Bu-Dash: A Universal and Dynamic Graphical Password Scheme

Panagiotis Andriotis; Myles Kirby; Atsuhiro Takasu

doi:10.1007/978-3-031-05563-8_14

Bu-Dash: A Universal and Dynamic Graphical Password Scheme

Panagiotis Andriotis^*, Myles Kirby, Atsuhiro Takasu

^*Corresponding author for this work

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Biometric authentication gradually replaces knowledge-based methods on mobile devices. However, Personal Identification Numbers, passcodes, and graphical password schemes such as the Android Pattern Unlock (APU) are often the primary means for authentication, or they constitute an auxiliary (or backup) method to be used in case biometrics fail. Passcodes need to be memorable to be usable, hence users tend to choose easy to guess passwords, compromising security. The APU is a great example of a popular and usable graphical password scheme which can be easily compromised, by exploiting common and predominant human behavioristic traits. Despite its vulnerabilities, the scheme’s popularity has led researchers to propose adjustments and variations that enhance security but maintain its familiar user interface. Nevertheless, prior work demonstrated that improving security while preserving usability remains frequently a hard task. In this paper we propose a novel graphical password scheme built on the foundations of the well-accepted APU method, which is usable, inclusive, universal, and robust against shoulder surfing and smudge attacks. Our scheme, named Bu-Dash, features a dynamic user interface that mutates every time a user swipes the screen. Our pilot studies illustrate that Bu-Dash attracts positive user acceptance rates and maintains acceptable usability levels.

Original language	English
Title of host publication	HCI for Cybersecurity, Privacy and Trust
Subtitle of host publication	4th International Conference, HCI-CPT 2022, Held as Part of the 24th HCI International Conference, HCII 2022, Proceedings
Editors	Abbas Moallem
Publisher	Springer
Pages	209-227
Number of pages	19
ISBN (Electronic)	9783031055638
ISBN (Print)	9783031055621
DOIs	https://doi.org/10.1007/978-3-031-05563-8_14
Publication status	Published - 16 Jun 2022

Publication series

Name	Lecture Notes in Computer Science
Volume	13333
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Bibliographical note

Funding Information:
Dr Panagiotis Andriotis was an International Research Fellow of Japan Society for the Promotion of Science (Postdoctoral Fellowships for Research in Japan (Standard)) when this paper was published.

Publisher Copyright:
© 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.

Keywords

Android pattern
Shoulder surfing
Smudge attacks
User authentication

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/978-3-031-05563-8_14

Cite this

Andriotis, P., Kirby, M., & Takasu, A. (2022). Bu-Dash: A Universal and Dynamic Graphical Password Scheme. In A. Moallem (Ed.), HCI for Cybersecurity, Privacy and Trust : 4th International Conference, HCI-CPT 2022, Held as Part of the 24th HCI International Conference, HCII 2022, Proceedings (pp. 209-227). (Lecture Notes in Computer Science; Vol. 13333). Springer. https://doi.org/10.1007/978-3-031-05563-8_14

Andriotis, Panagiotis ; Kirby, Myles ; Takasu, Atsuhiro. / Bu-Dash : A Universal and Dynamic Graphical Password Scheme. HCI for Cybersecurity, Privacy and Trust : 4th International Conference, HCI-CPT 2022, Held as Part of the 24th HCI International Conference, HCII 2022, Proceedings. editor / Abbas Moallem. Springer, 2022. pp. 209-227 (Lecture Notes in Computer Science).

@inproceedings{2344e4ce881a471bb7bc2dd7e616b264,

title = "Bu-Dash: A Universal and Dynamic Graphical Password Scheme",

abstract = "Biometric authentication gradually replaces knowledge-based methods on mobile devices. However, Personal Identification Numbers, passcodes, and graphical password schemes such as the Android Pattern Unlock (APU) are often the primary means for authentication, or they constitute an auxiliary (or backup) method to be used in case biometrics fail. Passcodes need to be memorable to be usable, hence users tend to choose easy to guess passwords, compromising security. The APU is a great example of a popular and usable graphical password scheme which can be easily compromised, by exploiting common and predominant human behavioristic traits. Despite its vulnerabilities, the scheme{\textquoteright}s popularity has led researchers to propose adjustments and variations that enhance security but maintain its familiar user interface. Nevertheless, prior work demonstrated that improving security while preserving usability remains frequently a hard task. In this paper we propose a novel graphical password scheme built on the foundations of the well-accepted APU method, which is usable, inclusive, universal, and robust against shoulder surfing and smudge attacks. Our scheme, named Bu-Dash, features a dynamic user interface that mutates every time a user swipes the screen. Our pilot studies illustrate that Bu-Dash attracts positive user acceptance rates and maintains acceptable usability levels.",

keywords = "Android pattern, Shoulder surfing, Smudge attacks, User authentication",

author = "Panagiotis Andriotis and Myles Kirby and Atsuhiro Takasu",

note = "Funding Information: Dr Panagiotis Andriotis was an International Research Fellow of Japan Society for the Promotion of Science (Postdoctoral Fellowships for Research in Japan (Standard)) when this paper was published. Publisher Copyright: {\textcopyright} 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.",

