Multi-Color Technique and Session Key Method to Prevent Shoulder Surfing Attacks in Secure Transactions

To improve security of the various devices, the graphical password is memorable authentication method for authorization. But when a Personal Identification Number (PIN) entered as a numeric password in mobile or stationary systems, the Shoulder Surfing Attack (SSA) becomes great concern. To prevent SSA and to establish a secure transaction, The Multi color Technique and The Session key mechanism is proposed. In Multi color method, every numeric key is visually split into two halves and each half filled with two distinct colors simultaneously; So there exist four color groups on the numeric keypad and two colors for every numeric key. Session key mechanism constructed based on the basic layout of vertical array of digits from 0 to 9 with another array of ten familiar Symbols. This method make harder for a criminal to obtain PINs even if the iteration are fully observes the entire input of a PIN entry procedure. For Secure transaction, A One Way Hash is generated to Validated PIN and is sent to Server in public channel so that an active attacker cannot extract the PIN by monitoring the channel. Once Server Authenticated the PIN, Quick Response for the Mobile App will be redirect the user to the Services.

[1]  Heinrich Hußmann,et al.  Using fake cursors to secure on-screen password entry , 2013, CHI.

[2]  Robert Biddle,et al.  Graphical passwords: Learning from the first twelve years , 2012, CSUR.

[3]  Xiaolin Li,et al.  S3PAS: A Scalable Shoulder-Surfing Resistant Textual-Graphical Password Authentication Scheme , 2007, 21st International Conference on Advanced Information Networking and Applications Workshops (AINAW'07).

[4]  Ian Oakley,et al.  The secure haptic keypad: a tactile password system , 2010, CHI.

[5]  Wendy Moncur,et al.  Pictures at the ATM: exploring the usability of multiple graphical passwords , 2007, CHI.

[6]  Heinrich Hußmann,et al.  Making graphic-based authentication secure against smudge attacks , 2013, IUI '13.

[7]  Ian Oakley,et al.  Counting clicks and beeps: Exploring numerosity based haptic and audio PIN entry , 2012, Interact. Comput..

[8]  Robert H. Deng,et al.  Designing leakage-resilient password entry on touchscreen mobile devices , 2013, ASIA CCS '13.

[9]  Mun-Kyu Lee,et al.  Secure and user friendly PIN entry method , 2010, 2010 Digest of Technical Papers International Conference on Consumer Electronics (ICCE).

[10]  Mun-Kyu Lee,et al.  Security Notions and Advanced Method for Human Shoulder-Surfing Resistant PIN-Entry , 2014, IEEE Transactions on Information Forensics and Security.

[11]  Michael K. Reiter,et al.  On User Choice in Graphical Password Schemes , 2004, USENIX Security Symposium.

[12]  Tal Garfinkel,et al.  Reducing shoulder-surfing by using gaze-based password entry , 2007, SOUPS '07.

[13]  Heinrich Hußmann,et al.  ColorPIN: securing PIN entry through indirect input , 2010, CHI.

[14]  Susan Wiedenbeck,et al.  Design and evaluation of a shoulder-surfing resistant graphical password scheme , 2006, AVI '06.

[15]  Ian Oakley,et al.  The phone lock: audio and haptic shoulder-surfing resistant PIN entry methods for mobile devices , 2011, Tangible and Embedded Interaction.

[16]  Adam J. Aviv,et al.  Smudge Attacks on Smartphone Touch Screens , 2010, WOOT.

[17]  Desney S. Tan,et al.  Spy-resistant keyboard: more secure password entry on public touch screen displays , 2005, OZCHI.