论文信息 - Random Board: Password Authentication Method with Tolerance to Video-Recording Attacks

Random Board: Password Authentication Method with Tolerance to Video-Recording Attacks

The user authentication is widely used in the automatic teller machines (ATMs) and many Internet services. Recently, the crimes that ATM passwords are stolen using a small charge-coupled device (CCD) cameras have increased. In addition, in the mobile environment, there is a high risk of observation attacks that steal passwords, because many people possess devices such that camera-equipped mobile phones and miniature cameras. In this paper, we propose the authentication methods that are secure against the brute-force and video recording attacks. In the article, a video-recording attack is defined as an attacker's analysis of videos, in which a user's password entry operations are recorded once or twice, in order to obtain the user's password. We propose a basic method and an improved method. In the basic method, a user must provide the correct entry position of each password beforehand. On the other hand, in the improved method, a user does not need to provide any information beforehand, other than the password. The relative security of the two proposed methods is then evaluated.

Yutaka Hirakawa

[1] Xiaolin Li,et al. S3PAS: A Scalable Shoulder-Surfing Resistant Textual-Graphical Password Authentication Scheme , 2007, 21st International Conference on Advanced Information Networking and Applications Workshops (AINAW'07).

[2] Ying Zhu,et al. Graphical passwords: a survey , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[3] Roy Want,et al. Photographic Authentication through Untrusted Terminals , 2003, IEEE Pervasive Comput..

[4] J. Kase. Graphical Passwords , 2008 .

[5] Hideki Koike,et al. Awase-E: Image-Based Authentication for Mobile Phones Using User's Favorite Images , 2003, Mobile HCI.

[6] Wei-Chi Ku,et al. A Remote User Authentication Scheme Using Strong Graphical Passwords , 2005, LCN.

[7] Volker Roth,et al. A PIN-entry method resilient against shoulder surfing , 2004, CCS '04.

[8] Adrian Perrig,et al. This copyright notice must be included in the reproduced paper. USENIX acknowledges all trademarks herein. Déjà Vu: A User Study Using Images for Authentication , 2000 .