[1]郭亚军,张蕾.一种用户模式驱动的安卓图形口令强度计[J].徐州工程学院学报(自然科学版),2020,(03):11-24.
 GUO Yajun,ZHANG Lei.A User|pattern|driven Android Graphical Password Strength Meter[J].Journal of Xuzhou Institute of Technology(Natural Sciences Edition),2020,(03):11-24.
点击复制

一种用户模式驱动的安卓图形口令强度计()
分享到:

《徐州工程学院学报》(自然科学版)[ISSN:1674-358X/CN:32-1789/N]

卷:
期数:
2020年03期
页码:
11-24
栏目:
教授论坛
出版日期:
2020-09-30

文章信息/Info

Title:
A User|pattern|driven Android Graphical Password Strength Meter
文章编号:
1674-358X(2020)03-0011-14
作者:
郭亚军张蕾
(华中师范大学 计算机学院,湖北 武汉430079)
Author(s):
GUO YajunZHANG Lei
(School of Computer,Central China Normal University,Wuhan 430079,China)
关键词:
安卓图形解锁模式 安全性 口令强度计
Keywords:
Android graphical unlock pattern security password strength meter
分类号:
TP309
文献标志码:
A
摘要:
为了鼓励用户选择更强的安卓图形口令,设计了一个用户模式驱动的安卓图形口令强度计; 在视觉特征的基础上,添加了常用特殊字符形状和常用三元组子模式2个特征,共同计算口令的强度得分; 同时,进行了在线调查,收集了102个用户创建的安卓图形口令,评估强度计的有效性; 通过与其他强度计方法进行对比,建立了马尔可夫模型并度量了部分猜测熵指标.研究结果表明在强度计的帮助下用户可以创建安全性更强的口令.该强度计有效地增强了安卓图形解锁模式的安全性,并且用户创建的口令特征也发生了明显的变化.
Abstract:
An Android graphical password strength meter was designed in this paper to encourage users to choose stronger passwords.Based on the visual characteristics,two features of common special character shapes and common triples sub|modes were added to evaluate the strength score of the password.At the same time,an online survey was conducted to collect the Android graphical passwords created by 102 users to evaluate the effectiveness of the strength meter.By comparing with other strength meter methods,a Markov model was established and partial guessing entropy index was measured.The results show that users can create stronger passwords with the support of strength meter which effectively enhances the security of the Android graphical unlock pattern.The password features created by users have also changed significantly.

参考文献/References:

