Professor develops gesture authentication to secure privacy
Logging into Facebook may soon involve drawing on your phone rather than typing in a password.
Janne Lindqvist, an assistant professor in the Department of Electrical and Computer Engineering, is working on “gesture based authentication systems,” a new way of logging into accounts through a phone or tablet device.
“More and more people sign up on mobile devices,” he said. “You might assume that when it’s harder to type, you have less secure passwords.”
Yulong Yang, a graduate student, said in an email that drawing your “password” is more user-friendly than typing it. Gesture-based authentication can be more secure than text-based passwords.
Touchscreen devices are already able to accept gestures, Lindqvist said. His team used the application programming interface to add software that reads raw gestures.
Each finger on a hand is given a set of points by this software. This data is then passed through an algorithm to “read” the gestures.
Multi-finger gestures could be read through this software. Using multiple fingers in different patterns complicates the pattern, requiring a different template from using a single finger.
The gesture would be read and translated by the device’s computer. Different data points, such as the angle between the points of a gesture, would be used to “read” the gesture.
Lindqvist said users of gesture-based authentication would need to minimize the differences between the template and their logins.
“What I would emphasize is this can be made to work on current touchscreens by implementing the software,” he said.
All devices with a touchscreen should be able to use the software, Yang said. The increasing popularity of these devices makes this method ideal for future use.
Lindqvist spent a lot of time working on different forms of security. Research into gesture-based authentication began after discussing text-based passwords with a colleague.
A 2013 study by Ofcom, a communications regulator in the United Kingdom, found more than half of adults on the Internet used the same password across different sites. More than a quarter used names or birthdays.
The study also said more than 80 percent of smartphone users went online with their devices. Fewer than 20 percent used tablets.
“We thought this might be better than passwords and PINs — that’s why we started working on gestures,” Lindqvist said.
A study conducted by Lindqvist and funded by the National Science Foundation had 63 people create their own gestures on a tablet. Participants were told to make the gestures as secure or unique as possible. They were tested the gestures on a tablet provided by the study.
Their favorite gesture was repeated 10 times. The participants of the study were then given distracting tasks to complete before trying to recall the gesture again.
Participants tried to recall the study 10 days later in a second session.
“We didn’t tell anyone how many fingers they could be using,” Lindqvist said. “Interestingly, about half use a single finger and about half used multi-finger gestures.”
The gestures used were mostly secure. Some participants used signatures as authenticators.
Others created circles using both single-finger and multi-finger gestures. Further studies on what gestures people created with instructions were run.
“Certainly people can be instructed to generate better gestures,” Lindqvist said. “Several people generated really secure gestures.”
The results of the study showed that simple instructions, such as telling a person to create something unique, had an effect on what sort of gesture was made.
Other studies continue to examine the effect of instructions, as well as how they compare to text-based passwords.
Different forms of the algorithm that recognize the fingers are also being compared.
“One limitation of gesture-based passwords would be to actually replace text-based passwords,” Yang said. “The latter has existed for too long [a] period of time and become too prevalent.”