[HGI-News-de] HGI-Kolloquium am 28.11.2013: "Quan­ti­fy­ing the Se­cu­ri­ty of Gra­phi­cal Pass­words: The Case of An­dro­id Un­lock Pat­terns"

Newsletter des Horst Görtz Instituts hgi-news-deutschland at lists.ruhr-uni-bochum.de
Mo Nov 25 09:09:17 CET 2013 

Sehr geehrte Damen und Herren,

im Rahmen des HGI-Kolloquiums, organisiert von der Arbeitsgruppe
Sichere Hardware und dem Horst-Görtz-Institut der Ruhr-Universität
Bochum, wird Sebastian Uellenbeck von der Ruhr-Universität Bochum,
am nächsten Donnerstag, den 28. November 2013 um 12 Uhr s.t. in
Raum ID 03/411 über folgendes Thema referieren:

"Quan­ti­fy­ing the Se­cu­ri­ty of Gra­phi­cal Pass­words: The Case of
An­dro­id Un­lock Pat­terns": Graphical passwords were proposed as an
alternative to overcome the inherent limitations of text-based passwords,
inspired by research that shows that the graphical memory of humans is
particularly well developed. A graphical password scheme that has been
widely adopted is the \emph{Android Unlock Pattern}, a special case of
the Pass-Go scheme with grid size restricted to $3 \times 3$ points and
restricted stroke count.

In this paper, we study the security of Android Unlock Patterns. By
performing a large-scale user study, we measure actual user choices of
patterns instead of theoretical considerations on password spaces. From
this data we construct a model based on Markov chains that enables us to
quantify the strength of Android Unlock Patterns. We found empirically
that there is a high bias in the pattern selection process, e. g., the
upper left corner and three-point long straight  lines are
very typical selection strategies. Consequently, the entropy of patterns
is rather low, and our results indicate that the security offered by the
scheme is less than the security of only three digit randomly-assigned
PINs for guessing 20 % of all passwords (i. e., we estimate a partial
guessing entropy $G_{0.2}$ of $9.10$ bit).

Based on these insights, we systematically improve the scheme by
finding a small, but still effective change in the pattern layout that
makes graphical user logins substantially more secure.
By means of another user study, we show that some changes
improve the security by more than doubling the space of actually used
passwords (i. e., increasing the partial guessing entropy $G_{0.2}$ to
  $10.81$ bit).

Zu diesem und sämtlichen weiteren Vorträgen des HGI-Kolloquiums
sind alle Studenten und Interessierten herzlich eingeladen!
Eine Voranmeldung ist nicht erforderlich!

Weitere Informationen gibt es auf folgender Webseite:
http://hgi.rub.de/hgi/hgi-seminar/

Mit freundlichen Grüßen,
   Pascal Sasdrich

Mehr Informationen über die Mailingliste Hgi-News-Deutschland