[1] KRUPP A,RATHGEB C,BUSCH C.Social acceptance of biometric technologies in Germany:A survey[EB/OL].(2013|10|03)[2018|06|11].https://ieeexplore.ieee.org/docu|ment/6617157.
[2] ALI M M H,MAHALE V H,YANNAWAR P,et al.Overview of fingerprint recognition system[EB/OL].(2016|11|24)[2018|07|21].https://ieeexplore.ieee.org/document/7754900.
[3] VAZQUEZ|FERNANDEZ E,GONZALEZ|JIMENEZ D,et al.Face recognition for authentication on mobile devices[J].Image and Vision Computing,2016,55:31|33.
[4] DE LUCA A,HANG A,ZEZSCHWITZ E V,et al.I feel like I'm taking selfies all day!:Towards understanding biometric authentication on smartphones[C].New York:Association for Computing Machinery,2015:1411|1414.
[5] COVENTRY L,DE A A,JOHNSON G,et al.Usability and biometric verification at the ATM interface[C].New York:Association for Computing Machinery,2003:153|160.
[6] PATEL V M,RATHA N K,CHELLAPPA R.Cancelable biometrics:A review[J].Signal Processing Magazine,2015,32(5):54|65.
[7] YE B,GUO Y,ZHANG L,et al.An empirical study of mnemonic password creation tips[J].Computers & Security,2019,85:41|50.
[8] GUO Y,ZHANG Z,GUO Y.Optiwords:A new password policy for creating memorable and strong passwords[J].Computers & Security,2019,85:423|435.
[9] 郭亚军,叶贝,周伟.不同口令组成策略下用户真实口令的安全性分析[J].信息网络安全,2019(6):37|44.)
[10] TAO H,ADAMS C.Pass|Go:A proposal to improve the usability of graphical passwords[J].International Journal of Network Security,2008,7(2):273|292.
[11] DE L A,ZEZSCHWITZ E V,DUNPHY P,LUCA A D.Patterns in the wild:a field study of the usability of pattern and pin|based authentication on mobile devices[C].New York:Association for Computing Machinery,2013:261|270.
[12] EGELMAN S,JAIN S,PORTNOFF R S,et al.Are you ready to lock?[C].New York:Association for Computing Machinery,2014:750|761.
[13] BOTELHO B A P,NAKAMURA E T,UTO N.Implementation of tools for brute forcing touch inputted passwords[EB/OL].(2013|03|11)[2019|05|16].https://ieeexplore.ieee.org/document/6470821.
[14] AVIV A J,GIBSON K,MOSSOP E.Smudge attacks on smartphone touch screens[J].Woot,2010,10:1|7.
[15] CHA S,KWAG S,KIM H,et al.Boosting the guessing attack performance on android lock patterns with smudge attacks[C].New York:Association for Computing Machinery,2017:313|326.
[16] TARI F,OZOK A A,HOLDEN S H,et al.A comparison of perceived and real shoulder|surfing risks between alphanumeric and graphical passwords[C].New York:Association for Computing Machinery,2006:56|66.
[17] SUN H M,CHEN S T,YEH J H,et al.A shoulder surfing resistant graphical authentication system[J].IEEE Transactions on Dependable and Secure Computing,2016,15(2):180|193.
[18] ZAKARIA N H,GRIFFITHS D,BROSTOFF S,et al.Shoulder surfing defence for recall|based graphical passwords[C].New York:Association for Computing Machinery,2011:1|12.
[19] AVIV A J,DAVIN J T,WOLF F,et al.Towards baselines for shoulder surfing on mobile authentication[C].New York:Association for Computing Machinery,2017:486|498.
[20] AVIV A J,SAPP B,BLAZE M,et al.Practicality of accelerometer side channels on smartphones[C].New York:Association for Computing Machinery,2012:41|50.
[21] CHENG P,BAGCI I E,ROEDIG U,et al.SonarSnoop:Active acoustic side|channel attacks[J].International Journal of Information Security,2019(1):1|16.
[22] UELLENBECK S,DÜRMUTH M,WOLF C,et al.Quantifying the security of graphical passwords:The case of Android unlock patterns[C].New York:Association for Computing Machinery,2013:161|172.
[23] AVIV A J,BUDZITOWSKI D,KUBER R.Is bigger better? Comparing user|generated passwords on 3×3 vs.4×4 grid sizes for Android's pattern unlock[C].New York:Association for Computing Machinery,2015:301|310.
[24] GUO Y,ZHANG Z.LPSE:lightweight password|strength estimation for password meters[J].Computers & Security,2018,73:507|518.
[25] UR B,KELLY P G,KOMANDURI S,et al.How does your password measure up?The effect of strength meters on password creation[C].Bellevue:USENIX Association,2012:65|80.
[26] OLAGUNJU A.Does my password go up to eleven?:The impact of password meters on password selection[J].Computing Reviews,2014,55(6):363|363.
[27] ANDRIOTIS P,TRYFONAS T,OIKONOMOU G.Complexity metrics and user strength perceptions of the pattern|lock graphical authentication method[EB/OL].[JP](2014|06|22)[2019|10|23].http://dx.doi.org/10.1007/978|3|319|07620|1_11.
[28] SUN C,WANG Y,ZHENG J.Dissecting pattern unlock:The effect of pattern strength meter on pattern selection[J].Information Security Technical Report,2014,19(4/5):308|320.
[29] SONG Y,CHO G,OH S,et al.On the effectiveness of pattern lock strength meters:Measuring the strength of real world pattern locks[C].New York:Association for Computing Machinery,2015:2343|2352.
[30] ZEZSCHWITZ E V,ELBAND M,BUSCHEK D,et al.On quantifying the effective password space of grid|based unlock gestures[C].New York:Association for Computing Machinery,2016:201|212.
[31] VON ZEZSCHWITZ E,DUNPHY P,DE LUCA A.Patterns in the wild:a field study of the usability of pattern and pin|based authentication on mobile devices[C].New York:Association for Computing Machinery,2013:261|270.
[32] STANDING L,CONEZIO J,HABER R N.Perception and memory for pictures:Single|trial learning of 2500 visual stimuli[J].Psychonomic Science,1970,19(2):73|74.
[33] WEISS R,DE LUCA A.PassShapes:utilizing stroke based authentication to increase password memorability[C].New York:Association for Computing Machinery,2008:383|392.
[34] CHO G,HUH J H,CHO J,et al.Syspal:System|guided pattern locks for Android[EB/OL].(2017|06|26)[2019|06|25].https://ieeexplore.ieee.org/document/7958586.
[35] DE CARNÉ DE CARNAVALET X,MANNAN M.From very weak to very strong:Analyzing password|strength meters[EB/OL].(2014|01|06)[2018|11|09].https://spectrum.library.concordia.ca/978105.
[36] BONNEAU J.Guessing human|chosen secrets[D].Cambridge:University of Cambridge,2012.
[37] MA J,YANG W,LUO M,et al.A study of probabilistic password models[EB/OL].(2014|11|20)[2020|02|11].https://ieeexplore.ieee.org/document/6956595.
[38] MASSEY J.Guessing and entropy[EB/OL].(2002|08|06)[2017|10|06].https://ieeexplore.ieee.org/document/394764.[JP]
[39] BONNEAU J.The science of guessing:Analyzing an anonymized corpus of 70 million passwords[EB/OL].(2012|07|09)[2017|10|25].https://ieeexplore.ieee.org/document/6234435.

备注/Memo

备注/Memo:
收稿日期:2020-04-30
基金项目:国家自然科学基金项目(61772224); 中央高校基本科研业务费资助项目(CCNU19ZN008)
作者简介:(郭亚军(1965-),男,教授,博士,硕士生导师,主要从事信息安全研究.张蕾(1995-),女,硕士研究生,主要从事信息安全研究.)
更新日期/Last Update: 2020-09-30