GSTF Journal on Computing (JoC)

Mobile authentication today primarily relies on
Personal Identification Numbers (PINs). For PINs to be secure
from the majority of malicious users, it must contain a high
number of digits and be entropic. Human memory generally
struggles when it attempts to recall highly entropic numeric
codes. Gesture-based authentication using Quick Reference (QR)
codes, and internally analyzed accelerometer data from mobile
devices, allow for sustaining a more user-friendly, memorable,
and low expense alternative to PINs. This paper presents a
technique for users to capture movements of their mobile device
by analyzing the orientation of devices and the speed at which
these orientations transition via accelerometer data. These
motions are described as the user’s gesture. Gestures can be used
to identify a user, while QR codes can be used to indicate a
specific machine a user can attempt to authenticate with. A user
study was performed and showed gesture-based authentication
results in a more user preferred, entropic and memorable
authentication system in comparison to similar applications.

M. Boatwright and X. Luo, “What do we know about biometrics

authentication?” in Proceedings of the 4th Annual Conference on

Information Security Curriculum Development, ser. InfoSecCD ’07.

New York, NY, USA: ACM, 2007, pp. 31:1–31:5.

W. F. Bond and E. A. Awad, “Touch-based static authentication using a

virtual grid,” in Proceedings of the 3rd ACM Workshop on Information

Hiding and Multimedia Security, ser. IH&MMSec ’15. New York, NY,

USA: ACM, 2015, pp. 129–134.

S. Chowdhury, R. Poet, and L. Mackenzie, “Exploring the guessability

of image passwords,” in Proceedings of the 7th International Conference

on Security of Information and Networks, ser. SIN ’14. New York, NY,

USA: ACM, 2014, pp. 264:264–264:271.

R. D. Findling, M. Muaaz, D. Hintze, and R. Mayrhofer, “Shakeunlock:

Securely unlock mobile devices by shaking them together,” in

Proceedings of the 12th International Conference on Advances in

Mobile Computing and Multimedia, ser. MoMM ’14. New York, NY,

USA: ACM, 2014, pp. 165–174.

R. D. Findling and R. Mayrhofer, “Towards device-to-user

authentication: Protecting against phishing hardware by ensuring mobile

device authenticity using vibration patterns,” in Proceedings of the 14th

International Conference on Mobile and Ubiquitous Multimedia, ser.

MUM ’15. New York, NY, USA: ACM, 2015, pp. 131–135.

N. Z. Gong, M. Payer, R. Moazzezi, and M. Frank, “Forgery-resistant

touch-based authentication on mobile devices,” in Proceedings of the

th ACM on Asia Conference on Computer and Communications

Security, ser. ASIA CCS ’16. New York, NY, USA: ACM, 2016, pp.

–510.

J. Gurary, Y. Zhu, G. Corser, J. Oluoch, N. Alnahash, and H. Fu, “Maps:

A multi-dimensional password scheme for mobile authentication,” in

Proceedings of the 2015 International Conference on Interactive

Tabletops & Surfaces, ser. ITS ’15. New York, NY, USA: ACM, 2015,

pp. 409–412.

C. C. Ho, C. Eswaran, K.-W. Ng, and J.-Y. Leow, “An unobtrusive

android person verification using accelerometer based gait,” in

Proceedings of the 10th International Conference on Advances in

Mobile Computing &; Multimedia, ser. MoMM ’12. New York, NY,

USA: ACM, 2012, pp. 271–274.

S. Kentros, Y. Albayram, and A. Bamis, “Towards macroscopic human

behavior based authentication for mobile transactions,” in Proceedings

of the 2012 ACM Conference on Ubiquitous Computing, ser. UbiComp

’12. New York, NY, USA: ACM, 2012, pp. 641–642.

T. Kuribara, B. Shizuki, and J. Tanaka, “Vibrainput: Two-step pin entry

system based on vibration and visual information,” in CHI ’14 Extended

Abstracts on Human Factors in Computing Systems, ser. CHI EA ’14.

