An Improved Methodology towards Providing Immunity against Weak Shoulder Surfing Attack

In a conventional password based authentication system, an adversary can obtain login credentials by performing shoulder surfing. When such attacks are performed by human users with limited cognitive skills and without any recording device then it is referred as weak shoulder surfing attack. Existing methodologies that avoid such weak shoulder surfing attack, comprise of many rounds which may be the cause of fatigue to the general users. In this paper we have proposed a methodology known as Multi Color (MC) method which reduces the number of rounds in a session to half of previously proposed methodologies. Then using the predictive human performance modeling tool we have shown that proposed MC method is immune against weak shoulder surfing attack and also it improves the existing security level.

[1]  D. Bavelier,et al.  Neural bases of selective attention in action video game players , 2012, Vision Research.

[2]  Bahador Bahrami,et al.  Precision of working memory for visual motion sequences and transparent motion surfaces. , 2011, Journal of vision.

[3]  E. Courchesne,et al.  Attentional Activation of the Cerebellum Independent of Motor Involvement , 1997, Science.

[4]  David E. Kieras,et al.  The GOMS family of user interface analysis techniques: comparison and contrast , 1996, TCHI.

[5]  Felix C. Freiling,et al.  Learning More about the Underground Economy: A Case-Study of Keyloggers and Dropzones , 2009, ESORICS.

[6]  Samrat Mondal,et al.  SLASS: Secure Login against Shoulder Surfing , 2014, SNDS.

[7]  Bonnie E. John Extensions of GOMS analyses to expert performance requiring perception of dynamic visual and auditory information , 1990, CHI '90.

[8]  C. S. Green,et al.  Action video game modifies visual selective attention , 2003, Nature.

[9]  Xiaolin Li,et al.  S3PAS: A Scalable Shoulder-Surfing Resistant Textual-Graphical Password Authentication Scheme , 2007, 21st International Conference on Advanced Information Networking and Applications Workshops (AINAW'07).

[10]  Edward K. Vogel,et al.  The capacity of visual working memory for features and conjunctions , 1997, Nature.

[11]  Susan Wiedenbeck,et al.  Design and evaluation of a shoulder-surfing resistant graphical password scheme , 2006, AVI '06.

[12]  Taekyoung Kwon,et al.  Covert Attentional Shoulder Surfing: Human Adversaries Are More Powerful Than Expected , 2014, IEEE Transactions on Systems, Man, and Cybernetics: Systems.

[13]  Allen Newell,et al.  The psychology of human-computer interaction , 1983 .

[14]  Shumin Zhai,et al.  FFitts law: modeling finger touch with fitts' law , 2013, CHI.

[15]  M. Posner,et al.  Orienting of Attention* , 1980, The Quarterly journal of experimental psychology.

[16]  Timothy F. Brady,et al.  A review of visual memory capacity: Beyond individual items and toward structured representations. , 2011, Journal of vision.

[17]  David G. Lowe,et al.  Perceptual Organization and Visual Recognition , 2012 .

[18]  Samrat Mondal,et al.  Color Pass: An intelligent user interface to resist shoulder surfing attack , 2014, Proceedings of the 2014 IEEE Students' Technology Symposium.

[19]  Lei Shu,et al.  Recent Trends in Computer Networks and Distributed Systems Security , 2014, Communications in Computer and Information Science.

[20]  A. Treisman,et al.  Perceiving visually presented objets: recognition, awareness, and modularity , 1998, Current Opinion in Neurobiology.

[21]  John Millar Carroll HCI Models, Theories, and Frameworks: Toward a Multidisciplinary Science , 2003 .

[22]  John R. Anderson,et al.  ACT-R: A Theory of Higher Level Cognition and Its Relation to Visual Attention , 1997, Hum. Comput. Interact..

[23]  Yingjiu Li,et al.  On Limitations of Designing Usable Leakage-Resilient Password Systems: Attacks, Principles and Usability , 2012, NDSS 2012.

[24]  Peng Ning,et al.  Computer Security - ESORICS 2009, 14th European Symposium on Research in Computer Security, Saint-Malo, France, September 21-23, 2009. Proceedings , 2009, ESORICS.

[25]  Walter A. Rosenkrantz,et al.  Introduction to Probability and Statistics for Science, Engineering, and Finance , 2008 .

[26]  Volker Roth,et al.  A PIN-entry method resilient against shoulder surfing , 2004, CCS '04.

[27]  Bonnie E. John,et al.  CPM-GOMS: an analysis method for tasks with parallel activities , 1995, CHI '95.

[28]  Anson Rabinbach,et al.  The human motor : energy, fatigue, and the origins of modernity , 1992 .

[29]  Keith Rayner,et al.  On the Processing of Meaning from Parafoveal Vision During Eye Fixations in Reading , 2003 .