TY - JOUR
T1 - ShakeUnlock: Securely Transfer Authentication States Between Mobile Devices
AU - Findling, Rainhard
AU - Muaaz, Muhammad
AU - Hintze, Daniel
AU - Mayrhofer, Rene
PY - 2017/4/1
Y1 - 2017/4/1
N2 - As users start carrying multiple mobile devices, we propose a novel, token based mobile device unlocking approach. Mobile devices are conjointly shaken to transfer the authentication state from an unlocked token device to another device to unlock it. A common use case features a wrist watch as token device, which remains unlocked as long as it is strapped to the user's wrist, and a locked mobile phone, which is unlocked if both devices are shaken conjointly. Shaking can be done single-handedly, requires little user attention (users don't have to look at the device for unlocking it) and does not cause additional cognitive load on users. In case attackers gain control over the locked phone, forging shaking is difficult, which impedes malicious unlocks. We evaluate our approach using acceleration records from our 29 people sized ShakeUnlock database and discuss influence of its constituent parts on the system performance. We further present a performance study using an Android implementation and live data, which shows the true negative rate of observational attacks to be in the range of 0.8 - if an attacker manages to gain control over the locked device and shake it in parallel to the device owner shaking the token device.
AB - As users start carrying multiple mobile devices, we propose a novel, token based mobile device unlocking approach. Mobile devices are conjointly shaken to transfer the authentication state from an unlocked token device to another device to unlock it. A common use case features a wrist watch as token device, which remains unlocked as long as it is strapped to the user's wrist, and a locked mobile phone, which is unlocked if both devices are shaken conjointly. Shaking can be done single-handedly, requires little user attention (users don't have to look at the device for unlocking it) and does not cause additional cognitive load on users. In case attackers gain control over the locked phone, forging shaking is difficult, which impedes malicious unlocks. We evaluate our approach using acceleration records from our 29 people sized ShakeUnlock database and discuss influence of its constituent parts on the system performance. We further present a performance study using an Android implementation and live data, which shows the true negative rate of observational attacks to be in the range of 0.8 - if an attacker manages to gain control over the locked device and shake it in parallel to the device owner shaking the token device.
KW - Mobile environments
KW - Security and Privacy Protection
KW - Authentication
KW - Time series analysis
KW - Mobile environments
KW - Security and Privacy Protection
KW - Authentication
KW - Time series analysis
KW - measurement techniques
KW - human factors
KW - Mobile computing
KW - authentication
UR - http://www.scopus.com/inward/record.url?scp=85015856352&partnerID=8YFLogxK
U2 - 10.1109/TMC.2016.2582489
DO - 10.1109/TMC.2016.2582489
M3 - Article
VL - 16
SP - 1163
EP - 1175
JO - IEEE Transactions on Mobile Computing
JF - IEEE Transactions on Mobile Computing
IS - 4
M1 - 7494938
ER -