Assessing the vulnerability of magnetic gestural authentication to video-based shoulder surfing attacks

Authors:
Alireza Sahami Shirazi;Peyman Moghadam;Hamed Ketabdar;Albrecht Schmidt
Affiliations:
University of Stuttgart, Stuttgart, Germany;Autonomous Systems Laboratory, CSIRO ICT Centre, Brisbane, Australia;Quality and Usability Lab, Deutsche Telekom Laboratories & TU Berlin, Berlin, Germany;University of Stuttgart, Stuttgart, Germany
Venue:
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Year:
2012

Citing 10
Cited 3

Password security: a case history

Communications of the ACM
A PIN-entry method resilient against shoulder surfing

Proceedings of the 11th ACM conference on Computer and communications security
A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords

SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Authenticating mobile phone users using keystroke analysis

International Journal of Information Security
Reducing shoulder-surfing by using gaze-based password entry

Proceedings of the 3rd symposium on Usable privacy and security
SideSight: multi-"touch" interaction around small devices

Proceedings of the 21st annual ACM symposium on User interface software and technology
HoverFlow: expanding the design space of around-device interaction

Proceedings of the 11th International Conference on Human-Computer Interaction with Mobile Devices and Services
Shoulder-surfing resistance with eye-gaze entry in cued-recall graphical passwords

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Gesture signature for ambient intelligence applications: a feasibility study

PERVASIVE'06 Proceedings of the 4th international conference on Pervasive Computing
Graphical passwords: Learning from the first twelve years

ACM Computing Surveys (CSUR)

Designing tangible magnetic appcessories

Proceedings of the 7th International Conference on Tangible, Embedded and Embodied Interaction
Exploring the design space of graphical passwords on smartphones

Proceedings of the Ninth Symposium on Usable Privacy and Security
MagGetz: customizable passive tangible controllers on and around conventional mobile devices

Proceedings of the 26th annual ACM symposium on User interface software and technology

Quantified Score

Hi-index	0.01

Visualization

Abstract

Secure user authentication on mobile phones is crucial, as they store highly sensitive information. Common approaches to authenticate a user on a mobile phone are based either on entering a PIN, a password, or drawing a pattern. However, these authentication methods are vulnerable to the shoulder surfing attack. The risk of this attack has increased since means for recording high-resolution videos are cheaply and widely accessible. If the attacker can videotape the authentication process, PINs, passwords, and patterns do not even provide the most basic level of security. In this project, we assessed the vulnerability of a magnetic gestural authentication method to the video-based shoulder surfing attack. We chose a scenario that is favourable to the attack-er. In a real world environment, we videotaped the interactions of four users performing magnetic signatures on a phone, in the presence of HD cameras from four different angles. We then recruited 22 participants and asked them to watch the videos and try to forge the signatures. The results revealed that with a certain threshold, i.e, th=1.67, none of the forging attacks was successful, whereas at this level all eligible login attempts were successfully recognized. The qualitative feedback also indicated that users found the magnetic gestural signature authentication method to be more secure than PIN-based and 2D signature methods.