The Coin Passcode: A Shoulder-Surfing Proof Graphical Password Authentication Model for Mobile Devices

Swiftness, simplicity, and security is crucial for mobile device authentication. Currently, most mobile devices are protected by a six pin numerical passcode authentication layer which is extremely vulnerable to Shoulder-Surfing attacks and Spyware attacks. This paper proposes a multi-elemental graphical password authentication model for mobile devices that are resistant to shoulder surfing attacks and spyware attacks. The proposed Coin Passcode model simplifies the complex user interface issues that previous graphical password models have, which work as a swift passcode security mechanism for mobile devices. The Coin Passcode model also has a high memorability rate compared to the existing numerical and alphanumerical passwords, as psychology studies suggest that human are better at remembering graphics than words. The results shows that the Coin Passcode is able to overcome the current shoulder-surfing and spyware attack vulnerability that existing mobile application numerical passcode authentication layers suffer from.

[1]  Mohd Zalisham Jali,et al.  ChoCD: Usable and Secure Graphical Password Authentication Scheme , 2017 .

[2]  E Smith,et al.  Jiminy: helping users to remember their passwords , 2001 .

[3]  Markus Jakobsson,et al.  Implicit Authentication through Learning User Behavior , 2010, ISC.

[4]  Mauro Conti,et al.  On the Effectiveness of Sensor-enhanced Keystroke Dynamics Against Statistical Attacks , 2016, CODASPY.

[5]  Hai Huang,et al.  You Are How You Touch: User Verification on Smartphones via Tapping Behaviors , 2014, 2014 IEEE 22nd International Conference on Network Protocols.

[6]  Xiaolin Li,et al.  S3PAS: A Scalable Shoulder-Surfing Resistant Textual-Graphical Password Authentication Scheme , 2007, 21st International Conference on Advanced Information Networking and Applications Workshops (AINAW'07).

[7]  Steven Furnell,et al.  Authenticating mobile phone users using keystroke analysis , 2006, International Journal of Information Security.

[8]  Christoph Busch,et al.  Unobtrusive User-Authentication on Mobile Phones Using Biometric Gait Recognition , 2010, 2010 Sixth International Conference on Intelligent Information Hiding and Multimedia Signal Processing.

[9]  Antonella De Angeli,et al.  Is a picture really worth a thousand words? Exploring the feasibility of graphical authentication systems , 2005, Int. J. Hum. Comput. Stud..

[10]  Heikki Ailisto,et al.  Identifying users of portable devices from gait pattern with accelerometers , 2005, Proceedings. (ICASSP '05). IEEE International Conference on Acoustics, Speech, and Signal Processing, 2005..

[11]  Heinrich Hußmann,et al.  Touch me once and i know it's you!: implicit authentication based on touch screen patterns , 2012, CHI.

[12]  Alexandre Gaudeul An Experimental Study of Memory. , 1921 .

[13]  Arjun Jaiswal,et al.  Graphical Password Authentication using Cued Click Points , 2014 .

[14]  Aishwarya Shetty,et al.  Graphical password authentication using Pass faces , 2015 .

[15]  Matthew Smith,et al.  Now you see me, now you don't: protecting smartphone authentication from shoulder surfers , 2014, CHI.

[16]  Adrian Perrig,et al.  This copyright notice must be included in the reproduced paper. USENIX acknowledges all trademarks herein. Déjà Vu: A User Study Using Images for Authentication , 2000 .

[17]  Ali Mohamed Eljetlawi,et al.  STUDY AND DEVELOP A NEW GRAPHICAL PASSWORD SYSTEM , 2008 .

[18]  Mauro Conti,et al.  Biometric Authentication Methods on Smartphones: A Survey , 2016, PsychNology J..

[19]  Mauro Conti,et al.  I Sensed It Was You: Authenticating Mobile Users with Sensor-Enhanced Keystroke Dynamics , 2014, DIMVA.