Abstract
Classical password based schemes are widely used because it provides fair security and yet easy to use. However, when used in a public domain it is vulnerable to shoulder surfing attack in which an attacker can record the entire login session and may get the user’s original password. To avoid such attack, we have proposed a methodology known as Secure Login Against Shoulder Surfing or SLASS which is based on a partially observable attack model where an attacker can partially observe the login session. In the proposed scheme, the attacker cannot see or hear the challenges thrown by the system but can only see the responses provided by the user. User remembers a password of five characters long consisting of alphabets only and the responses are provided by some directional keys. Experimental analysis show that our scheme is less error prone, easy to use and provides high security compared to some existing approaches.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Backes, M., Drmuth, M., Unruh, D.: Compromising reflections -or- how to read lcd monitors around the corner. In: Proceedings of the IEEE Symposium on Security and Privacy (SSP), Oakland, CA (May 2008)
Biddle, R., Chiasson, S., van Oorschot, P.: Graphical passwords: Learning from the first generation. technical report tr-09-09, school of computer science, carleton university (2009)
Blonder, G.E.: Graphical passwords. Lucent Technologies, Inc., Murray Hill, NJ, U. S. patent, ed. United States (June 1996)
Blum, L., Blum, M., Shub, M.: A simple unpredictable pseudo-random number generator. SIAM Journal on Computing 15(2), 364–383 (1986)
Herley, C., van Oorschot, P.C., Patrick, A.S.: Passwords: If we’re so smart, why are we still using them? In: Dingledine, R., Golle, P. (eds.) FC 2009. LNCS, vol. 5628, pp. 230–237. Springer, Heidelberg (2009)
Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and Other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)
Li, Z., Sun, Q., Lian, Y., Giusto, D.D.: An association-based graphical password design resistant to shoulder surfing attack. In: IEEE International Conference on Multimedia and Expo. (ICME) (2005)
Mahansaria, D., Shyam, S., Samuel, A., Teja, R.: A fast and secure software solution [ss7.0] that counters shoulder surfing attack. In: 13th IASTED International Conference Software Engineering and Applications, pp. 190–195 (2009)
Paivio, A.: Mind and its evaluation: A dual coding theoretical approach (2006)
Perkovic, T., Cagali, M., Rakic, N.: SSSL: Shoulder surfing safe login. In: Software Telecommunications and Computer Networks, pp. 270–275 (2009)
Roth, V., Ritcher, K., Freidinger, R.: A pin-entry method resilient against shoulder surfing. In: ACM Conf. Comput. Commun. Security, pp. 236–245 (2004)
Tao, H., Adams, C.: Pass-Go:A proposal to improve the usability of graphical passwords. International Journal of Network Security 7(2), 273–292 (2008)
Perković, T., Čagalj, M., Saxena, N.: Shoulder-surfing safe login in a partially observable attacker model. In: Sion, R. (ed.) FC 2010. LNCS, vol. 6052, pp. 351–358. Springer, Heidelberg (2010)
Wiedenbeck, S., Waters, J., Birget, J., Brodskiy, A., Memon, N.: Passpoints: Design and longitudinal evaluation of a graphical password system. Special Issue on HCI Research in Privacy and Security, International Journal of Human-Computer Studies (2005) (in press)
Wilfong, G.: Method and appartus for secure pin entry. US Patent No. 5,940,511. Lucent Technologies, Inc., Murray Hill, NJ, U. S. Patent, Ed. United States (1997)
Zhao, H., Li, X.: S3PAS: A scalable shoulder-surfing resistant textual-graphical password authentication scheme. In: 21st International Conference on Advanced Information Networking and Applications Workshops, pp. 467–472 (2007)
Zhou, Y., Feng, D.: Side-channel attacks: Ten years after its publication and the impacts on cryptographic module security testing (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Chakraborty, N., Mondal, S. (2014). SLASS: Secure Login against Shoulder Surfing. In: MartÃnez Pérez, G., Thampi, S.M., Ko, R., Shu, L. (eds) Recent Trends in Computer Networks and Distributed Systems Security. SNDS 2014. Communications in Computer and Information Science, vol 420. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-54525-2_31
Download citation
DOI: https://doi.org/10.1007/978-3-642-54525-2_31
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-54524-5
Online ISBN: 978-3-642-54525-2
eBook Packages: Computer ScienceComputer Science (R0)