Abstract
Text-based passwords are unable to prevent shoulder-surfing attacks. In this paper, a new authentication mechanism was introduced to send out misleading information to attackers when the former entered its text-based passwords; the latter was unable to decipher the true passwords by simply recording or looking at them. The misleading information was the pressure values (i.e., pressures exerted by the users) measured by pressure sensors embedded under the smartphone touchscreens. The systems detected each pressure value entered by the users and determined whether it was to be saved (i.e., as a true password) or omitted (i.e., as misleading information). Regarding this authentication method, because attackers were unable to know the users’ pressure values, they were unable to differentiate between true and misleading information and thus had no way of knowing the users’ actual passwords. In the end, our authentication mechanism improved the deficiency of current text-based passwords and enhanced system security.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Bianchi, A., Oakley, I., Kostakos, V., Kwon, D.S.: The phone lock: audio and haptic shoulder-surfing resistant PIN entry methods for mobile devices. In: Proceedings of the Fifth International Conference on Tangible, Embedded, and Embodied Interaction, pp. 197–200 (2011)
Chakraborty, N., Mondal, S.: SLASS: secure login against shoulder surfing. In: Recent Trends in Computer Networks and Distributed Systems Security, pp. 346–357 (2014)
Chen, Y.L., Ku, W.C., Yeh, Y.C., Liao, D.M.: A simple text-based shoulder surfing resistant graphical password scheme. In: Proceedings of the 2013 IEEE International Symposium on Next-Generation Electronics (ISNE), pp. 161–164 (2013)
Kim, S.H., Kim, J.W., Kim, S.Y., Cho, H.G.: A new shoulder-surfing resistant password for mobile environments. In: Proceedings of the 5th International Conference on Ubiquitous Information Management and Communication, Article no. 27 (2011)
Lee, M.K.: Security notions and advanced method for human shoulder-surfing resistant pin-entry. IEEE Trans. Inf. Forensics Secur. 9(4), 695–708 (2014)
Lei, M., Xiao, Y., Vrbsky, S.V., Li, C.C., Liu, L.: A virtual password scheme to protect passwords. In: Proceedings of the IEEE International Conference on Communications (ICC 2008), pp. 1536–1540 (2008)
Perkovi, T., agalj, M., Raki, N: SSSL: shoulder surfing safe login. In: Profeedings of the 17th International Conference on Software, Telecommunications and Computer Networks (SoftCOM 2009), pp. 270–275 (2009)
Rajarajan, S., Maheswari, K., Hemapriya, R., Sriharilakshmi, S.: Shoulder surfing resistant virtual keyboard for internet banking. World Appl. Sci. J. 31(7), 1297–1304 (2014)
Yi, H., Piao, Y., Yi, J.H.: Touch logger resistant mobile authentication scheme using multimodal sensors. In: Jeong, H.Y., Obaidat, M.S., Yen, N.Y., Park, J.J. (eds.) Advances in Computer Science and its Applications. LNEE, pp. 19–26. Springer, Heidelberg (2014)
Acknowledgements
This research was supported by the Ministry of Science and Technology, Taiwan under grant no. MOST 104-2221-E-103-009 and MOST 105-2221-E-130-005.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Luo, JN., Yang, MH., Tsai, CL. (2016). A Mobile Device-Based Antishoulder-Surfing Identity Authentication Mechanism. In: Chen, J., Piuri, V., Su, C., Yung, M. (eds) Network and System Security. NSS 2016. Lecture Notes in Computer Science(), vol 9955. Springer, Cham. https://doi.org/10.1007/978-3-319-46298-1_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-46298-1_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-46297-4
Online ISBN: 978-3-319-46298-1
eBook Packages: Computer ScienceComputer Science (R0)