409 research outputs found
A new graphical password scheme resistant to shoulder-surfing
Shoulder-surfing is a known risk where an attacker can capture a password by direct observation or by recording
the authentication session. Due to the visual interface, this problem has become exacerbated in graphical passwords.
There have been some graphical schemes resistant or immune
to shoulder-surfing, but they have significant usability
drawbacks, usually in the time and effort to log in. In this
paper, we propose and evaluate a new shoulder-surfing
resistant scheme which has a desirable usability for PDAs. Our inspiration comes from the drawing input method in DAS and the association mnemonics in Story for sequence retrieval. The new scheme requires users to draw a curve across their password images orderly rather than click directly on them.
The drawing input trick along with the complementary
measures, such as erasing the drawing trace, displaying
degraded images, and starting and ending with randomly
designated images provide a good resistance to shoulder-surfing.
A preliminary user study showed that users were able to enter their passwords accurately and to remember them over time
A new graphical password scheme resistant to shoulder-surfing
Shoulder-surfing is a known risk where an attacker can capture a password by direct observation or by recording the authentication session. Due to the visual interface, this problem has become exacerbated in graphical passwords. There have been some graphical schemes resistant or immune to shoulder-surfing, but they have significant usability drawbacks, usually in the time and effort to log in. In this paper, we propose and evaluate a new shoulder-surfing resistant scheme which has a desirable usability for PDAs. Our inspiration comes from the drawing input method in DAS and the association mnemonics in Story for sequence retrieval. The new scheme requires users to draw a curve across their password images orderly rather than click directly on them. The drawing input trick along with the complementary measures, such as erasing the drawing trace, displaying degraded images, and starting and ending with randomly designated images provide a good resistance to shoulder-surfing. A preliminary user study showed that users were able to enter their passwords accurately and to remember them over time
Press Code: A Shoulder Surfing Resistant Authentication Scheme for Smart Devices
A memorization-based locking system is
widely used in today’s smart devices, where a user has
to repeat a text/number/pattern/others from the
remembrance that has been registered before. He/she
would be allowed to access the device if the newly
given password is matched with the registered one.
However, among this class of passwords, graphical
password schemes are more compatible for smart
devices due to their heavily graphic-oriented nature.
However, existing graphical password schemes
experience various attacks and threats. Among them
shoulder surfing is the most prominent one, where an
attacker can observe the password through picking on
the screen. In this project, we propose a shoulder surfing
resistant password scheme using press code, which is a
new kind of code; and hence, a novel authentication
scheme. In the proposed technique, a user can
authenticate thyself by repeating the registered press
code. We implement our proposed technique on the
Android platform, and we have a prototype to
demonstrate at present
Ray's Scheme: Graphical Password Based Hybrid Authentication System for Smart Hand Held Devices
Passwords provide security mechanism for authentication and protection services against unwanted access to resources. One promising alternatives of textual passwords is a graphical based password. According to human psychology, human can easily remember pictures. In this paper, I have proposed a new hybrid graphical password based system. The system is a combination of recognition and pure recall based techniques and that offers many advantages over the existing systems and may be more convenient for the user. My approach is resistant to shoulder surfing attack and many other attacks on graphical passwords. This scheme is proposed for smart hand held devices (like smart phones i.e. PDAs, ipod, iphone, etc) which are more handy and convenient to use than traditional desktop computer systems. Keywords: smart phones, graphical passwords, authentication, network securit
Novel Schemes for Authentication
Authentication is one of the most basic process to provide security to any resource and application from unauthorized access. It covers two security goals confidentiality and integrity. Passwords are used as private identity for an individual. The password also has to be protected from several threats like stealing, shoulder surfing, eavesdropping and guessing. The most common method used for user Authentication is textual password using alphanumeric usernames and alphanumeric passwords. The issues which should be kept in mind while choosing a password is the how strong the password is and how good it is to memorize. Sometimes the stronger passwords are not easier to remember and easier passwords are not so secure. One more criteria for a good password, that should satisfy is, the password should be easy to type, such that any intruder, if any, is there beside you should not be able guess it or any camera behind you can’t capture the actual movements. To overcome the drawbacks of traditional textual schemes the new methods like graphical