R. Schlöglhofer, J. Sametinger: Secure and Usable Authentication on Mobile Devices, MoMM2012 - 10th International Conference on Advances in Mobile Computing & Multimedia, Bali, Indonesia, December 22-26, 2012.
DOI: 10.1145/2428955.2429004

Mobile devices contain a multitude of sensitive data and provide access to even more data as well as services somewhere on the Internet. Even if only temporarily in the hands of non-entitled persons, privacy is at stake. Authentication protects against unauthorized usage. Today’s operating systems of mobile devices offer authentication mechanisms. However, they are either vulnerable in some situations or not user friendly enough to be widely adopted. In this paper we suggest a novel authentication system which meets both the requirements of security and usability. For that purpose, we have analyzed existing authentication methods as well as targeting attacks. The resulting Android application SecureLock is a generic authentication system, which offers PIN and password, but also a property-based authentication method by means of NFC tags, and a novel image-based method called GesturePuzzle. The application has been evaluated and compared with other approaches for security and usability.