skip to main content

Search for: All records

Award ID contains: 1917537

Note: When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher. Some full text articles may not yet be available without a charge during the embargo (administrative interval).
What is a DOI Number?

Some links on this page may take you to non-federal websites. Their policies may differ from this site.

  1. Free, publicly-accessible full text available January 1, 2023
  2. Password-based mobile user authentication is vulnerable to shoulder-surfing. Despite the increasing research on user password entry behavior and mobile security, there is limited understanding of how an adversary identifies a password through shoulder-surfing during mobile authentication. This study empirically examines the behaviors and strategies of password identification through shoulder-surfing with multiple observation attempts and from different observation distances. The results of analyzing data collected from a user study reveal the strategies and dynamics of password identification behaviors. The findings have implications for enhancing users’ password security and improving the design of mobile authentication methods.
    Free, publicly-accessible full text available November 1, 2022
  3. Password-based mobile user authentication is vulnerable to a variety of security threats. Shoulder-surfing is the key to those security threats. Despite a large body of research on password security with mobile devices, existing studies have focused on shaping the security behavior of mobile users by enhancing the strengths of user passwords or by establishing secure password composition policies. There is little understanding of how an attacker actually goes about observing the password of a target user. This study empirically examines attackers’ behaviors in observing passwordbased mobile user authentication sessions across the three observation attempts. It collects data through a longitudinalmore »user study and analyzes the data collected through a system log. The results reveal several behavioral patterns of attackers. The findings suggest that attackers are strategic in deploying attacks of shoulder-surfing. The findings have implications for enhancing users’ password security and refining organizations’ password composition policies.« less
  4. Mobile user authentication (MUA) has become a gatekeeper for securing a wealth of personal and sensitive information residing on mobile devices. Keystrokes and touch gestures are two types of touch behaviors. It is not uncommon for a mobile user to make multiple MUA attempts. Nevertheless, there is a lack of an empirical comparison of different types of touch dynamics based MUA methods across different attempts. In view of the richness of touch dynamics, a large number of features have been extracted from it to build MUA models. However, there is little understanding of what features are important for the performancemore »of such MUA models. Further, the training sample size of template generation is critical for real-world application of MUA models, but there is a lack of such information about touch gesture based methods. This study is aimed to address the above research limitations by conducting experiments using two MUA prototypes. Their empirical results can not only serve as a guide for the design of touch dynamics based MUA methods but also offer suggestions for improving the performance of MUA models.« less
  5. Despite that tremendous progress has been made in mobile user authentication (MUA) in recent years, continuous mobile user authentication (CMUA), in which authentication is performed continuously after initial login, remains under studied. In addition, although one-handed interaction with a mobile device becomes increasingly common, one-handed CMUA has never been investigated in the literature. There is a lack of investigation of the CMUA performance between one-handed and two-handed interactions. To fill the literature gap, we developed a new CMUA method based on touch dynamics of thumb scrolling on the touchscreen of a mobile device. We developed a mobile app of themore »proposed CMUA method and evaluated its effectiveness with data collected from a user study. The findings have implications for the design of effective CMUA using touch dynamics and for improvement of accessibility and usability of MUA mechanisms.« less
  6. As it becomes commonplace to use mobile devices to store personal and sensitive data, mobile user authentication (MUA) methods have witnessed significant advancement to improve data and device security. On the other hand, traditional MUA methods such as password (or passcode) are still being widely deployed. Despite the growing body of knowledge on technical strengths and security vulnerabilities of various MUA methods, the perception of mobile users may be different, which can play a decisive role in MUA adoption. Additionally, user preferences for MUA methods may be subject to the influence of their demographic factors and device types. Furthermore, themore »pervasive use of mobile devices has generated many situations that create new usability and security needs of MUA methods such as support of one-handed and/or sight-free interaction. This study investigates user perception and situational needs of MUA methods using a survey questionnaire. The research findings can guide the design and selection of MUA methods.« less