Journal of Software:2017.28(2):361-371

(西安电子科技大学 网络与信息安全学院, 陕西 西安 710071)
Android Unlock Pattern Scheme Through Random Point Exclusion
XIONG Si-Chun,YANG Chao,MA Jian-Feng,ZHANG Jun-Wei
(School of Cyber Engineering, Xidian University, Xi'an 710071, China)
Chart / table
Similar Articles
Article :Browse 1420   Download 1321
Received:September 07, 2015    Revised:December 02, 2015
> 中文摘要: 安卓图形解锁(Android unlock pattern,简称AUP)作为目前移动终端上使用最广泛的图形密码方案,实际应用的密码在理论空间上分布很不均匀,导致其实际安全性远低于理论安全性,所暴露出的巨大安全隐患极易被攻击者利用以加快字典攻击与暴力破解的速度.提出一种随机剔除点的安卓图形解锁方案(Android-unlock-pattern scheme through random points exclusion,简称AUP-RPE).在设置密码阶段通过对原界面作一系列改动以规避用户具有安全隐患的使用习惯,并组织了1 100余人次的用户测试以收集实际应用的图形密码.建模分析发现,在保证与AUP相近的可用性前提下,AUP-RPE的安全性提高了3个以上数量级,证明了该方案具有更高的安全性.
Abstract:As the most widely used graphical password scheme on mobile terminals, Android unlock pattern (AUP) is not quite uniformly distributed in its theoretical password space when in practical use, which exposes a tremendous hazard that can be easily exploited by the attacker to expedite dictionary attack or violence crack. To address this issue, this paper proposes a new scheme, Android-unlock-pattern based on random point exclusion (AUP-RPE), which helps the user to avoid habitual choices by the new interface arrangement. In addition, patterns in real-life use are collected by performing a large-scale user study with over 1 100 people. Modeling based on those patterns shows the entropy of AUP-RPE increases over 3 orders of magnitude than the entropy of AUP, which means that AUP-RPE has a much stronger security.
文章编号:     中图分类号:    文献标志码:
基金项目:国家自然科学基金(61672415,61472310,U1405255) 国家自然科学基金(61672415,61472310,U1405255)
Foundation items:National Natural Science Foundation of China (61672415, 61472310, U1405255)
Reference text:


XIONG Si-Chun,YANG Chao,MA Jian-Feng,ZHANG Jun-Wei.Android Unlock Pattern Scheme Through Random Point Exclusion.Journal of Software,2017,28(2):361-371