year = "2022",

month = jun,

day = "16",

doi = "10.1007/978-3-031-05563-8_14",

language = "English",

isbn = "9783031055621",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "209--227",

editor = "Abbas Moallem",

booktitle = "HCI for Cybersecurity, Privacy and Trust",

}

Andriotis, P, Kirby, M & Takasu, A 2022, Bu-Dash: A Universal and Dynamic Graphical Password Scheme. in A Moallem (ed.), HCI for Cybersecurity, Privacy and Trust : 4th International Conference, HCI-CPT 2022, Held as Part of the 24th HCI International Conference, HCII 2022, Proceedings. Lecture Notes in Computer Science, vol. 13333, Springer, pp. 209-227. https://doi.org/10.1007/978-3-031-05563-8_14

Bu-Dash: A Universal and Dynamic Graphical Password Scheme. / Andriotis, Panagiotis; Kirby, Myles; Takasu, Atsuhiro.
HCI for Cybersecurity, Privacy and Trust : 4th International Conference, HCI-CPT 2022, Held as Part of the 24th HCI International Conference, HCII 2022, Proceedings. ed. / Abbas Moallem. Springer, 2022. p. 209-227 (Lecture Notes in Computer Science; Vol. 13333).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Bu-Dash

T2 - A Universal and Dynamic Graphical Password Scheme

AU - Andriotis, Panagiotis

AU - Kirby, Myles

AU - Takasu, Atsuhiro

N1 - Funding Information: Dr Panagiotis Andriotis was an International Research Fellow of Japan Society for the Promotion of Science (Postdoctoral Fellowships for Research in Japan (Standard)) when this paper was published. Publisher Copyright: © 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.

PY - 2022/6/16

Y1 - 2022/6/16

N2 - Biometric authentication gradually replaces knowledge-based methods on mobile devices. However, Personal Identification Numbers, passcodes, and graphical password schemes such as the Android Pattern Unlock (APU) are often the primary means for authentication, or they constitute an auxiliary (or backup) method to be used in case biometrics fail. Passcodes need to be memorable to be usable, hence users tend to choose easy to guess passwords, compromising security. The APU is a great example of a popular and usable graphical password scheme which can be easily compromised, by exploiting common and predominant human behavioristic traits. Despite its vulnerabilities, the scheme’s popularity has led researchers to propose adjustments and variations that enhance security but maintain its familiar user interface. Nevertheless, prior work demonstrated that improving security while preserving usability remains frequently a hard task. In this paper we propose a novel graphical password scheme built on the foundations of the well-accepted APU method, which is usable, inclusive, universal, and robust against shoulder surfing and smudge attacks. Our scheme, named Bu-Dash, features a dynamic user interface that mutates every time a user swipes the screen. Our pilot studies illustrate that Bu-Dash attracts positive user acceptance rates and maintains acceptable usability levels.

AB - Biometric authentication gradually replaces knowledge-based methods on mobile devices. However, Personal Identification Numbers, passcodes, and graphical password schemes such as the Android Pattern Unlock (APU) are often the primary means for authentication, or they constitute an auxiliary (or backup) method to be used in case biometrics fail. Passcodes need to be memorable to be usable, hence users tend to choose easy to guess passwords, compromising security. The APU is a great example of a popular and usable graphical password scheme which can be easily compromised, by exploiting common and predominant human behavioristic traits. Despite its vulnerabilities, the scheme’s popularity has led researchers to propose adjustments and variations that enhance security but maintain its familiar user interface. Nevertheless, prior work demonstrated that improving security while preserving usability remains frequently a hard task. In this paper we propose a novel graphical password scheme built on the foundations of the well-accepted APU method, which is usable, inclusive, universal, and robust against shoulder surfing and smudge attacks. Our scheme, named Bu-Dash, features a dynamic user interface that mutates every time a user swipes the screen. Our pilot studies illustrate that Bu-Dash attracts positive user acceptance rates and maintains acceptable usability levels.

KW - Android pattern

KW - Shoulder surfing

KW - Smudge attacks

KW - User authentication

UR - http://www.scopus.com/inward/record.url?scp=85133222813&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-05563-8_14

DO - 10.1007/978-3-031-05563-8_14

M3 - Conference contribution

SN - 9783031055621

T3 - Lecture Notes in Computer Science

SP - 209

EP - 227

BT - HCI for Cybersecurity, Privacy and Trust

A2 - Moallem, Abbas

PB - Springer

ER -

Andriotis P, Kirby M, Takasu A. Bu-Dash: A Universal and Dynamic Graphical Password Scheme. In Moallem A, editor, HCI for Cybersecurity, Privacy and Trust : 4th International Conference, HCI-CPT 2022, Held as Part of the 24th HCI International Conference, HCII 2022, Proceedings. Springer. 2022. p. 209-227. (Lecture Notes in Computer Science). doi: 10.1007/978-3-031-05563-8_14