Abstract
Textual password is one of the most widely used authentication methods today. However, entering password in public is vulnerable to shoulder-surfing attacks. The attacker can observe or use the device to record the authentication session to obtain the password. Then the account is invaded and that will cause loss of data and property to the user. In this paper, we propose a new method MapPass for human shoulder-surfing resistant textual password entry by significantly increasing the limitation of cognitive ability of the attacker. Besides, we put forward the concept of attack alert, that is, the system can detect the failed shoulder-surfing attack and timely remind the user. We add this function to the method MapPass to improve the security of the method. Additionally, we analyze the security and usability of the proposed method.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Li, X., Zhu, Y., Wang, J.: Highly efficient privacy preserving location-based services with enhanced one-round blind filter. IEEE Trans. Emerg. Top. Comput. (2019). https://doi.org/10.1109/TETC.2019.2926385
Zhu, Y., Zhang, Y., Li, X., Yan, H., Li, J.: Improved collusion-resisting secure nearest neighbor query over encrypted data in cloud. Concurrency Comput. Pract. Exp. (2018). https://doi.org/10.1002/cpe.4681
Kwon, T., Hong, J.: Analysis and improvement of a pin-entry method resilient to shoulder-surfing and recording attacks. IEEE Trans. Inf. Forensics Secur. 10(2), 278–292 (2017)
Roth, V., Richter, K., Freidinger, R.: A pin-entry method resilient against shoulder surfing. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, CCS 2004, pp. 236–245. ACM, New York (2004)
Li, X., Zhu, Y., Wang, J., Zhang, J.: Efficient and secure multi-dimensional geometric range query over encrypted data in cloud. J. Parallel Distrib. Comput. 131, 44–54 (2019)
Li, X., Zhu, Y., Wang, J., Liu, Z., Liu, Y., Zhang, M.: On the soundness and security of privacy-preserving SVM for outsourcing data classification. IEEE Trans. Dependable Secure Comput. 15(5), 906–912 (2018)
Bai, X., Gu, W., Chellappan, S., Wang, X., Xuan, D., Ma, B.: PAS: predicate-based authentication services against powerful passive adversaries. In: 2008 Annual Computer Security Applications Conference (ACSAC), pp. 433–442 (2008)
Zhao, H., Li, X.: S3PAS: a scalable shoulder-surfing resistant textual-graphical password authentication scheme. In: 21st International Conference on Advanced Information Networking and Applications Workshops (AINAW 2007), vol. 2, pp. 467–472 (2007)
Matsumoto, T., Imai, H.: Human identification through insecure channel. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 409–421. Springer, Heidelberg (1991). https://doi.org/10.1007/3-540-46416-6_35
De Luca, A., von Zezschwitz, E., Hussmann, H.: VibraPass: secure authentication based on shared lies. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI 2009, pp. 913–916. ACM, New York (2009)
De Luca, A., von Zezschwitz, E., Pichler, L., Hussmann, H.: Using fake cursors to secure on-screen password entry. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI 2013, pp. 2399–2402. ACM, New York (2013)
Weinshall, D.: Cognitive authentication schemes safe against spyware. In: 2006 IEEE Symposium on Security and Privacy (S&P 2006), pp. 295–300 (2006)
Wiedenbeck, S., Waters, J., Sobrado, L., Birget, J.-C.: Design and evaluation of a shoulder-surfing resistant graphical password scheme. In: Proceedings of the Working Conference on Advanced Visual Interfaces, AVI 2006, pp. 177–184. ACM, New York (2006)
Sun, H., Chen, S., Yeh, J., Cheng, C.: A shoulder surfing resistant graphical authentication system. IEEE Trans. Dependable Secure Comput. 15(2), 180–193 (2018)
Lee, M.K.: Security notions and advanced method for human shoulder-surfing resistant pin-entry. IEEE Trans. Inf. Forensics Secur. 9(4), 695–708 (2017)
Bianchi, A., Oakley, I., Kostakos, V., Kwon, D.-S.: The phone lock: audio and haptic shoulder-surfing resistant pin entry methods for mobile devices, pp. 197–200 (2011)
Bianchi, A., Oakley, I., Dong, S.K.: Counting clicks and beeps: exploring numerosity based haptic and audio pin entry. Interact. Comput. 24(5), 409–422 (2012)
Perkovic, T., Cagalj, M., Rakic, N.: SSSL: shoulder surfing safe login. In: SoftCOM 2009–17th International Conference on Software, Telecommunications Computer Networks, pp. 270–275 (2009)
De Luca, A., Hertzschuch, K., Hussmann, H.: ColorPIN: securing pin entry through indirect input. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI 2010, pp. 1103–1106. ACM, New York (2010)
Khamis, M., Alt, F., Hassib, M., von Zezschwitz, E., Hasholzner, R., Bulling, A.: GazeTouchPass: multimodal authentication using gaze and touch on mobile devices. In: Proceedings of the 2016 CHI Conference Extended Abstracts on Human Factors in Computing Systems, CHI EA 2016, pp. 2156–2164. ACM, New York (2016)
Miller, G.A.: The magical number seven, plus or minus two: some limits on our capacity for processing information. Psychol. Rev. 63(2), 81–97 (1956)
Acknowledgments
This work is partly supported by the National Key Research and Development Program of China (No. 2017YFB0802300), and the Natural Science Foundation of China (No. 61602240).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Chen, S., Zhu, Y. (2019). A Textual Password Entry Method Resistant to Human Shoulder-Surfing Attack. In: Vaidya, J., Zhang, X., Li, J. (eds) Cyberspace Safety and Security. CSS 2019. Lecture Notes in Computer Science(), vol 11983. Springer, Cham. https://doi.org/10.1007/978-3-030-37352-8_36
Download citation
DOI: https://doi.org/10.1007/978-3-030-37352-8_36
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-37351-1
Online ISBN: 978-3-030-37352-8
eBook Packages: Computer ScienceComputer Science (R0)