SWIPASS: Image-based user authentication for touch screen devices

Abstract

Users of smartphones and/or tablet terminals browse and download confidential document files routinely. Therefore, a higher security level is needed for smartphones and tablet terminals than conventional mobile phones. From this kind of background, Takahashi and Uchida proposed an image-based user authentication method for touch screen devices by using the latest image shot by the user as the pass-image. The proposed authentication method is resistant to smudge attacks, one of the most serious threats for touch screen devices. However, the security strength of the method is low. Therefore, in this paper, we propose SWIPASS, an image-based user authentication method for touch screen devices that has higher security strength, by improving on the method proposed by Takahashi and Uchida. This improves the security strength without any change in either the resistance to smudge attacks or the users’ burden of memorizing. Although Takahashi and Uchida implemented their method only as a prototype system in their study, we implement SWIPASS as a real Android application in this study. Moreover, we also examined the usability and the resistance of SWIPASS against observation attacks by conducting several experiments in this paper.