Proposal and evaluation of authentication method having shoulder-surfing resistance for smartwatches using shift rule

Abstract

Recently, mobile devices having small touchscreen such as smartwatches has been increasing due to miniaturization of electronic devices. Currently, PIN and pattern lock are used for personal authentication of these devices, but there is possibility of leakage of authentication information by shoulder-surfing attack. Many authentication methods having shoulder-surfing resistance are proposed until now. However, these methods are for smartphones or tablets having middle-size screen. Hence, when these authentication methods apply for smartwatches, the usability reduces because a user cannot touch the screen accurately. Therefore, in this paper, we propose personal authentication method having shoulder-surfing resistance for smartwatches. In this method, the user selects alternative icon to registered icon on 3 × 3 matrix using shift rule. In addition, we implemented the proposed method on smartwatch, and performed two experiments to confirm usability and shoulder-surfing resistance. As a result, average authentication time and authentication success rate was 13.8 s and 89.4%, and touch success rate was 96.2% when using shift rule. Also, the leakage rate of authentication information was 0.0%.