passwords are used. The easiness in remembering them and a strong resistance towards the brute force and dictionary attacks made them more popular. In this project, we have concentrated to protect our password from the above threats and to develop a system which has a strong resistant to above stated threats. We have implemented a varying password scheme which provides a better resistant to shoulder surfing, eavesdropping and guessing. This is an untraditional approach to use a not very complex and not very strong password in unsafe environments like public places. We have implemented the virtual keyboard and to make it more effective we are using multilingual keys. And also a hybrid system is designed by mixing three schemes: textual passwords, Recognition based passwords and Recall based password. All three are working together to remove the drawbacks of each scheme
Towards a metric for recognition-based graphical password security
Recognition-based graphical password (RBGP) schemes are not easily compared in terms of security. Current research uses many different measures which results in confusion as to whether RBGP schemes are secure against guessing and capture attacks. If it were possible to measure all RBGP schemes in a common way it would provide an easy comparison between them, allowing selection of the most secure design. This paper presents a discussion of potential attacks against recognition-based graphical password (RBGP) authentication schemes. As a result of this examination a preliminary measure of the security of a recognition-based scheme is presented. The security measure is a 4-tuple based on distractor selection, shoulder surfing,
intersection and replay attacks. It is aimed to be an initial proposal and is designed in a way which is extensible and adjustable as further research in the area develops. Finally, an example is provided by application to the PassFaces scheme
Recommended from our members
NAVI: Novel authentication with visual information
Text-based passwords, despite their well-known drawbacks, remain the dominant user authentication scheme implemented. Graphical password systems, based on visual information such as the recognition of photographs and / or pictures, have emerged as a promising alternative to the aggregate reliance on text passwords. Nevertheless, despite the advantages offered they have not been widely used in practice since many open issues need to be resolved. In this paper we propose a novel graphical password scheme, NAVI, where the credentials of the user are his username and a password formulated by drawing a route on a predefined map. We analyze the strength of the password generated by this scheme and present a prototype implementation in order to illustrate the feasibility of our proposal. Finally, we discuss NAVI’s security features and compare it with existing graphical password schemes as well as text-based passwords in terms of key security features, such aspassword keyspace, dictionary attacks and guessing attacks. The proposed scheme appears to have the same or better performance in the majority of the security features examined
GazeTouchPass: Multimodal Authentication Using Gaze and Touch on Mobile Devices
We propose a multimodal scheme, GazeTouchPass, that combines gaze and touch for shoulder-surfing resistant user authentication on mobile devices. GazeTouchPass allows passwords with multiple switches between input modalities during authentication. This requires attackers to simultaneously observe the device screen and the user's eyes to find the password. We evaluate the security and usability of GazeTouchPass in two user studies. Our findings show that GazeTouchPass is usable and significantly more secure than single-modal authentication against basic and even advanced shoulder-surfing attacks
Towards Baselines for Shoulder Surfing on Mobile Authentication
Given the nature of mobile devices and unlock procedures, unlock
authentication is a prime target for credential leaking via shoulder surfing, a
form of an observation attack. While the research community has investigated
solutions to minimize or prevent the threat of shoulder surfing, our
understanding of how the attack performs on current systems is less well
studied. In this paper, we describe a large online experiment (n=1173) that
works towards establishing a baseline of shoulder surfing vulnerability for
current unlock authentication systems. Using controlled video recordings of a
victim entering in a set of 4- and 6-length PINs and Android unlock patterns on
different phones from different angles, we asked participants to act as
attackers, trying to determine the authentication input based on the
observation. We find that 6-digit PINs are the most elusive attacking surface
where a single observation leads to just 10.8% successful attacks, improving to
26.5\% with multiple observations. As a comparison, 6-length Android patterns,
with one observation, suffered 64.2% attack rate and 79.9% with multiple
observations. Removing feedback lines for patterns improves security from
35.3\% and 52.1\% for single and multiple observations, respectively. This
evidence, as well as other results related to hand position, phone size, and
observation angle, suggests the best and worst case scenarios related to
shoulder surfing vulnerability which can both help inform users to improve
their security choices, as well as establish baselines for researchers.Comment: Will appear in Annual Computer Security Applications Conference
(ACSAC
- …