Pattern lock and the app based on context , ease of use aspect in comparison

Received Dec 31, 2018 Revised Jan 17, 2019 Accepted Feb 04, 2019 Smartphone has been a popular device utilized to support productivity in human life and has become an integral part of human activities such as for communication, entertainment and social interaction. Those activities can be related to the information which needs to be protected because of its high privacy. Therefore, the smartphone needs a procedure that demonstrates an ability to secure that user information. However, more protective the scheme, more difficult the usage. Based on that pattern behavior, a good security scheme which support the users for easy security feature is urgently needed. One of such kind security features is authentication feature. In that manner, the ease of use aspect for acquiring the system by using an easy authentication mechanism becomes critically important. The ease of use intended is the efficiency of interaction between the user and that security feature for doing authentication including the time needed for doing that. This study developed the app which utilizes the context data, namely Geofilock. The context data meant is the location data based on the GPS and MAC address of the Wi-Fi. The system detected both context data and determined whether the smartphone needs to show the pattern screen lock as authentication feature or not, based on the context data analysis. The functionality of Geofilock works properly as shown by less user interaction number and less time needed by the user for obtaining the access. In addition, the app is easy to operate, as suggested by the user feedback.


INTRODUCTION
Smartphone technology has driven the human to perform many activities for supporting their productivityas well as enjoying entertainment.However, as time goes on, problems related to how information in the smartphone can be retrieved and how it can be protected tend to grow.Essentially, this happens due to the privacy related to the accessed data and user information.The apps such as e-banking, e-mail, and social media are the example of apps which contain high privacy related to its data.Therefore, the user needs a system which can prevent illegal access by an unauthorized user into the smartphone [1]- [2].
Many authentication systems have been developed for identifying the user and preventing an illegal access to the system.Broadly, the authentication system can increase privacy protection.However, it also reduces the ease of use aspect.
The ease of use is a level in which the user can trust that the system usage can reduce the user effort for doing something [3].Related to the system access like the pattern screen lock, the ease of use aspect still becomes a big challenge [2].Several studies tried to handle the authentication system problem related to the ease of use aspect.Those studies used approaches such as Biometric method [4]- [6] or Context-based [7]- [11].
According to the study in [12], the environmental context is the context which is easy to be remembered and there is not any change in its infrastructure including the environment of the smartphone itself.The secure authentication system which only uses the data location as the context cannot be secure enough or cannot always identify the authorized user.It happens because the data location can be accessed by anyone physically.More threateningly, the data location based on GPS can be forged by illicit apps nowadays.
To avoid that weakness, this study utilizes the combination of Wi-Fi and GPS as the context data.Both context data are used as the parameters of the authentication including for system analysis of this study.The system is going to compare the real-time environmental context data and the context saved in the database.When the context data is matched then the system does not call the pattern lock screen function.The user can bypass the mechanism of authentication.By this way, the user becomes more pleasant to access the system.
The pattern lock screen function represents the function which shows an authentication mechanism for the user if the detected environmental context data is not matched with the saved context data in the database.By passing this function, the ease of use aspect of a secure access system can be improved.

RELATED WORKS
The studies related to the authentication system has been explored and there are many methods which are used for them.The comparative study of them can be examined in Table 1.The other feature which is more advance for authentication system has been developed widely and it differs from the standard lock screen (e.g.PIN, Swipe, Pattern).The methods used and the focus of the studies can be different from each other.
The first technique which is commonly used is by applying biometric.The biometric remains a method for identification by manipulating part of the human body as an authentication key.This approach is distinct into two physiological and behavioral types [11].The example of the physiological biometric approach is face recognition [4].This mode uses face as part of human body as a metric for passing the authentication procedure.On the other hand, the behavioral type of biometric approach can be seen in [5] and [6].This behavioral approach treats the user behavioral movement as a metric for passing the authentication mechanism.The later type of biometric approach can exist in the background because the metric uses the user behavior [11].Habitually, the biometric approach focuses on security because it implements complex processes such as feature extraction, data training, and data analysis.
The second method uses the context data.The context data is the data around the system which can be extracted by the system.It can be sensed by the sensor or another device attached on the smartphone.The example of the second approach can be considered in the studies of [7], [9], and [12].Those studies use the context as a key to pass the authentication mechanism such as time, GPS, or Wi-Fi.The mechanism of this approach is by comparing between the presence context when user logs into the system and the other one which is saved by the system with error tolerance.
Each method displayed in Table 1 presents a weakness related to its characteristic.Time pattern has mobility defect because it requires more time to unlock the lock screen [7].Face recognition has an imperfection as it cannot be used in every place or any condition because some place or some condition can trigger a noise which disturbs the clarification process [4].The weakness of traditional text-based such as PIN and password is it can be attacked by using brute-force method [7].

