A new shoulder-surfing resistant password for mobile environments

In mobile devices such as smart phones, it is important to provide adequate user authentication. Conventional text-based passwords have significant drawbacks though they are used as the most common authentication method. To address the vulnerabilities of traditional text-based passwords, graphical password schemes have been developed as possible alternative solutions. However, a potential drawback of graphical password schemes is that they are more vulnerable to shoulder-surfing than conventional text-based passwords. In this paper, we present a new shoulder-surfing resistant password. Our approach makes it difficult for attackers to observe a user's password by requiring the user to locate his or her password in the given password grid instead of entering the password (Figure 1). Security analysis for shoulder-surfing attacks shows that our password is robust against both random and shoulder-surfing attacks.

[1]  N. Sangeetha,et al.  AUTHENTICATING MOBILE DEVICE USERS THROUGH IMAGE SELECTION , 2013 .

[2]  Susan Wiedenbeck,et al.  Authentication Using Graphical Passwords: Basic Results , 2005 .

[3]  Tal Garfinkel,et al.  Reducing shoulder-surfing by using gaze-based password entry , 2007, SOUPS '07.

[4]  Markus G. Kuhn,et al.  Electromagnetic Eavesdropping Risks of Flat-Panel Displays , 2004, Privacy Enhancing Technologies.

[5]  Arie Yeredor,et al.  Dictionary attacks using keyboard acoustic emanations , 2006, CCS '06.

[6]  Tadayoshi Kohno,et al.  A comprehensive study of frequency, interference, and training of multiple graphical passwords , 2009, CHI.

[7]  Michael K. Reiter,et al.  The Design and Analysis of Graphical Passwords , 1999, USENIX Security Symposium.

[8]  W. Jansen,et al.  Authenticating Mobile Device UsersThrough Image Selection , 2004 .

[9]  T. Perkovic,et al.  SSSL: Shoulder Surfing Safe Login , 2009, SoftCOM 2009 - 17th International Conference on Software, Telecommunications & Computer Networks.

[10]  Jeff Yan,et al.  Do background images improve "draw a secret" graphical passwords? , 2007, CCS '07.

[11]  Arash Habibi Lashkari,et al.  Shoulder Surfing attack in graphical password authentication , 2009, ArXiv.

[12]  Bogdan Hoanca,et al.  incidence of , 2021 .

[13]  Volker Roth,et al.  A PIN-entry method resilient against shoulder surfing , 2004, CCS '04.

[14]  Ying Zhu,et al.  Graphical passwords: a survey , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[15]  Susan Wiedenbeck,et al.  Design and evaluation of a shoulder-surfing resistant graphical password scheme , 2006, AVI '06.