Mobile security is critical today as the usage of mobile devices has been increasing; consequently mobile security becomes more crucial. People are frequently using mobile devices for secure storage of their sensitive data like social security numbers, credit card numbers. If these devices are not handled securely, anyone can access the mobile devices by hacking the authentication passwords. Pattern locking systems are commonly exercised for validating a user for mobile access. But these

more »

... are not safe, and are subjected to pre-computation attacks like dictionaries, rainbow tables and brute-force attacks. Android Kit Kat and Lollipop pattern authentication systems are vulnerable to pre-computations since they use SHA-1 unsalted hashes. The latest versions of Android like Marshmallow utilize SCRYPT hashes and salts for authenticating the users; they need additional hardware support such as TEE (Trusted Execution Environment) and Gatekeeper functionality. Therefore this research presents an alternative representation for mobile patterns using elliptic curves, and proposes three algorithms based on this ideology to make the pattern passwords strong against these attacks without using additional hardware. Security analysis regarding SAC (Strict Avalanche Criterion) and brute-force search space is also presented in this paper. Executions times are analyzed after the implementation of the three proposed methods.