skip to main content
10.1145/2207676.2208352acmconferencesArticle/Chapter ViewAbstractPublication PageschiConference Proceedingsconference-collections
research-article

Assessing the vulnerability of magnetic gestural authentication to video-based shoulder surfing attacks

Published: 05 May 2012 Publication History

Abstract

Secure user authentication on mobile phones is crucial, as they store highly sensitive information. Common approaches to authenticate a user on a mobile phone are based either on entering a PIN, a password, or drawing a pattern. However, these authentication methods are vulnerable to the shoulder surfing attack. The risk of this attack has increased since means for recording high-resolution videos are cheaply and widely accessible. If the attacker can videotape the authentication process, PINs, passwords, and patterns do not even provide the most basic level of security. In this project, we assessed the vulnerability of a magnetic gestural authentication method to the video-based shoulder surfing attack. We chose a scenario that is favourable to the attack-er. In a real world environment, we videotaped the interactions of four users performing magnetic signatures on a phone, in the presence of HD cameras from four different angles. We then recruited 22 participants and asked them to watch the videos and try to forge the signatures. The results revealed that with a certain threshold, i.e, th=1.67, none of the forging attacks was successful, whereas at this level all eligible login attempts were successfully recognized. The qualitative feedback also indicated that users found the magnetic gestural signature authentication method to be more secure than PIN-based and 2D signature methods.

References

[1]
Biddle, R., Chiasson, S., van Oorschot, P.C. Graphical Passwords: Learning from the First Twelve Years. ACM Computing Surveys 2011
[2]
Butler, A., Izadi, S., Hodges, S. SideSight: multi"touch" interaction around small devices. Proc. of UIST'08, 201--204.
[3]
Clarke, N.L. Furnell, S.M. Authenticating mobile phone users using keystroke analysis. Int. J. Inf. Security'06.
[4]
DoD. Department of Defense Password Management Guideline. Washington, DC: National Computer Security Center, CSC-STD-002--85, 1985.
[5]
Farella, E., O'Modhrain, S., et. al. Gesture Signature for Ambient Intelligence Applications: A Feasibility Study. Proc. Of Pervasive Computing'06, 2006, 288--304.
[6]
Forget, A., Chiasson, S., and Biddle, R. Shouldersurfing resistance with eye-gaze entry in cued-recall graphical passwords. Proc. Of CHI'10, 1107--1110.
[7]
Hughes S. and O'Modhrain S. SHAKE - Sensor Hardware Accessory for Kinesthetic Expression. Proc. of Enactive'06, pages 155.
[8]
Ketabdar, H., Yüksel, K.A., Jahnbekam, A., Roshandel, M., and Skripko, D. MagiSign: User Identification/Authentication. Proc. Of UBICOMM'10.
[9]
Klein, D.V. Foiling the cracker: A survey of, and improvements to, password security. Proc. of the 2nd USENIX Security Workshop, (1990), 5--14.
[10]
Kratz, S.,Rohs, M. HoverFlow: expanding the design space of around-device interaction. Proc. Of MobileHCI'09, 4:1--4:8.
[11]
Kumar, M., Garfinkel, T., Boneh, D., and Winograd, T. Reducing shoulder-surfing by using gaze-based password entry. Proc. of SOUPS'07, 13--19.
[12]
Lin, C.L., Sun, H.M., and Hwang, T. Attacks and solutions on strong-password authentication. IEICE Transactions on Communications, 2001, 2622--2627.
[13]
Morris, R. and Thompson, K. Password security: a case history. Commun. ACM 22, 11 (1979), 594--597.
[14]
Qibin Sun, Zhi Li, Xudong Jiang, and Kot, A. An interactive and secure user authentication scheme for mobile devices. ISCAS'08, 2973--2976.
[15]
Roth, V., Richter, K., Freidinger, R. A PIN-entry method resilient against shoulder surfing. Proc.CCS'04, 236.
[16]
Takada, T. and Koike, H. Awase-E: Image-based authentication for mobile phones using user's favorite images. Proc. Of MobileHCI'03, 347--351.
[17]
Tari, F., Ozok, A.A., and Holden, S.H. A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords. Proc. SOUPS'06.
[18]
Ten Holt, G., et al.Multi-dimensional dynamic time warping for gesture recognition. Proc. of ASCI 2007.

