Presentation on theme: "ByPass A platform to evaluate Android authentication techniques Payas Gupta & Sarah Smith."— Presentation transcript:
ByPass A platform to evaluate Android authentication techniques Payas Gupta & Sarah Smith
ByPass Introduction User study to examine the entropy of the traditional Android authentication system Determine the security, usability, and memorability of the current grid versus more complex layouts Develop an authentication system to have stronger and more advanced unlock patterns
Experiment Goals Security Entropy: greater than the existing 3 x 3 grid Hot spots: all spots are equally likely to be used Usability Fast and easy to use without too many mistakes Use as the primary authentication Memorability Cognitive load should be minimal Easier to remember than other authentication models
Research Questions What is the optimal grid layout? What is a strong pattern password? How can we nudge users into creating stronger pattern passwords?
Additional Research Questions Are there any hot spots or common patterns that impact the entropy of the system? Is the Android pattern based authentication memorable over time? Do the situations surrounding the lockscreen balance the complexity of the patterns and usability? Does complexity increase the overall security without too much additional cost? What is the average length of the patterns? Can users be nudged to design better patterns?
Current Authentication Status PINs and text-based passwords Impractical, difficult to enter quickly, accurately Biometric, facial recognition, fingerprint scans Some can be easily replicable Simple swipe-to-unlock patterns Vulnerable to smudge attacks
Experiment Procedure First Section: Participants create patterns on the traditional Android 3 x 3 grid Participants create patterns on a 3 x 3 grid with triangles pointing in different directions Second Section: Participants create patterns on a pentagonal grid Participants create patterns on a pentagonal grid with triangles pointing in different directions Participants use the ByPass authentication app for 3 weeks, logging in once daily Two pattern password sets per section: priming in the scenarios for creating a bank password versus creating a phone-unlock password
Post-Study Questions How does the entropy change from the traditional Android authentication to the entropy from ByPass’s authentication system? Are the projected increases in complexity resistant to potential declining usability and memorability? How did the users perceive security in the scope of this authentication app? Surveys administered to address the following: Uniqueness, general security, memorability, ease of entry, length or number of connected nodes