Prof. Lindqvist's gesture security work featured in Scientific American
To protect your financial and personal data, most mobiles come with PIN-based security, biometrics or number grids that require you to retrace a particular pattern to access your device. But is that good enough in crowded places full of spying eyes?
Not necessarily, according to a team of researchers from Rutgers University in New Jersey, Max Planck Institute for Informatics and Saarland University in Germany, and the University of Helsinki in Finland. Thieves snagged about 3.1 million smartphones in the U.S. alone last year, according to a Consumer Reports study released in May. Most of those phones are not likely to be protected by screen locks—only about one third of mobile phone users surveyed use a four-digit PIN. And even passcode-protected phones are vulnerable to “shoulder surfing” thieves who can glean PINs by observing their victims using their devices in a crowded location before striking, according to the researchers.
As an alternative to PINs and passcodes, the researchers are studying the feasibility of touchscreen drawings, which they call “gestures.” In such a scenario, users would set their “password” by using one or more fingers to draw a line, curve or some other pattern on their touchscreens. The device would assign a value to the gesture. Users would have to replicate that same gesture on the screen—coming reasonably close to the assigned value—to later unlock the device.
“Once the user has come up with a repeatable gesture, it is really hard for others to do [the gesture] accurately because of your unique characteristics of your hand, muscles and joints,” says Janne Lindqvist, one of the project’s leaders and an assistant professor in Rutgers’ School of Engineering’s Department of Electrical and Computer Engineering. A “recognizer” program then identifies such a gesture as unique to that user.