"Gestures, in love, are incomparably more attractive, effective and valuable than words." -- Francois Rabelais
People are in love with smart phones. The relationship with a smart phone is a personal affair as these devices carry a lot of personal information and beyond. The protection of data in such devices becomes vital and a need for a robust security mechanism is more critical than ever. The challenge and response authentication pattern used today to unlock devices is older than a Sony Walkman or the more modern system of the connect-the-dot grid authentication exercises to be observed and reproduced by “shoulder surfers” spying on users to gain unauthorized access. Besides, usage of bio-metrics is still being debated. Lawmakers and some privacy advocates have raised concerns over this highly sensitive data. For example, fingerprints are public and permanent, and if hackers get a hold of your thumbprint, they could use it to identify and impersonate you for the rest of your life. Such concerns bring us to the need of the hour - exploring alternative security schema for smart phone authentication. “Gestures” could be the answer. A gesture can be defined as a movement or position of the hand. Gestures are an integral part of gaming consoles like the Nintendo Wii or Microsoft XBox Kinect.
Researchers from Rutgers, along with partners from the Max-Planck Institute for Informatics and the University of Helsinki, examined how free-form gestures like sweeping fingers in shapes across the screen of a smart phone or tablet can be used to unlock phones and grant access to apps. These gestures are less likely to be compromised than the traditional typed passwords or newer “connect-the-dots” grid. The researchers published their findings in a paper entitled User-Generated Free-Form Gestures for Authentication: Security and Memorability. Some of the findings are very promising: participants were asked to generate free-form gestures, and repeated the patterns again with intervals in between. It was found that 55% of the participants decided to generate one-finger gestures, while the rest generated multi-finger gestures. The study also found a higher average of mutual information one-finger gestures, while gestures with many hard angles and turns had the highest mutual information. The best-remembered gestures included signatures and simple angular shapes. A multi-touch recognizer was also tested to evaluate the practicality of free-form gestures in a real authentication system and how they perform against shoulder surfing attacks. The Rutgers paper concluded with strategies for generating secure and memorable free-form gestures, which present a robust method for mobile authentication.
It will be interesting to see how the mobile manufactures/OS evolve to provide ways to capture gestures, and offer a persistent schema around them. At this time a very interesting idea comes to my mind, if you could recollect Star Trek where the officer ranks have different set of gestures to identify their roles in the "Enterprise." Using a personal and an “organizational” gesture combination, a person’s role in a "corporate" enterprise could be identified for authorization/authentication. To conclude, even when the challenge and response are outdated and the bio-metrics raise privacy concerns, people’s love affair with their smart phone continues. Gestures, in love, are incomparably more attractive, effective and valuable than words.
Post Date: 21/10/2014