Skip to main content
SpringerLink
Log in

A Textual Password Entry Method Resistant to Human Shoulder-Surfing Attack

  • Conference paper
  • First Online:
Cyberspace Safety and Security (CSS 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11983))

Included in the following conference series:

Abstract

Textual password is one of the most widely used authentication methods today. However, entering password in public is vulnerable to shoulder-surfing attacks. The attacker can observe or use the device to record the authentication session to obtain the password. Then the account is invaded and that will cause loss of data and property to the user. In this paper, we propose a new method MapPass for human shoulder-surfing resistant textual password entry by significantly increasing the limitation of cognitive ability of the attacker. Besides, we put forward the concept of attack alert, that is, the system can detect the failed shoulder-surfing attack and timely remind the user. We add this function to the method MapPass to improve the security of the method. Additionally, we analyze the security and usability of the proposed method.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Li, X., Zhu, Y., Wang, J.: Highly efficient privacy preserving location-based services with enhanced one-round blind filter. IEEE Trans. Emerg. Top. Comput. (2019). https://doi.org/10.1109/TETC.2019.2926385

    Article  Google Scholar 

  2. Zhu, Y., Zhang, Y., Li, X., Yan, H., Li, J.: Improved collusion-resisting secure nearest neighbor query over encrypted data in cloud. Concurrency Comput. Pract. Exp. (2018). https://doi.org/10.1002/cpe.4681

    Article  Google Scholar 

  3. Kwon, T., Hong, J.: Analysis and improvement of a pin-entry method resilient to shoulder-surfing and recording attacks. IEEE Trans. Inf. Forensics Secur. 10(2), 278–292 (2017)

    Article  Google Scholar 

  4. Roth, V., Richter, K., Freidinger, R.: A pin-entry method resilient against shoulder surfing. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, CCS 2004, pp. 236–245. ACM, New York (2004)

    Google Scholar 

  5. Li, X., Zhu, Y., Wang, J., Zhang, J.: Efficient and secure multi-dimensional geometric range query over encrypted data in cloud. J. Parallel Distrib. Comput. 131, 44–54 (2019)

    Article  Google Scholar 

  6. Li, X., Zhu, Y., Wang, J., Liu, Z., Liu, Y., Zhang, M.: On the soundness and security of privacy-preserving SVM for outsourcing data classification. IEEE Trans. Dependable Secure Comput. 15(5), 906–912 (2018)

    Article  Google Scholar 

  7. Bai, X., Gu, W., Chellappan, S., Wang, X., Xuan, D., Ma, B.: PAS: predicate-based authentication services against powerful passive adversaries. In: 2008 Annual Computer Security Applications Conference (ACSAC), pp. 433–442 (2008)

    Google Scholar 

  8. Zhao, H., Li, X.: S3PAS: a scalable shoulder-surfing resistant textual-graphical password authentication scheme. In: 21st International Conference on Advanced Information Networking and Applications Workshops (AINAW 2007), vol. 2, pp. 467–472 (2007)

    Google Scholar 

  9. Matsumoto, T., Imai, H.: Human identification through insecure channel. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 409–421. Springer, Heidelberg (1991). https://doi.org/10.1007/3-540-46416-6_35

    Chapter  Google Scholar 

  10. De Luca, A., von Zezschwitz, E., Hussmann, H.: VibraPass: secure authentication based on shared lies. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI 2009, pp. 913–916. ACM, New York (2009)

    Google Scholar 

  11. De Luca, A., von Zezschwitz, E., Pichler, L., Hussmann, H.: Using fake cursors to secure on-screen password entry. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI 2013, pp. 2399–2402. ACM, New York (2013)

    Google Scholar 

  12. Weinshall, D.: Cognitive authentication schemes safe against spyware. In: 2006 IEEE Symposium on Security and Privacy (S&P 2006), pp. 295–300 (2006)

    Google Scholar 

  13. Wiedenbeck, S., Waters, J., Sobrado, L., Birget, J.-C.: Design and evaluation of a shoulder-surfing resistant graphical password scheme. In: Proceedings of the Working Conference on Advanced Visual Interfaces, AVI 2006, pp. 177–184. ACM, New York (2006)

    Google Scholar 

  14. Sun, H., Chen, S., Yeh, J., Cheng, C.: A shoulder surfing resistant graphical authentication system. IEEE Trans. Dependable Secure Comput. 15(2), 180–193 (2018)

    Article  Google Scholar 

  15. Lee, M.K.: Security notions and advanced method for human shoulder-surfing resistant pin-entry. IEEE Trans. Inf. Forensics Secur. 9(4), 695–708 (2017)

    Article  Google Scholar 

  16. Bianchi, A., Oakley, I., Kostakos, V., Kwon, D.-S.: The phone lock: audio and haptic shoulder-surfing resistant pin entry methods for mobile devices, pp. 197–200 (2011)

    Google Scholar 

  17. Bianchi, A., Oakley, I., Dong, S.K.: Counting clicks and beeps: exploring numerosity based haptic and audio pin entry. Interact. Comput. 24(5), 409–422 (2012)

    Article  Google Scholar 

  18. Perkovic, T., Cagalj, M., Rakic, N.: SSSL: shoulder surfing safe login. In: SoftCOM 2009–17th International Conference on Software, Telecommunications Computer Networks, pp. 270–275 (2009)

    Google Scholar 

  19. De Luca, A., Hertzschuch, K., Hussmann, H.: ColorPIN: securing pin entry through indirect input. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI 2010, pp. 1103–1106. ACM, New York (2010)

    Google Scholar 

  20. Khamis, M., Alt, F., Hassib, M., von Zezschwitz, E., Hasholzner, R., Bulling, A.: GazeTouchPass: multimodal authentication using gaze and touch on mobile devices. In: Proceedings of the 2016 CHI Conference Extended Abstracts on Human Factors in Computing Systems, CHI EA 2016, pp. 2156–2164. ACM, New York (2016)

    Google Scholar 

  21. Miller, G.A.: The magical number seven, plus or minus two: some limits on our capacity for processing information. Psychol. Rev. 63(2), 81–97 (1956)

    Article  Google Scholar 

Download references

Acknowledgments

This work is partly supported by the National Key Research and Development Program of China (No. 2017YFB0802300), and the Natural Science Foundation of China (No. 61602240).

Author information

Authors and Affiliations

  1. College of Computer Science and Technology, Nanjing University of Aeronautics and Astronautics, Nanjing, 211106, China

    Shudi Chen & Youwen Zhu

  2. Collaborative Innovation Center of Novel Software Technology and Industrialization, Nanjing, 210023, China

    Youwen Zhu

Authors
  1. Shudi Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Youwen Zhu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Youwen Zhu .

Editor information

Editors and Affiliations

  1. Rutgers University, Newark, NJ, USA

    Jaideep Vaidya

  2. Beihang University, Beijing, China

    Xiao Zhang

  3. Guangzhou University, Guangzhou, China

    Jin Li

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Chen, S., Zhu, Y. (2019). A Textual Password Entry Method Resistant to Human Shoulder-Surfing Attack. In: Vaidya, J., Zhang, X., Li, J. (eds) Cyberspace Safety and Security. CSS 2019. Lecture Notes in Computer Science(), vol 11983. Springer, Cham. https://doi.org/10.1007/978-3-030-37352-8_36

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-37352-8_36

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-37351-1

  • Online ISBN: 978-3-030-37352-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation