Abstract: Pattern lock has been widely used in smartphones as a simple and effective authentication mechanism, which however is shown to be vulnerable to various attacks. In this paper, we design a novel authentication system for more secure pattern unlocking on smartphones. This project is written in J-script and click are automatically recognized by the code and no external configurations are required. Android pattern lock is still popularly used for mobile user authentication. Unfortunately, however, many concerns have been raised regarding its security and usability. User-created patterns tend to be simply structured or reduced to a small set. Complex patterns are hard to memorize. Input patterns are susceptible to various attacks, such as guessing attacks, smudge attacks, and shoulder surfing attacks. Our basic idea starts from turning the lock pattern into public knowledge rather than a secret and leveraging touch dynamics. Users do not need to create their own lock patterns or memorize them. Instead, our system shows a public pattern along with guidance on how to draw it. All the user needs to do for authentication is to draw the pattern as shown. For adversaries, the above-mentioned attacks are rendered useless by this new mechanism. Specifically, we study how to generate the public patterns and how to perform authentication. You have probably seen this on a touchscreen smartphone you have 9 dots and you have to draw a pattern. It works great: drawing a shape on a small touch screen is far easier than typing on those small keyboards AND far easier to remember too. Once you've got used to it, typing passwords in general gets pretty annoying A proof of concept project illustrating the use of the Android Pattern Lock Screen inside a HTML
Keywords: “J-script”, “Android”, “Smartphone”, “HTML”, “Pattern Lock”, “9 dots”.
| DOI: 10.17148/IJARCCE.2021.10594