Communications of the ACM
Human-computer cryptography: an attempt
CCS '96 Proceedings of the 3rd ACM conference on Computer and communications security
Password authentication with insecure communication
Communications of the ACM
A PIN-entry method resilient against shoulder surfing
Proceedings of the 11th ACM conference on Computer and communications security
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Cognitive Authentication Schemes Safe Against Spyware (Short Paper)
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Design and evaluation of a shoulder-surfing resistant graphical password scheme
Proceedings of the working conference on Advanced visual interfaces
Déjà Vu: a user study using images for authentication
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
The design and analysis of graphical passwords
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Cryptanalysis of a Cognitive Authentication Scheme (Extended Abstract)
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
One time passwords in everything (OPIE): experiences with building and using stronger authentication
SSYM'95 Proceedings of the 5th conference on USENIX UNIX Security Symposium - Volume 5
Reducing shoulder-surfing by using gaze-based password entry
Proceedings of the 3rd symposium on Usable privacy and security
On the Matsumoto and Imai's human identification scheme
EUROCRYPT'95 Proceedings of the 14th annual international conference on Theory and application of cryptographic techniques
Minimalist cryptography for low-cost RFID tags (extended abstract)
SCN'04 Proceedings of the 4th international conference on Security in Communication Networks
Authenticating pervasive devices with human protocols
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Parallel and concurrent security of the HB and HB+ protocols
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
On the security of a two-factor authentication scheme
WISTP'10 Proceedings of the 4th IFIP WG 11.2 international conference on Information Security Theory and Practices: security and Privacy of Pervasive Systems and Smart Devices
| Hi-index | 0.00 |
Passwords and PINs are still the most deployed authenticationmechanisms and their protection is a classical branch of research incomputer security. Several password schemes, as well as more sophisticatedtokens, algorithms, and protocols, have been proposed during thelast years. Some proposals require dedicated devices, such as biometricsensors, whereas, others of them have high computational requirements.Graphical passwords are a promising research branch, but implementationof many proposed schemes often requires considerable resources(e.g., data storage, high quality displays) making difficult their usage onsmall devices, like old fashioned ATM terminals, smart cards and manylow-price cellular phones. In this paper we present a graphical mechanism that handles authenticationby means of a numerical PIN, that users have to type on the basisof a secret sequence of objects and a graphical challenge. The proposedscheme can be instantiated in a way to require low computation capabilities,making it also suitable for small devices with limited resources.We prove that our scheme is effective against "shoulder surfing" attacks.