ABSTRACT
In mobile devices such as smart phones, it is important to provide adequate user authentication. Conventional text-based passwords have significant drawbacks though they are used as the most common authentication method. To address the vulnerabilities of traditional text-based passwords, graphical password schemes have been developed as possible alternative solutions. However, a potential drawback of graphical password schemes is that they are more vulnerable to shoulder-surfing than conventional text-based passwords. In this paper, we present a new shoulder-surfing resistant password. Our approach makes it difficult for attackers to observe a user's password by requiring the user to locate his or her password in the given password grid instead of entering the password (Figure 1). Security analysis for shoulder-surfing attacks shows that our password is robust against both random and shoulder-surfing attacks.
- Gridsure website. http://www.gridsure.com, Last accessed August 2010.Google Scholar
- Science behind passfaces. http://www.passfaces.com/enterprise/resources/white_papers.htm, accessed August 2010.Google Scholar
- Y. Berger, A. Wool, and A. Yeredor. Dictionaly attacks using keyboard acoustic emanations. In Proc. of the 13th ACM Conf. on Computer and Communications Security, 2006. Google ScholarDigital Library
- P. Dunphy and J. Yan. Do background images improve 'draw a secret' graphical passwords? In Proc. of the 14th ACM Conf. on Computer and Communications Security, pages 36--47, 2007. Google ScholarDigital Library
- K. M. Everitt, T. Bragin, J. Fogarty, and T. Kohno. A comprehensive study of frequency, interference, and training of multiple graphical passwords. In Proc. of the 27th Int. Conf. on Human factors in computing systems, pages 889--898, 2009. Google ScholarDigital Library
- B. Hoanca and K. Mock. Screen orientaed technique for reducing the incidence of shoulder surfing. In Proc. of the Int. Conf. on Security and Management 2005, pages 334--340, 2005.Google Scholar
- W. Jansen. Authenticating mobile device users through image selection. In Data Security, 2004.Google Scholar
- I. Jermyn, A. Mayer, F. Monrose, M. Reiter, and A. Rubin. The design and analysis of graphica passwords. In Proc. of the 8th USENIX Secrity Symposium, 1999. Google ScholarDigital Library
- M. G. Kuhn. Electromagnetic evaesdropping risks of flat-panel displays. In Proc. of the 4th Workshop on Privacy Enhancing Technologies, pages 23--25, 2004. Google ScholarDigital Library
- M. Kumar, T. Garfinkel, D. Boneh, and T. Winograd. Reducing shoulder-surfing by using gaze-based password entry. In Proc. of the Symposium On Usable Privacy and Security, 2007. Google ScholarDigital Library
- A. H. Lashkari, O. B. Zakaria, S. Farmand, and R. Saleh. Shoulder surfing attack in graphical password authentication. International Journal of Computer Science and Information Security, 6(2):145--154, 2009.Google Scholar
- T. Perkovic, M. Cagalj, and N. Rakic. Sssl: Shoulder surfing safe login. In Proc. of the 17th Int. Conf. on Software, Telecommunications and Computer Networks, pages 270--275, 2009. Google ScholarDigital Library
- V. Roth, K. Richter, and R. Freidinger. A pin-entry method resilient against shoulder surfing. In Proc. of the 11th ACM Conf. on Computer and Communications Security, pages 236--245, 2004. Google ScholarDigital Library
- X. Suo, Y. Zhu, and G. S. Owen. Graphical passwords: A survey. In Proc. of the 21st Annual Computer Security Applications Conference, pages 463--472, December 2005. Google ScholarDigital Library
- S. Wiedenbeck, J. Waters, J.-C. Birget, A. Brodskiy, and N. Memon. Authentication using graphical passwords: Basic results. In Proc. of the Human-Computer Interaction International, 2005.Google Scholar
- S. Wiedenbeck, J. Waters, L. Sobrado, and J.-C. Birget. Design and evaluation of a shoulder-surfing resistant graphical password scheme. In Proc. of AVI 2006, pages 177--184, 2006. Google ScholarDigital Library
Index Terms
- A new shoulder-surfing resistant password for mobile environments
Recommendations
Design and evaluation of a shoulder-surfing resistant graphical password scheme
AVI '06: Proceedings of the working conference on Advanced visual interfacesWhen users input their passwords in a public place, they may be at risk of attackers stealing their password. An attacker can capture a password by direct observation or by recording the individual's authentication session. This is referred to as ...
A New Graphical Password Scheme Resistant to Shoulder-Surfing
CW '10: Proceedings of the 2010 International Conference on CyberworldsShoulder-surfing is a known risk where an attacker can capture a password by direct observation or by recording the authentication session. Due to the visual interface, this problem has become exacerbated in graphical passwords. There have been some ...
A Novel Cued-recall Graphical Password Scheme
ICIG '11: Proceedings of the 2011 Sixth International Conference on Image and GraphicsGraphical passwords have been proposed as an alternative to alphanumeric passwords with their advantages in usability and security. However, most of these alternate schemes have their own disadvantages. For example, cued-recall graphical password ...
Comments