-Bae and Nasir Memon",
year = "2017",
month = "5",
day = "1",
doi = "10.1016/j.cose.2017.01.008",
language = "English (US)",
volume = "66",
pages = "115--128",
journal = "Computers and Security",
issn = "0167-4048",
publisher = "Elsevier Limited",

}

TY - JOUR

T1 - DRAW-A-PIN

T2 - Authentication using finger-drawn PIN on touch devices

AU - Nguyen, Toan Van

AU - Sae-Bae, Napa

AU - Memon, Nasir

PY - 2017/5/1

Y1 - 2017/5/1

N2 - This paper presents DRAW-A-PIN, a user authentication system on a device with a touch interface that supports the use of PINs. In the proposed system, the user is asked to draw her PIN on the touch screen instead of typing it on a keypad. Consequently, DRAW-A-PIN could offer better security by utilizing drawing traits or behavioral biometrics as an additional authentication factor beyond just the secrecy of the PIN. In addition, DRAW-A-PIN inherently provides acceptability and usability by leveraging user familiarity with PINs. To evaluate the security and usability of the approach, DRAW-A-PIN was implemented on Android phones and 3203 legitimate finger-drawn PINs and 4655 forgery samples were collected through an extensive and unsupervised field experiment over 10 consecutive days. Experimental results show that DRAW-A-PIN achieves an equal error rate of 4.84% in a scenario where the attacker already knows the PIN by shoulder surfing. Finally, results from a user study based on the System Usability Scale questionnaire confirm that DRAW-A-PIN is highly usable.

AB - This paper presents DRAW-A-PIN, a user authentication system on a device with a touch interface that supports the use of PINs. In the proposed system, the user is asked to draw her PIN on the touch screen instead of typing it on a keypad. Consequently, DRAW-A-PIN could offer better security by utilizing drawing traits or behavioral biometrics as an additional authentication factor beyond just the secrecy of the PIN. In addition, DRAW-A-PIN inherently provides acceptability and usability by leveraging user familiarity with PINs. To evaluate the security and usability of the approach, DRAW-A-PIN was implemented on Android phones and 3203 legitimate finger-drawn PINs and 4655 forgery samples were collected through an extensive and unsupervised field experiment over 10 consecutive days. Experimental results show that DRAW-A-PIN achieves an equal error rate of 4.84% in a scenario where the attacker already knows the PIN by shoulder surfing. Finally, results from a user study based on the System Usability Scale questionnaire confirm that DRAW-A-PIN is highly usable.

KW - Behavioral biometric

KW - Finger-drawn PIN

KW - Gesture authentication

KW - Shoulder surfing

KW - Touch devices

UR - http://www.scopus.com/inward/record.url?scp=85011841697&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85011841697&partnerID=8YFLogxK

U2 - 10.1016/j.cose.2017.01.008

DO - 10.1016/j.cose.2017.01.008

M3 - Article

AN - SCOPUS:85011841697

VL - 66

SP - 115

EP - 128

JO - Computers and Security

JF - Computers and Security

SN - 0167-4048

ER -