Abstract
This paper presents DRAW-A-PIN, a user authentication system on a device with a touch interface that supports the use of PINs. In the proposed system, the user is asked to draw her PIN on the touch screen instead of typing it on a keypad. Consequently, DRAW-A-PIN could offer better security by utilizing drawing traits or behavioral biometrics as an additional authentication factor beyond just the secrecy of the PIN. In addition, DRAW-A-PIN inherently provides acceptability and usability by leveraging user familiarity with PINs. To evaluate the security and usability of the approach, DRAW-A-PIN was implemented on Android phones and 3203 legitimate finger-drawn PINs and 4655 forgery samples were collected through an extensive and unsupervised field experiment over 10 consecutive days. Experimental results show that DRAW-A-PIN achieves an equal error rate of 4.84% in a scenario where the attacker already knows the PIN by shoulder surfing. Finally, results from a user study based on the System Usability Scale questionnaire confirm that DRAW-A-PIN is highly usable.
Original language | English (US) |
---|---|
Pages (from-to) | 115-128 |
Number of pages | 14 |
Journal | Computers and Security |
Volume | 66 |
DOIs | |
State | Published - May 1 2017 |
Keywords
- Behavioral biometric
- Finger-drawn PIN
- Gesture authentication
- Shoulder surfing
- Touch devices
ASJC Scopus subject areas
- General Computer Science
- Law