Many Smart Phone and Personal Digital Assistant (PDA) users need to store valuable confidential information on their systems. User authentication alone is not enough to keep this information safe as an attacker can capture and probe the device offline to retrieve the information, bypassing any authentication system. The only way to protect the stored information is to encrypt it with a cryptographic key. The easiest way to create the key is to generate it from data collected during authentication. The best recognised such methods use cryptographic hash functions and message authentication code algorithms to derive the key indirectly from a passphrase, typically chosen by the user and entered into the device.
The value of a passphrase as a source for a symmetric cipher key can be measured as the amount of entropy that the passphrase contains. For example, regular English words constructed using the Latin alphabet have an entropy of approximately 1 bit per letter, whilst a totally random string of lowercase letters and numbers has an entropy of approximately 5 bits per letter. The following table shows that a proper password should be quite long in order to provide adequate protection against a brute force attack, i.e. an exhaustive search of all possible key values.
Symmetric key lengthTime required to break 56 bits5minutes 80 bits50years 96 bits3million years128 bits1016years
The times shown in the table correspond with computing performance of equipment worth of $10 million USD. In the light of ever increasing computing power and new processing techniques, a key of around 75 to 90 bits would appear to provide an adequate level of security.
Typically, a passphrase is a sequence of letters, digits and other characters, which the user memorises. These conventional alphanumeric passphrases have several disadvantages. Easy to remember passphrases can be compromised through so called dictionary and brute force attacks, while randomly generated long passphrases that provide high security are difficult for the user to remember. These disadvantages become even more important in smart phone and PDA environments where constraints (e.g. the lack of a traditional keyboard) make textual passphrase entry slow and cumbersome.
There are several ease-of-use requirements for passphrase systems on smart phones and PDAs that have no keyboard, but which rely on a joystick, roller, pen or a special stylus as the input device:                The password should be quick to enter, which implies that it should be short and require no hard-to-reproduce pen movements or too many taps and strokes.        The password should be easy to remember and recall instantly, which implies that it should be something meaningful rather than random data.        It should not be required to change the password frequently, so as to minimize the “load” on the user's memory and to avoid extra administrative work resulting from forgotten passwords.        The limited input facilities of mobile devices often result in text entry errors. The device should give the user visual feedback during the password entry so that the user will notice immediately any errors.        
There are however many security requirements relating to the password which contradict the ease-of-use requirements:                To guard against so-called dictionary attacks (exhaustive searches through all words found in dictionaries and other sources), the password should not be a real word or a simple derivation of a real word in any language. Preferably, it should be totally random.        To provide adequate protection against so-called brute force attacks (exhaustive searches of all possible character combinations), the password should be long and consist of characters from a large alphabet, e.g. a textual password should include a mixture lower case and upper case letters, digits, punctuation, and other special characters.        To protect against so-called educated guess attacks (manual or semi-automatic searches of different passwords the attacker chooses based on information about the user's personality, habits, family, possessions, etc.), the password should be generated randomly by the system rather than chosen freely by the user.        The password should not be written down. Preferably, the password format should make it easy for the user to memorize the password mentally, avoiding the need to write it down on a piece of paper.        Corporate users will often take their mobile devices with them when they're away from the office, so the devices are more likely to get lost or stolen than desktop PCs. The attacker can probe the device or simply observe the user during password entry to discover the password. For this reason, the mobile device password should not be used on other systems. Preferably, the mobile device password format should make it difficult to choose the same password to access corporate network and other resources.        The user should be able to enter the password in secrecy so that it is not revealed to onlookers.        
These contradictory requirements result in a situation where passwords used on mobile devices are either easy for an attacker to break, or are too difficult for the user to remember and enter.
Many passphrase-based systems, which illustrate the trade-off required between ease of use and security, have been proposed for mobile devices. These include:                PIN codes                    These are easy to remember sequence of numbers. However, the limited number of characters used (0 to 9) makes them unsuitable as a source of cryptographic keys. Also, the need for repeated taps (e.g. on a touch screen) may leave marks which provide an indication of the digits used in a PIN.                        Virtual keyboard based textual passwords                    Whilst the number of characters which can be used to generate a password is increased, a user will tend to impose limits, e.g. by not mixing upper and lower case characters. In addition, character entry is slow and prone to errors.                        Textual characters using character recognition                    In such systems, a user enters a password by drawing a sequence of characters on a screen. As with virtual keyboards, users tend to limit the character set used, and character entry is slow and error prone.                        Signature recognition and biometrics                    Systems which make use of a handwritten signature tend to rely on a stored plaintext version of the signature to perform the required pattern recognition based comparison. This creates a vulnerability as an attacker may be able to observe the stored plaintext. Also, an attacker may obtain a copy of the signature elsewhere, e.g. from a signed cheque, and a user may be reluctant to change a long used signature as is required to maintain security. Biometric passphrases such as fingerprints and retina scans are difficult to implement in practice, and as with signatures do not lend themselves to changes.                        Graphical passphrases                    Graphical systems have been proposed where a user draws a “secret shape” on a touch sensitive screen. Whilst in theory such a system allows a user to select any combination of pixels available on the screen as his password, in practice users tend to draw passphrases consisting of a small number of continuous lines. By guessing or exhaustively searching all possible starting points, and examining all lines emanating from those start points, the search size becomes manageable for an attacker. Another graphical solution is to select a passphrase based upon tap points on a displayed graphical image. However, some of the tap points may be obvious, as distinctive features in the image will tend to be selected as passphrase components ahead of non-distinctive features. Both graphical systems also suffer from the disadvantage that repeatability of a tap may be difficult, unless the tap points are relatively large in area. However, large tap points will reduce the overall number of tap points available, reducing the entropy of the pass phrase.            Another graphical system relied upon the selection by a user of images from displayed sets of images. This system does not lend itself to mobile devices however, where data storage capacity is small, display resolution poor, and image processing capacity limited.                        