Abstract
This paper presents evaluation of a series of secure PIN/password input methods named Secure Pad. When a PIN or password is input to a smartphone, tablet, banking terminal, etc., the risk of the PIN or the password being peeped and stolen by other persons arises, which is called shoulder hacking or shoulder surfing. To decrease the risk, we have proposed a method that erases key-top labels, moves them smoothly and simultaneously, and lets the user touch the target key after they stopped. The user only needs to trace a single key, but peepers have to trace the movements of all the keys at the same time. Secure Pad does not have the highest security, but it is easy to use and does not require any changes to the server side. This paper presents detailed evaluation of Secure Pad and demonstrates that it has high resistance to shoulder hacking while providing satisfactory usability without large input errors.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Kobayashi, K., Oguni, T., Nakagawa, M.: PIN code/password input method resilient to shoulder hacking using difficulty of tracing multiple button movements. In: Proceedings of the Computer Security Symposium 2017, pp. 728–733 (2017). (in Japanese)
Kobayashi, K., Oguni, T., Nakagawa, M.: Usability improvement of an anti-shoulder-hacking PIN code/password input method exploiting tracing difficulty of multiple button movements. In: Proceedings of the IPSJ Interaction 2018, pp. 565–568 (2018)
Willeby, G.T.: Secure key entry using a graphical user interface. U.S. Patent Application No. US 20020188872 A1 (2002)
Tanaka, S., Takahashi, S.: 暗証番号入力装置及び暗唱番号入力方法. Japanese Patent Application No. 2002-134808 (2002). (in Japanese)
Makida, K.: パスワード入力装置及びパスワード入力方法. Japanese Patent Application No. 2005-340699 (2005). (in Japanese)
Kakinuma, Y., Maruyama, K.: Color distance based authentication smartphone lock screens. In: Proceedings of the 76th National Convention of IPSJ, vol. 1, pp. 121–122 (2014). (in Japanese)
Sakurai, S., Takahashi, W.: Authentication methods for mobile phones. IPSJ SIG Technical reports, No. 122 (CSEC-19), pp. 49–54 (2002). (in Japanese)
KyuChoul, A., Ha, Y.A.: Password security input system using shift value of password key and password security input method thereof. U.S. Patent Application No. US 20130047237 A1 (2013)
Takada, T.: フェイクポインタによる暗証番号入力装置及び暗唱番号入力方法. Japanese Patent Application No. 2007-175073 (2007). (in Japanese)
Takada, T.: fakePointer: a user authentication scheme that makes peeping attack with a video camera hard. Trans. IPS. Japan 49(9), 3051–3061 (2008)
Kita, Y., Sugai, F., Park, M., Okazaki, N.: Proposal and its evaluation of a shoulder-surfing attack resistant authentication method: secret tap with double shift. Int. J. Cyber Secur. Digit. Forensics 2(1), 48–55 (2013)
Watanabe, K., Higuchi, F., Inami, M., Igarashi, T.: CursorCamouflage: multipledummy cursors as a defense against shoulder surfing. In: SIGGRAPH ASIA 2012 Emerging Technologies (2012). https://doi.org/10.1145/2407707.2407713
Luca, D.A., von Zezschwitz, E., Pichler, L., Husmann, H.: Using fake cursors to secure on-screen password entry. In: Proceedings of the CHI 2013, Paris, France, pp. 2390–2402 (2013). https://doi.org/10.1145/2470654.2481331
Matsumoto, T., Imai, H.: Human identification through insecure channel. In: Davies, Donald W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 409–421. Springer, Heidelberg (1991). https://doi.org/10.1007/3-540-46416-6_35
Li, X.-Y., Teng, S.-H.: Practical human-machine identification over insecure channels. J. Comb. Optim. 3(4), 347–361 (1999). https://doi.org/10.1023/A:1009894418895
Hopper, Nicholas J., Blum, M.: Secure human identification protocols. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 52–66. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45682-1_4
Jain, A., Hong, L., Pankanti, S.: Biometric identification. Commun. ACM 43(2), 90–98 (2000). https://doi.org/10.1145/328236.328110
Sakano, S.: Astate of the art of biometric authentication technology. Japan. J. Forensic Sci. Technol. 12(1), 1–12 (2007). https://doi.org/10.3408/jafst.12.1. (in Japanese)
Roth, V., Richard, K., Freidinger, R.: A pin-entry method resilient against shoulder surfing. In: Proceedings of the 11th ACM Conference on Computer and Communication Security, Washington DC, USA, pp. 236–245 (2004). https://doi.org/10.1145/1030083.1030116
Tan, S.D., Keyani, P., Czerwinski, M.: Spy-resistant keyboard: More secure password entry on public touch screen displays. In: Proceedings of the OZCHI 2005, Canberra, Australia, pp. 1–10 (2005)
Intriligator, J., Cavanagh, P.: The spatial resolution of visual attention. Cogn. Psychol. 43, 171–216 (2001). https://doi.org/10.1006/cogp.2001.0755
Pylyshyn, W.Z., Storm, W.R.: Tracking multiple independent targets: evidence for a parallel tracking mechanism. Spat. Vis. 3, 179–197 (1998). https://doi.org/10.1163/156856888X00122
Acknowledgements
This work is partially supported by JSPS KAKENHI (A) 19H01117 and (S) 18H05221. We would like to thank all of the people who joined the evaluation experiment.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Kobayashi, K., Oguni, T., Nakagawa, M. (2020). Evaluation of Secure Pad Resilient to Shoulder Hacking. In: Moallem, A. (eds) HCI for Cybersecurity, Privacy and Trust. HCII 2020. Lecture Notes in Computer Science(), vol 12210. Springer, Cham. https://doi.org/10.1007/978-3-030-50309-3_37
Download citation
DOI: https://doi.org/10.1007/978-3-030-50309-3_37
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-50308-6
Online ISBN: 978-3-030-50309-3
eBook Packages: Computer ScienceComputer Science (R0)