ISSN: 2089-3272 
Pattern lock and the app based on context, ease of use aspect in comparison (Farid Fajriana Pulungan)

61
Regarding the context, it is any information which can be exploited to describe a situation, a human, a place or a thing and it is relevant with the interaction between the human and the app [13].The factors such as lumen, noise, communication bandwidth, or social situation become additional features of context description.
Related to the ease of use terminology, habitually, it is operated as the simplification of usability.As mentioned in ISO 9241-11 standard, the usability definition is how the product can be used by the certain user to get the specific and suitable goal with the effectiveness, the efficiency, and the satisfaction of the user related to the usage of it.The metric of usability is used for describing the user requirement, deciding the purpose of the system usage, and evaluating the usage of the system [14].
Based on [15], the security information covers 3 main purposes which are confidentiality, availability and integrity.Confidentiality is an aspect which guarantees that the information can only be accessed by an entity which has the authorization.Availability is an aspect which assures the available information which can be accessed by the entity which has an interest in accessing that information.Integrity is an aspect which ensures that the originality of the information and the information itself is not modified by an unauthorized entity.This study developed the authentication system which has an ability to be used for accessing the Android smartphone.Habitually, by using an authentication mechanism for accessing the system, all three aspects have been adopted.
This study developed the authentication system which provides an ability to be used for accessing the Android smartphone.Android is the operating system which is Linux-based and it is designed for a mobile device with touchscreen feature such as smartphones and tablets.This operating system is selected in this study to be explored because it becomes the most popular one [15].This operating system was developed by Android Corp which has been acquired by Google in 2005.The interface of Android is the screen which can be manipulated by touching, sliding, or tapping.
By default, Android has the pattern screen lock and also Wi-Fi features.The pattern screen lock is a graphical-based authentication, as shown in Figure 1.The image-based authentication has several advantages which are not belonged by another method.It is resistant to be penetrated by using a dictionary attack, bruteforce, and spyware which are easy to break text-based authentication.This method is cooperative to be remembered because the human tends to have an ability for remembering the image better than the text.
Wi-Fi is a technology for non-wired communication based on IEEE 802.11 standard.To connect into the Wi-Fi network, the device has to support Wi-Fi technology and in a covered area of Access Point (AP).Each AP allows unique identification called as SSID (Service Set Identifier) and MAC Address which become the physical address of it.When Android smartphone is connected to the AP, the device can obtain SSID and MAC address via Wi-Fi Manager.
According to location tracking, an API (Application Programming Interface) created by Google can be used to detect Android location by using GPS, mobile data, and also Wi-Fi [9].In this study, the location variables captured from this API are a latitude and a longitude.The user location is determined by implementing the intersection of both lines.Based on the study in [2], it shows that more than 30% of the respondents do not use a secure lock screen because they assume the feature is too complex.More than a half of respondents who use secure lock screen feel being disturbed because when they feel they are in a safe place, they still have to do an authentication procedure.Based on the information above, this study is going to develop a secure lock screen feature on the Android smartphone which can automate the unlock screen procedure when the similar context data is recognized by the Android device.

