A PIN-entry method resilient against shoulder surfing
Proceedings of the 11th ACM conference on Computer and communications security
PassPoints: design and longitudinal evaluation of a graphical password system
International Journal of Human-Computer Studies - Special isssue: HCI research in privacy and security is critical now
Keyboard acoustic emanations revisited
Proceedings of the 12th ACM conference on Computer and communications security
Cognitive Authentication Schemes Safe Against Spyware (Short Paper)
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Design and evaluation of a shoulder-surfing resistant graphical password scheme
Proceedings of the working conference on Advanced visual interfaces
S3PAS: A Scalable Shoulder-Surfing Resistant Textual-Graphical Password Authentication Scheme
AINAW '07 Proceedings of the 21st International Conference on Advanced Information Networking and Applications Workshops - Volume 02
Déjà Vu: a user study using images for authentication
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Cryptanalysis of a Cognitive Authentication Scheme (Extended Abstract)
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Undercover: authentication usable in front of prying eyes
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Compromising Reflections-or-How to Read LCD Monitors around the Corner
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
A new shoulder-surfing resistant password for mobile environments
Proceedings of the 5th International Conference on Ubiquitous Information Management and Communication
Hi-index | 0.00 |
Classical PIN-entry methods are vulnerable to a broad class of observation attacks (shoulder surfing, key-logging). A number of alternative PIN-entry methods that are based on human cognitive skills have been proposed. These methods can be classified into two classes regarding information available to a passive adversary: (i) the adversary fully observes the entire input and output of a PIN-entry procedure, and (ii) the adversary can only partially observe the input and/or output. In this paper we propose a novel PIN-entry scheme - Shoulder Surfing Safe Login (SSSL). SSSL is a challenge response protocol that allows a user to login securely in the presence of the adversary who can observe (via key-loggers, cameras) user input. This is accomplished by restricting the access to SSSL challenge values. Compared to existing solutions, SSSL is both user-friendly (not mentally demanding) and cost efficient. Our usability study reveals that the average login time with SSSL is around 8 sec in a 5-digit PIN scenario. We also show the importance of considering side-channel timing attacks in the context of authentication schemes based on human cognitive skills.