The knowledge complexity of interactive proof-systems
STOC '85 Proceedings of the seventeenth annual ACM symposium on Theory of computing
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Applied cryptography (2nd ed.): protocols, algorithms, and source code in C
Applied cryptography (2nd ed.): protocols, algorithms, and source code in C
A PIN-entry method resilient against shoulder surfing
Proceedings of the 11th ACM conference on Computer and communications security
Web browsing and spyware intrusion
Communications of the ACM - Spyware
Security and Usability
Keyboard acoustic emanations revisited
Proceedings of the 12th ACM conference on Computer and communications security
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Cognitive Authentication Schemes Safe Against Spyware (Short Paper)
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Design and evaluation of a shoulder-surfing resistant graphical password scheme
Proceedings of the working conference on Advanced visual interfaces
Pictures at the ATM: exploring the usability of multiple graphical passwords
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Déjà Vu: a user study using images for authentication
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Cryptanalysis of a Cognitive Authentication Scheme (Extended Abstract)
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Reducing shoulder-surfing by using gaze-based password entry
Proceedings of the 3rd symposium on Usable privacy and security
Use Your Illusion: secure authentication usable anywhere
Proceedings of the 4th symposium on Usable privacy and security
Vibrapass: secure authentication based on shared lies
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Guidelines for designing graphical authentication mechanism interfaces
International Journal of Information and Computer Security
Look into my eyes!: can you guess my password?
Proceedings of the 5th Symposium on Usable Privacy and Security
SSSL: shoulder surfing safe login
SoftCOM'09 Proceedings of the 17th international conference on Software, Telecommunications and Computer Networks
My phone is my keypad: privacy-enhanced PIN-entry on public terminals
OZCHI '09 Proceedings of the 21st Annual Conference of the Australian Computer-Human Interaction Special Interest Group: Design: Open 24/7
The secure haptic keypad: a tactile password system
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Multi-touch authentication on tabletops
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
ColorPIN: securing PIN entry through indirect input
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
The haptic wheel: design & evaluation of a tactile password system
CHI '10 Extended Abstracts on Human Factors in Computing Systems
Towards understanding ATM security: a field study of real world ATM use
Proceedings of the Sixth Symposium on Usable Privacy and Security
Authentication technologies for the blind or visually impaired
HotSec'09 Proceedings of the 4th USENIX conference on Hot topics in security
Spinlock: a single-cue haptic and audio PIN input technique for authentication
HAID'11 Proceedings of the 6th international conference on Haptic and audio interaction design
Breaking undercover: exploiting design flaws and nonuniform human behavior
Proceedings of the Seventh Symposium on Usable Privacy and Security
Shoulder-Surfing safe login in a partially observable attacker model
FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security
Counting clicks and beeps: Exploring numerosity based haptic and audio PIN entry
Interacting with Computers
Password entry usability and shoulder surfing susceptibility on different smartphone platforms
Proceedings of the 11th International Conference on Mobile and Ubiquitous Multimedia
WYSWYE: shoulder surfing defense for recognition based graphical passwords
Proceedings of the 24th Australian Computer-Human Interaction Conference
Using fake cursors to secure on-screen password entry
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Designing leakage-resilient password entry on touchscreen mobile devices
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
Exploring the design space of graphical passwords on smartphones
Proceedings of the Ninth Symposium on Usable Privacy and Security
| Hi-index | 0.01 |
A number of recent scams and security attacks (phishing, spyware, fake terminals, ...) hinge on a crook's ability to observe user behavior. In this paper, we describe the design, implementation, and evaluation of a novel class of user authentication systems that are resilient to observation attacks. Our proposal is the first to rely on the human ability to simultaneously process multiple sensory inputs to authenticate, and is resilient to most observation attacks. We build a prototype based on user feedback gained through low fidelity tests. We conduct a within-subjects usability study of the prototype with 38 participants, which we complement with a security analysis. Our results show that users can authenticate within times comparable to that of graphical password schemes, with relatively low error rates, while being considerably better protected against observation attacks. Our design and evaluation process allows us to outline design principles for observation-resilient authentication systems.