Picking a (Smart)Lock: Locking Relationships on Mobile Devices

The last decade has seen an explosion of mobile device deployment and adoption. As these devices take on a more central role in users' everyday lives, the security of these devices becomes paramount. In addition to providing access to data stored elsewhere, smartphones and tablets often store considerable personal data locally, increasing the importance of only allowing legitimate access to the device. Local authentication to the device is thus of central importance in a user's security management tasks.

The environmental requirements of mobile users fundamentally change the threat model and design requirements for device authentication from the traditional "desktop"paradigm. Mobile devices are used in a variety of physical environments, and are thus not protected by the physical security measures that protect desktop computers. Mobile devices are exposed to a wider variety of potential attackers, and do not benefit from the predictable environments enjoyed by home and office computers. This portability, combined with increased exposure to people and unknown environments, leads to higher susceptibility to theft and loss.