In this lecture, we're going to talk about Gesture-based Authentication. This can be related to Biometric Authentication, but it doesn't have to be. So we're going to start by looking at a couple different types of Gesture-based Authentication, and then talk about the usability of these systems. First, keypad gestures are a type of Gesture based Authentication where users are given 9 points, usually laid out in the form of a keyboard. And they're asked to pick a gesture that connects those points together in order to authenticate themselves into a system. This is a type of Gesture-based Authentication that's commonly used in Android systems, so some of you are probably familiar with it. Let's take a look at those types of gestures in use. Here you can see we're being prompted to create a gesture-based password with these nine points on the Android. So when I get started, I can pick a pattern, this one looks sort of like an N. Once I've decided on it, I'm asked to repeat it to confirm just like we would with any password, and now it's set. So, if I turn the device off and turn it back on, and I'm prompted to log in. If I put in the wrong password, it doesn't work. If I put in the correct pattern, I'm authenticated. There are alternatives to this kind of controlled gesture, that bridge the space between keypad gestures and free gestures. In those cases, instead of a keypad you may have an image and you create a gesture linking different faces, or different points in the image. Free gestures don't require any kind of background at all. And we'll take a look at a few examples of those. In these cases a person picks whatever kind of gesture they want. It doesn't have to pick any particular point. And the computer learns to recognize that gesture. These are biometrically based because even if someone else comes in, and tries to do the same gesture there will be subtle differences in the way two people enter it. Pictures lie in the middle of this space, because essentially you're looking for people hitting the same point on an image. That's not necessarily biometric, but totally free gestures are. So, let's look at a few examples of those. In this example we are looking at a free form gesture system, I have a link to the full video of this below, a users has to create a gesture, and in this case is a capital L, and they input it a bunch of times, once the system learns it they can authenticate it by entering the same gesture, and the system lets them in. This is biometric because if someone else comes along and tries to log in, they've looked over the shoulder, they try to draw the same figure, the system actually keeps them out. This next example allows users to enter a signature. So I'll see the phone rotate here so we get a better perspective on it. You can write this however you like. And you have to go through a series of training examples, just like in the previous case. Notice that the alignment of these letters, the size is different, in each case. So the user who's creating this authentication mechanism does their signature five different times. There are slight differences every time and that's okay because there are going to be differences every time a person goes to enter it. Once they've done their five log ins, they can then actually try to log into the system typing the phrase, and then it works. Finally, here's an example using multi touch where a user makes a gesture with all five fingers that the computer trains on. As we see with multiple examples here, and then the user can use it to log in. In all of these examples, we're looking at free gestures where users can create whatever gesture they want on the screen, the system has them repeat it a few times so it learns the variations in how they enter it, and then that becomes the way they authenticate. It gives users a lot of freedom, but it's also actually quite secure because there are small differences between how each person would enter the same information, and the computer can pick up on that. So, there are biometrics built into recognizing these gestures. Now, what about the benefits of doing gesture based authentication. It's interesting, but is it usable and is it secure? What research has shown is that gestures that users enjoy creating and using, which means users think they're easy to use to log-in, they're fun to create, and so on. Those user preferred gestures tend to be, the more secure gestures. The things that are boring and that users don't like inputting that maybe are hard, also tend to be less secure. And so there's a nice parallel between user preference and security. Users prefer using gestures over using actual passwords. And that's because, it's easier to use a gesture especially, on a small mobile device, and it's easier to remember in a lot of cases. And finally, gestures are faster than passwords and they're less error prone. So we have user preference, speed and efficiency. All working towards usability, and we had these additional results that so, that show gesture based authentication also tends to be more secure, so this is a real win. In the next lecture, we will look at an example of gesture based authentication attacks, which I think is an interesting take on what we normally think of a person breaking into a system.
