Author : Rashmi B.K 1
Date of Publication :8th June 2017
Abstract: Authentication based on passwords is used largely in applications for computer security and privacy. However, human actions such as choosing bad passwords and inputting passwords in an insecure way are regarded as â€the weakest link†in the authentication chain. Rather than arbitrary alphanumeric strings, users tend to choose passwords either short or meaningful for easy memorization. With web applications and mobile apps piling up, people can access these applications anytime and anywhere with various devices. This evolution brings great convenience but also increases the probability of exposing passwords to shoulder surfingattacks. Attackers can observe directly or use external recording devices to collect users’ credentials. To overcome this problem, we proposed a novel authentication system PassMatrix, based on graphical passwords to resist shoulder surfing attacks. With a one-time valid login indicator and circulative horizontal and vertical bars covering the entire scope of pass-images, PassMatrix offers no hint for attackers to figure out or narrow down the password even they conduct multiple camera-based attacks. We also implemented a PassMatrix prototype on Android and carried out real user experiments to evaluate its memorability and usability. From the experimental result, the proposed system achieves better resistance to shoulder surfing attacks while maintaining usability.
Reference :
-
- S. Sood, A. Sarje, and K. Singh, “Cryptanalysis of password authentication schemes: Current status and key issues,” in Methods and Models in Computer Science, 2009. ICM2CS 2009.Proceeding of International Conference on, Dec 2009, pp. 1–7.
- S. Gurav, L. Gawade, P. Rane, and N. Khochare, “Graphical password authentication: Cloud securing scheme,” in Electronic Systems, Signal Processing and Computing Technologies (ICESC), 2014 International Conference on, Jan 2014, pp. 479–483.
- K. Gilhooly, “Biometrics: Getting back to business,” Computerworld,May, vol. 9, 2005.
- R. Dhamija and A. Perrig, “Deja vu: A user study using images for authentication,” in Proceedings of the 9th conference on USENIX Security Symposium-Volume 9. USENIX Association, 2000, pp. 4–4.
- “Realuser,” http://www.realuser.com/.
- I. Jermyn, A. Mayer, F. Monrose, M. Reiter, and A. Rubin, “The design and analysis of graphical passwords,” in Proceedings of the 8th conference on USENIX Security Symposium-Volume 8. USENIX Association, 1999, pp. 1–1.
- S. Wiedenbeck, J. Waters, J. Birget, A. Brodskiy, and N. Memon, “Passpoints: Design and longitudinal evaluation of a graphical password system,” International Journal of Human-Computer Studies,vol. 63, no. 1-2, pp. 102–127, 2005.
- A. Paivio, T. Rogers, and P. Smythe, “Why are pictures easier to recall than words?” Psychonomic Science, 1968.
- D. Nelson, U. Reed, and J. Walling, “Picture superiority effect,”Journal of Experimental Psychology: Human Learning and Memory,vol. 3, pp. 485–497, 1977.
- S. Brostoff and M. Sasse, “Are passfaces more usable than passwords? a field trial investigation,” PEOPLE AND COMPUTERS,pp. 405–424, 2000.
- A. De Angeli, M. Coutts, L. Coventry, G. Johnson, D. Cameron,and M. Fischer, “Vip: a visual approach to user authentication,” in Proceedings of the Working Conference on Advanced Visual Interfaces.ACM, 2002, pp. 316–323.
- B. Ives, K. Walsh, and H. Schneider, “The domino effect of password reuse,” Communications of the ACM, vol. 47, no. 4, pp. 75–78,2004.
- J. Long and K. Mitnick, No Tech Hacking: A Guide to Social Engineering,Dumpster Diving, and Shoulder Surfing. Elsevier Science,2011.
- T. Kwon, S. Shin, and S. Na, “Covert attentional shoulder surfing:Human adversaries are more powerful than expected,” IEEETransactions on Systems, Man, and Cybernetics: Systems, vol. 44, no. 6,pp. 716–727, June 2014.
- “Google glass snoopers can steal your passcode with a glance,”http://www.wired.com/2014/06/google-glasssnoopers-cansteal-your-passcode-with-a-glance/
- M. Sasse, S. Brostoff, and D. Weirich, “Transforming the weakest linka human/computer interaction approach to usable and effective security,” BT technology journal, vol. 19, no. 3, pp. 122–131,2001.
- “Mobile marketing statistics compilation,” http://www.smartinsights.com/mobile marketing/mobilemarketing- analytics/mobile-marketingstatistics/.
- D. Hong, S. Man, B. Hawes, and M. Mathews, “A password scheme strongly resistant to spyware,” in Proceedings of International conference on security and management, 2004.
- D. Tan, P. Keyani, and M. Czerwinski, “Spyresistant keyboard: Towards more secure password entry on publicly observable touch screens,” in Proceedings of OZCHI-Computer-Human Interaction Special Interest Group (CHISIG) of Australia. Canberra, Australia:ACM Press. Citeseer, 2005.
- M. Kumar, T. Garfinkel, D. Boneh, and T. Winograd, “Reducing shoulder-surfing by using gazebased password entry,” in Proceedingsof the 3rd symposium on Usable privacy and security. ACM, 2007, pp. 13–19.