Preventing shoulder-surfing attack with the concept of concealing the password objects' information
TLDR
Simulation results indicate that the correct input object and its location are random for each challenge set, thus preventing frequency of occurrence analysis attack and user study results show that the proposed method is able to prevent shoulder-surfing attack.Abstract:
Traditionally, picture-based password systems employ password objects (pictures/icons/symbols) as input during an authentication session, thus making them vulnerable to “shoulder-surfing” attack because the visual interface by function is easily observed by others. Recent software-based approaches attempt to minimize this threat by requiring users to enter their passwords indirectly by performing certain mental tasks to derive the indirect password, thus concealing the user’s actual password. However, weaknesses in the positioning of distracter and password objects introduce usability and security issues. In this paper, a new method, which conceals information about the password objects as much as possible, is proposed. Besides concealing the password objects and the number of password objects, the proposed method allows both password and distracter objects to be used as the challenge set’s input. The correctly entered password appears to be random and can only be derived with the knowledge of the full set of password objects. Therefore, it would be difficult for a shoulder-surfing adversary to identify the user’s actual password. Simulation results indicate that the correct input object and its location are random for each challenge set, thus preventing frequency of occurrence analysis attack. User study results show that the proposed method is able to prevent shoulder-surfing attack.read more
Citations
More filters
Journal ArticleDOI
Effect of synthesis methods on the surface and electrochemical characteristics of metal oxide/activated carbon composites for supercapacitor applications
TL;DR: In this paper, X-ray photoelectron spectroscopy (XPS), thermogravimetric analysis (TGA), N2 physisorption, Raman spectrograph, and scanning electron microscopy (SEM) techniques were used to investigate the surface chemistry, chemical composition, pore characteristics and surface morphology of the synthesized composites.
Journal ArticleDOI
Comparison of the electrochemical properties of engineered switchgrass biomass-derived activated carbon-based EDLCs
Tugrul Yumak,Tugrul Yumak,Gunes A. Yakaboylu,Oluwatosin Oginni,Kaushlendra Singh,Engin Çiftyürek,Edward M. Sabolsky +6 more
TL;DR: In this article, a carbon-based electrodes with high surface area were synthesized by direct and indirect chemical activation of switchgrass biomass and its biochar, and decorated with MnO2 in order to enhance and compare the capacitive performance of the fabricated supercapacitors.
Journal ArticleDOI
Shoulder surfing experiments: A systematic literature review
Leon Bošnjak,Boštjan Brumen +1 more
TL;DR: Through exhaustive analysis, this systematic review focuses on the evaluation of the shoulder surfing attack (SSA) vulnerability and strives to streamline and standardize experimental decisions by showcasing their impact on the outcome of the study, and generate guidelines for a more objective design of shoulder surfing experiments.
Journal ArticleDOI
Shoulder surfing: From an experimental study to a comparative framework
Leon Bošnjak,Boštjan Brumen +1 more
TL;DR: An ensemble of vulnerability metrics is developed, first empirical evidence that graphical passwords are easier to observe; however, that does not necessarily mean that the observed information will allow the attacker to guess the victim’s password easier.
Proceedings ArticleDOI
Prevention of shoulder surfing attack using randomized square matrix virtual keyboard
TL;DR: PassBoard is a new approach to tackle password authentication in public space or using public computer infrastructure through graphical passwords which are vulnerable to attacks like screenshot capture, are not easy to integrate with existing systems & services and have major usability issues.
References
More filters
Proceedings Article
Déjà Vu: a user study using images for authentication
Rachna Dhamija,Adrian Perrig +1 more
TL;DR: Deja Vu is a recognition-based authentication system, which authenticates a user through her ability to recognize previously seen images, which is more reliable and easier to use than traditional recall-based schemes, which require the user to precisely recall passwords or PINs.
Journal ArticleDOI
PassPoints: design and longitudinal evaluation of a graphical password system
TL;DR: PassPoints is described, a new and more secure graphical password system, and an empirical study comparing the use of PassPoints to alphanumeric passwords is reported, which shows that the graphical password users created a valid password with fewer difficulties than the alphan numeric users.
Book Chapter
Transforming the 'Weakest Link' - A Human-Computer Interaction Approach to Usable and Effective Security
TL;DR: In this paper, the authors argue that simply blaming users will not lead to more effective security systems and present examples of how undesirable user behaviour with passwords can be caused by failure to recognise the characteristics of human memory, unattainable or conflicting task demands, and lack of support, training and motivation.
Journal ArticleDOI
Transforming the 'Weakest Link' — a Human/Computer Interaction Approach to Usable and Effective Security
TL;DR: It is concluded that existing human/computer interaction knowledge and techniques can be used to prevent or address these problems, and outline a vision of a holistic design approach for usable and effective security.
Proceedings Article
On user choice in graphical password schemes
TL;DR: It is shown that permitting user selection of passwords in two graphical password schemes can yield passwords with entropy far below the theoretical optimum and, in some cases, that are highly correlated with the race or gender of the user.