Three Steps Secure Login: A systematic approach

Generally, user authentication performs through user's Id and password. In this process, user id remains visible and password remains secret. But through shoulder surfing and other attacks, the password can also be traced due to exact password characters are typed or marked by users during login. To counter this vulnerability of tracing password, we propose a novel login method that does not reveal the user-id/password even if keylogging traces the typed keyboard's characters. We also do a security analysis to show that proposed mechanism is able to withstand a number of attacks and also mitigates some of the attacks. We also do a usability survey to show its feasibility among real-time users without compromising any security features.

[1]  LeeMun-Kyu Security Notions and Advanced Method for Human Shoulder-Surfing Resistant PIN-Entry , 2014 .

[2]  Raghav Babu Subramanian,et al.  SAFE: Shoulder-surfing attack filibustered with ease , 2013, 2013 43rd Annual IEEE/IFIP Conference on Dependable Systems and Networks Workshop (DSN-W).

[3]  Li Liu,et al.  A Virtual Password Scheme to Protect Passwords , 2008, 2008 IEEE International Conference on Communications.

[4]  Yang Xiao,et al.  Virtual password using random linear functions for on-line services, ATM machines, and pervasive computing , 2008, Comput. Commun..

[5]  J. Jeba Emilyn,et al.  Generating Session Password Using Text and Colorto Prevent Shoulder Surfing , 2012 .

[6]  Yang Xiao,et al.  Secret Little Functions and Codebook for Protecting Users from Password Theft , 2008, 2008 IEEE International Conference on Communications.

[7]  Mun-Kyu Lee,et al.  Security Notions and Advanced Method for Human Shoulder-Surfing Resistant PIN-Entry , 2014, IEEE Transactions on Information Forensics and Security.

[8]  B. Gladman,et al.  Security Engineering: a Guide to Building Dependable Distributed Systems Physical Tamper Resistance 14.1 Introduction , 2022 .

[9]  Amr M. Youssef,et al.  A rotary PIN entry scheme resilient to shoulder-surfing , 2009, 2009 International Conference for Internet Technology and Secured Transactions, (ICITST).

[10]  Shih-Kun Huang,et al.  Web application security assessment by fault injection and behavior monitoring , 2003, WWW '03.

[11]  Volker Roth,et al.  How to fend off shoulder surfing , 2006 .

[12]  A. Ant Ozok,et al.  A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords , 2006, SOUPS '06.

[13]  Muhammad Sharif,et al.  A Survey of Password Attacks and Comparative Analysis on Methods for Secure Authentication , 2012 .

[14]  Nitesh Saxena,et al.  Shoulder-Surfing Safe Login in a Partially Observable Attacker Model , 2010, Financial Cryptography.

[15]  William Stallings,et al.  Cryptography and Network Security: Principles and Practice , 1998 .

[16]  Gaurav Agarwal,et al.  Password based authentication: Philosophical survey , 2010, 2010 IEEE International Conference on Intelligent Computing and Intelligent Systems.

[17]  Samrat Mondal,et al.  Color Pass: An intelligent user interface to resist shoulder surfing attack , 2014, Proceedings of the 2014 IEEE Students' Technology Symposium.