Cited By

View all
  • (2024)Learning an Augmented RGB Representation for Dynamic Hand Gesture AuthenticationIEEE Transactions on Circuits and Systems for Video Technology10.1109/TCSVT.2024.339862434:10(9195-9208)Online publication date: Oct-2024
  • (2024)Hand Gesture Authentication by Discovering Fine-Grained Spatiotemporal Identity CharacteristicsIEEE Transactions on Circuits and Systems for Video Technology10.1109/TCSVT.2023.328646034:1(461-474)Online publication date: Jan-2024
  • (2024)An Intersection Attack on the CirclePIN Smartwatch Authentication MechanismIEEE Internet of Things Journal10.1109/JIOT.2023.333396411:7(12485-12494)Online publication date: 1-Apr-2024
  • Show More Cited By

Index Terms

  1. Assessing the vulnerability of magnetic gestural authentication to video-based shoulder surfing attacks

        Recommendations

        Comments

        Information & Contributors

        Information

        Published In

        cover image ACM Conferences
        CHI '12: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
        May 2012
        3276 pages
        ISBN:9781450310154
        DOI:10.1145/2207676
        Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

        Sponsors

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        Published: 05 May 2012

        Permissions

        Request permissions for this article.

        Check for updates

        Author Tags

        1. authentication
        2. magnet
        3. mobile phone
        4. signature

        Qualifiers

        • Research-article

        Conference

        CHI '12
        Sponsor:

        Acceptance Rates

        Overall Acceptance Rate 6,199 of 26,314 submissions, 24%

        Upcoming Conference

        CHI 2025
        ACM CHI Conference on Human Factors in Computing Systems
        April 26 - May 1, 2025
        Yokohama , Japan

        Contributors

        Other Metrics

        Bibliometrics & Citations

        Bibliometrics

        Article Metrics

        • Downloads (Last 12 months)16
        • Downloads (Last 6 weeks)4
        Reflects downloads up to 16 Feb 2025

        Other Metrics

        Citations

        Cited By

        View all
        • (2024)Learning an Augmented RGB Representation for Dynamic Hand Gesture AuthenticationIEEE Transactions on Circuits and Systems for Video Technology10.1109/TCSVT.2024.339862434:10(9195-9208)Online publication date: Oct-2024
        • (2024)Hand Gesture Authentication by Discovering Fine-Grained Spatiotemporal Identity CharacteristicsIEEE Transactions on Circuits and Systems for Video Technology10.1109/TCSVT.2023.328646034:1(461-474)Online publication date: Jan-2024
        • (2024)An Intersection Attack on the CirclePIN Smartwatch Authentication MechanismIEEE Internet of Things Journal10.1109/JIOT.2023.333396411:7(12485-12494)Online publication date: 1-Apr-2024
        • (2024)L3AM: Linear Adaptive Additive Angular Margin Loss for Video-Based Hand Gesture AuthenticationInternational Journal of Computer Vision10.1007/s11263-024-02068-wOnline publication date: 6-May-2024
        • (2023)Hand-in-Hand: Investigating Mechanical Tracking for User Identification in Cobot InteractionProceedings of the 22nd International Conference on Mobile and Ubiquitous Multimedia10.1145/3626705.3627771(1-9)Online publication date: 3-Dec-2023
        • (2023)GestureMeter: Design and Evaluation of a Gesture Password Strength MeterProceedings of the 2023 CHI Conference on Human Factors in Computing Systems10.1145/3544548.3581397(1-19)Online publication date: 19-Apr-2023
        • (2023)MagAuth: Secure and Usable Two-Factor Authentication With Magnetic Wrist WearablesIEEE Transactions on Mobile Computing10.1109/TMC.2021.307259822:1(311-327)Online publication date: 1-Jan-2023
        • (2023)Understanding Physiological and Behavioral Characteristics Separately for High-Performance Video-Based Hand Gesture AuthenticationIEEE Transactions on Instrumentation and Measurement10.1109/TIM.2023.328725472(1-13)Online publication date: 2023
        • (2023)Depthwise Temporal Non-Local Network for Faster and Better Dynamic Hand Gesture AuthenticationIEEE Transactions on Information Forensics and Security10.1109/TIFS.2023.325670818(1870-1883)Online publication date: 2023
        • (2023)MagBackdoor: Beware of Your Loudspeaker as A Backdoor For Magnetic Injection Attacks2023 IEEE Symposium on Security and Privacy (SP)10.1109/SP46215.2023.10179364(3416-3431)Online publication date: May-2023
        • Show More Cited By

        View Options

        Login options

        View options

        PDF

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader

        Figures

        Tables

        Media

        Share

        Share

        Share this Publication link

        Share on social media