還敢用密碼和手勢鎖屏?試試更安全的涂鴉吧!
????林奎斯特說:“無論如何,對于復(fù)雜的手勢,大家絕對不可能做到百分之百準(zhǔn)確重現(xiàn)?!绷挚固刂赋觯辽傩枰沃貜?fù)或模板才能使手勢穩(wěn)定。(為了提高準(zhǔn)確度,在研究中對每位被試者采用了10個(gè)模板。) ????研究者還使用了一種適應(yīng)性很強(qiáng)的算法。被試者們能夠在移動設(shè)備屏幕的任何地方、以任意角度畫出圖案,大小也可隨心所欲,只要手勢的形狀正確即可。這樣靈活的算法可以讓同一手勢跨平臺使用,例如大屏幕的平板和屏幕相對較小的智能手機(jī)能使用相同的手勢密碼。 ????為了準(zhǔn)確衡量每種手勢的安全性,研究人員引入了信息論中的“微分熵”概念。這個(gè)概念能量化手勢的“信息內(nèi)容”或者說“多樣性”。一般來說,越復(fù)雜的手勢越安全,它們有些看著像荊棘、風(fēng)滾草等植物,還有些看起來像是有很多面的珠寶。 ????通常,與最安全的手勢相比,那些最容易記住的手勢一般比較簡潔,其中包括簡單的圖案造型,例如三角形和簽名等。 ????而最不安全的手勢則要數(shù)單調(diào)循環(huán)的圓圈。 ????另一種衡量安全性的方法是所謂的“背后偷窺”測試。方法是讓六名學(xué)生志愿者獨(dú)自觀看一位學(xué)生演示三種典型手勢的視頻,然后憑記憶重復(fù)這些手勢。 ????初步測試的效果令人振奮。林奎斯特稱:“偷窺者們甚至都無法畫出相近的手勢?!?/p> ????事實(shí)上,還是有一人幾乎畫出了其中一種手勢——一個(gè)倒寫的字母“N”,但相似度沒有達(dá)到系統(tǒng)“識別”通過的程度。 ????紐約大學(xué)(New York University)計(jì)算機(jī)科學(xué)與工程專業(yè)教授納西爾?梅蒙說:“輸入密碼已經(jīng)過時(shí)了,我們亟需發(fā)掘替代方案。”梅蒙并沒有參與上面提到的研究。 ????不過,即便有肌肉記憶輔助,我們也可能會被一大堆手勢密碼弄得不知所措。 ????梅蒙反問:“如果你的三個(gè)賬號有三個(gè)不同的手勢密碼,你怎么區(qū)分?” ????林奎斯特表示,在未來的研究中,他計(jì)劃指導(dǎo)被試者,幫助他們掌握最佳的做法,獲得安全又好記的手勢。此外,他還希望擴(kuò)展背后窺視測試。他說:“我認(rèn)為手勢密碼非常安全,比現(xiàn)有方案要好。我希望在這個(gè)領(lǐng)域繼續(xù)深入研究?!?/p> ????如果這種新方法靠譜,未來密碼安全可能不再靠鍵盤,而是靠信手涂鴉。不過,目前全球幾十億移動設(shè)備用戶只能用谷歌安卓系統(tǒng)的標(biāo)準(zhǔn)模式鎖屏和蘋果的個(gè)人識別號碼。 ????梅蒙說:“手勢密碼確實(shí)有潛力。但它要得到廣泛的采用還有很長的路要走?!保ㄘ?cái)富中文網(wǎng)) ????譯者:項(xiàng)航 |
????“You never can, in any case—with any kind of meaningfully complex gesture—repeat it exactly the same way,” Lindqvist said, noting that it takes at least three repetitions, or templates, for a gesture to become stable. (For improved accuracy, the study used 10 templates per participant.) ????The researchers also used a flexible algorithm. Participants were able to draw anywhere on the device’s screen at whatever size and angle they wished, as long as the shape of the gesture was correct. Such flexibility may allow single gestures to adapt across platforms: for instance, on the larger screen of a tablet versus the smaller screen of a smartphone. ????To measure each gesture’s level of security, the researchers imported a concept from Information Theory called “differential entropy.” This metric quantified the “information content,” or “surprisingness,” of a gesture. Generally, the most secure gestures were the most complex. Some of these looked like brambles, tumbleweeds or multi-faceted jewels. ????On average the most memorable gestures were shorter and simpler than those best for security. Some of the most memorable ones included simple angular shapes, like triangles, and signatures. ????The least-secure gestures consisted of gentle, looping circles. ????Another measure of security involved a “shoulder surfing” test. Six student volunteers independently watched videos of another student performing three representative gestures. These “attackers” were then asked to replicate each gesture. ????The preliminary results were promising. “None of the attackers came even close to the gesture,” Lindqvist said. ????In fact, one attacker did nearly replicate one of the gestures—a backwards “N”—but did not come close enough for a “recognizer” to authenticate. ????“Typing in a password seems to be an artifact of the past,” said Nasir Memon, professor of computer science and engineering at New York University, who was not involved in the study. “There is definitely a need to explore the alternatives.” ????Still, even with the aid of muscle memory, one must question how confusing a world of security gestures might become. ????“If you have three different gestures for three different accounts, how do you deal with that?” Memon asked. ????In future studies, Lindqvist said he plans to instruct participants in best practices for generating secure and memorable gestures. He also hopes to expand the shoulder-surfing test. “I think that this robust alternative and a better alternative than the current method, and looking forward to working on this more,” Lindqvist said. ????If the new tactic’s promise holds, the future of password security may look less like a keyboard and more like finger-skating. For now, though, the billions of people around the world using mobile devices must stick with their PINs and patterns. ????“It holds potential,” Memon said. “But we’re still a long way from it being seriously adopted.” |
-
熱讀文章
-
熱門視頻