Overview
Smartphones provide access to increasing amounts of personal and sensitive information, yet are often only secured using methods that are prone to observational attacks. In a paper at the 2021 ACM International Conference on Multimodal Interaction, we present HapticLock, a novel haptic-only authentication method for mobile devices that uses non-visual interaction modalities for discreet PIN entry that is difficult to attack by shoulder surfing.
We evaluated HapticLock in two studies. First, a usability experiment (N=20) finds that HapticLock enables effective PIN entry in secure conditions: e.g., in 23.5s with 98.3% success rate for a four-digit PIN entered from a random start digit. Second, a shoulder surfing experiment (N=15) finds that HapticLock is highly resistant to observational attacks. Even when interaction is highly visible, attackers need to guess the first digit when PIN entry begins with a random number, yielding a very low success rate for shoulder surfing. Furthermore, a device can be hidden from view during authentication.
Our use of haptic interaction modalities gives privacy-conscious mobile device users a usable and secure authentication alternative for sensitive situations. HapticLock is slower than normal PIN entry via touchscreen keyboard, which makes it unsuitable for high frequency usage (e.g., each time a smartphone needs unlocked). Our intention was to explore a secure alternative for privacy-conscious users who are accessing sensitive information, for infrequent but high-risk transactions, or authenticating in the presence of others. The benefits of eyes-free PIN entry are a worthy trade-off in such scenarios.
This work is described in a full paper at the 2021 ACM International Conference on Multimodal Interaction. This project was carried out by Gloria, one of my undergraduate students in the 2020-2021 academic year.
HapticLock: Eyes-Free Authentication for Mobile Devices
G. Dhandapani, J. Ferguson, and E. Freeman.
In Proceedings of 23rd ACM International Conference on Multimodal Interaction – ICMI ’21, 195-202. 2021.
@inproceedings{ICMI2021HapticLock,
author = {Dhandapani, Gloria and Ferguson, Jamie and Freeman, Euan},
booktitle = {{Proceedings of 23rd ACM International Conference on Multimodal Interaction - ICMI '21}},
title = {{HapticLock: Eyes-Free Authentication for Mobile Devices}},
year = {2021},
publisher = {ACM},
pages = {195--202},
doi = {10.1145/3462244.3481001},
url = {http://euanfreeman.co.uk/hapticlock-eyes-free-authentication-for-mobile-devices/},
pdf = {http://research.euanfreeman.co.uk/papers/ICMI_2021_HapticLock.pdf},
}