New York, NY, USA: ACM, 2014, pp. 2473–2478.

[11] J. Liu, L. Zhong, J. Wickramasuriya, and V. Vasudevan, “User

evaluation of lightweight user authentication with a single tri-axis

accelerometer,” in Proceedings of the 11th International Conference on

Human-Computer Interaction with Mobile Devices and Services, ser.

MobileHCI ’09. New York, NY, USA: ACM, 2009, pp. 15:1–15:10.

M. L. Mazurek, S. Komanduri, T. Vidas, L. Bauer, N. Christin, L. F.

Cranor, P. G. Kelley, R. Shay, and B. Ur, “Measuring password

guessability for an entire university,” in Proceedings of the 2013 ACM

SIGSAC Conference on Computer &; Communications Security, ser.

CCS ’13. New York, NY, USA: ACM, 2013, pp. 173–186.

F. Hong, M. Wei, S. You, Y. Feng, and Z. Guo, “Waving authentication:

Your smartphone authenticate you on motion gesture,” in Proceedings of

the 33rd Annual ACM Conference Extended Abstracts on Human

Factors in Computing Systems, ser. CHI EA ’15. New York, NY, USA:

ACM, 2015, pp. 263–266.

T. Morelli and E. Folmer. Twuist: A discrete tactile-proprioceptive

display for eye and ear free output on mobile devices. In Proceedings of

Haptics Symposium 2012 (HAPTICS’12), pages 443–450, Vancouver,

Canada, 2012.

M. Muaaz and R. Mayrhofer, “An analysis of different approaches to

gait recognition using cell phone based accelerometers,” in Proceedings

of International Conference on Advances in Mobile Computing &;

Multimedia, ser. MoMM ’13. New York, NY, USA: ACM, 2013, pp.

:293–293:300.

D. Schmidt and T. Jaeger, “Pitfalls in the automated strengthening of

passwords,” in Proceedings of the 29th Annual Computer Security

Applications Conference, ser. ACSAC ’13. New York, NY, USA: ACM,

, pp. 129–138.

M. Sherman, G. Clark, Y. Yang, S. Sugrim, A. Modig, J. Lindqvist, A.

Oulasvirta, and T. Roos, “User-generated free-form gestures for

authentication: Security and memorability,” in Proceedings of the 12th

Annual International Conference on Mobile Systems, Applications, and

Services, ser. MobiSys ’14. New York, NY, USA: ACM, 2014, pp. 176–

E. Stobert, “The agony of passwords: Can we learn from user coping

strategies?” in CHI ’14 Extended Abstracts on Human Factors in

Computing Systems, ser. CHI EA ’14. New York, NY, USA: ACM,

, pp. 975–980.

S. Uellenbeck, M. D¨urmuth, C. Wolf, and T. Holz, “Quantifying the

security of graphical passwords: The case of android unlock patterns,” in

Proceedings of the 2013 ACM SIGSAC Conference on Computer &;

Communications Security, ser. CCS ’13. New York, NY, USA: ACM,

, pp. 161–172.

R. Weiss and A. De Luca, “Passshapes: Utilizing stroke based

authentication to increase password memorability,” in Proceedings of

the 5th Nordic Conference on Human-computer Interaction: Building

Bridges, ser. NordiCHI ’08. New York, NY, USA: ACM, 2008, pp.

– 392.

A. W´ojtowicz and K. Joachimiak, “Model for adaptable context-based

biometric authentication for mobile devices,” Personal Ubiquitous

Comput., vol. 20, no. 2, pp. 195–207, Apr. 2016.

Y. Yang, G. D. Clark, J. Lindqvist, and A. Oulasvirta, “Free-form

gesture authentication in the wild,” in Proceedings of the 2016 CHI

Conference on Human Factors in Computing Systems, ser. CHI ’16.

New York, NY, USA: ACM, 2016, pp. 3722–3735.