Improving the Security of Android Unlock Patterns Using New Iterations of the Standard Pattern Lock

Abstract

Android mobile devices use a unique method of authentication in the form of a single-stroke graphical pattern on a 3x3 grid that a user is required to create and recall. In this research project, we are going to explore improved iterations of this Android Pattern Lock in the pursuit of guiding users towards creating more secure patterns. Within the past five years, Mobile Authentication methods have continually progressed towards creating a more secure means to safeguard a mobile device. Such methods now include biometric identification, system assisted password guidance via blacklists, and longer minimum passcode lengths. While many methods have progressed, the standard authentication interface for Android devices remains similar in comparison to its initial model. In this work, we sought to explore the effects of changing the existing Android pattern lock interface to an interface we deemed the Double Pattern. We examined the methodologies by which users chose their Double Patterns using our new interface, specifically metrics related to the complexity of the patterns created, pattern frequency within each treatment population, usability aspects of the interface itself, security strength of our interface, and perceived security strength related to existing authentication methods. Ultimately, we found that our Double Pattern had a significant increase in security related to lower partial guessing entropy and lower susceptibility to simulated guessing attacks, due to the low occurrence rate of each Double Pattern. Equally important, participants perceived the Double Pattern as a more secure interface than the original interface, specifically within our users who previously utilized Android unlock patterns. We are confident based on these results that the Double Pattern could be feasibly implemented as a progression of the original Android unlock pattern interface.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jul 06, 2020
Accession Number
AD1136700

Entities

People

  • Timothy J. Forman

Organizations

  • United States Naval Academy

Tags

Communities of Interest

  • Cyber
  • Energy and Power Technologies

DTIC Thesaurus Topics

  • Abstracts
  • Authentication
  • Biometric Security
  • Biometrics
  • Computer Programs
  • Computers
  • Computing Devices
  • Data Analysis
  • Data Sets
  • Identification
  • Information Systems
  • Military Education
  • Mobile Computing
  • Mobile Devices
  • Mobile Operating Systems
  • Mobile Phones
  • Operating Systems
  • Pilot Studies
  • Security
  • Smartphones
  • Standards
  • Surveys
  • United States
  • United States Naval Academy
  • User Interface

Fields of Study

  • Computer science

Readers

  • Applied Combinatorial Optimization and Logic Circuit Design.
  • Cybersecurity.
  • Systems Analysis and Design