ShakeIn: Secure User Authentication of Smartphones with Single-Handed Shakes.

Smartphones have been widely used with a vast array of sensitive and private information stored on these devices. To secure such information from being leaked, user authentication schemes are necessary. Current password/pattern-based user authentication schemes are vulnerable to shoulder surfing attacks and smudge attacks. In contrast, stroke/gait-based schemes are secure but inconvenient for users to input. In this paper, we propose ShakeIn, a handy user authentication scheme for secure unlocking of a smartphone by simply shaking the phone. With embedded motion sensors, ShakeIn can effectively capture the unique and reliable biometrical features of users about howthey shake. In this way, even if an attacker sees a user shaking his/her phone, the attacker can hardly reproduce the same behavior. Furthermore, by allowing users to customize the way they shake the phone, ShakeIn endows users with the maximum operation flexibility. We implement ShakeIn and conduct both intensive trace-driven simulations and real experiments on 20 volunteers with about 530,555 shaking samples collected over multiple months. The results show that ShakeIn achieves an average equal error rate of 1.2 percent with a small number of shakes using only 35 training samples even in the presence of shoulder-surfing attacks.