PROPOSED SYSTEM AND METHOD
The proposed system was designed based on the traditional lock screen feature on the Android smartphone.The lock screen is unlocked automatically if the environmental context is recognized by the system.The automation described means the user does not have to input the information related to the context data which is needed by the system.By this way, the interaction needed between the user and the device can be reduced.
To make a lock screen app which can perform easier authentication mechanism than before, it needs a key variable which can be trusted by the user.This study uses context data which are GPS location-based and MAC address of Wi-Fi.The usage of these context data can vary the level of smartphone security.
To determine the system security level, the context data have to be known first so they have to be saved in a database or other structured file.The purpose of the system developed is the Android smartphone system can determine its security level automatically based on the captured context data.The process is shown in Figure 2. The function of the pattern lock will not be called if the environmental context is recognized by the system (this is the function of Geofilock). Figure 3 explains the use case diagram.The user is an actor who interacts to the MainActivity.The MainActivity can manage the pattern lock via LockSetting and can check the context by using GetWifi and GetLocation.GoogleService is an actor which gives a location data to GetLocation.ScreenOn is a service registered when the MainActivity is run.ScreenOn also acts as a receiver which captures the screen broadcast of the smartphone when the screen turns on.When the broadcast is caught by the receiver, the ScreenOn calls the functionality of GetLocfi which contains the function of ContextManager.The ContextManager itself consists of GetLocation and GetWifi which are used to detect the context data in real time and also compares between that context and the saved context.Therefore, the ContextManager also has an ability to get the saved context data from the system information storage.Next, if the context is recognized then the function of unlock screen is called.If it is unknown then Getlocfi is going to call ScreenLockActivity to shows the pattern screen lock function.
In this proposed system, there are two types of data which are used as variables to determine the decision for configuring access mechanism.Firstly, the coordinate location as the context is used to recognize the environmental context.This data has a constant value and is captured by utilizing GPS tracking.Google API service is used to support user location data and it is added by getting a fence to improve the sensitivity of point location so the error location can be reduced.Secondly, MAC address of Wi-Fi or the physical address can be counted as a unique information for addressing the AP.This unique value becomes the reason why the MAC address is used as added information.
There are two levels of a scenario which are executed by the system according to the condition around the user smartphone in real time.Level 1 is the highest one which is applied by the system.It is implemented because the smartphone position is in a place which cannot be recognized by the system.In this level, the user has to do an authentication procedure by using pattern lock screen.Level 0 is the most modest security which ISSN: 2089-3272  Pattern lock and the app based on context, ease of use aspect in comparison (Farid Fajriana Pulungan) 63 is given by the smartphone system.It is given because the device system can recognize the environmental context.In this level, the user does not have to do an authentication process when the user accesses the smartphone home screen.This level can be achieved by the Geofilock app.
There are software and hardware needed for developing the proposed system.They can be followed in the next sub-section.

The Hardware
The hardware needed for developing the proposed system are:

The Assessment
There are several scenarios which are used to assess the proposed system.
According to the scenario, it can be presented that login is successfully done if the environmental context detected is the same as the saved context.However, it depends on the recognized mode selected.For example, if the recognized mode is related to the location, then the context which is location data detected have to be right.If a recognized mode is related to Wi-Fi, then the context which is MAC address must be correct.If both Wi-Fi and GPS location-based are used, then both parameters definitely have to be right.
To estimate the level of Recall, Precision, Accuracy, and Error Rate of the recognition, then the followed justifications are used: a) If the prediction result is negative and the truth (based on the assessment) is absolutely negative, so the value is set as 7. b) If the forecasting outcome is positive and the truth is absolutely negative, so the value is set as 0 c) If the prediction result is negative and the truth is definitely is positive, then the value is set as 0. d) If the forecasting outcome is negative and the truth is definitely positive, then the value is set as 5.

The Interaction Time Assessment
This observation is executed to determine whether the goal of the system creation is fulfilled or not.The goal of the proposed system development is to reduce the number of user interactions including the time needed by the user to access the system.The frequent number of interaction and the time needed which is mentioned above become the components of a usability parameter which is efficiency.The scenario of this assessment is by comparing the average time needed between the pattern screen lock function and the Geofilock function when the context is recognized.The parameters used for the comparing are the number of user screen touching and the time needed by the user to pass the authentication mechanism.Two authentication mechanisms are pattern screen lock and Geofilock.The observation is done in 30 times and the MI Redmi 3 smartphone is used.

Figure 1 .
Figure 1.The pattern screen lock

Figure 2 .
Figure 2. The flowchart of the proposed system

Figure 3 .
Figure 3.The use case diagram of the proposed system

Table 1 .
The Comparative study of the authentication system on the smartphone The minimal specification for porting the Geofilock app is OS Android 4.4 Kitkat