Secure Human Identification Protocols
ASIACRYPT '01 Proceedings of the 7th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
A PIN-entry method resilient against shoulder surfing
Proceedings of the 11th ACM conference on Computer and communications security
Cognitive Authentication Schemes Safe Against Spyware (Short Paper)
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Design and evaluation of a shoulder-surfing resistant graphical password scheme
Proceedings of the working conference on Advanced visual interfaces
Timing analysis of keystrokes and timing attacks on SSH
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Reducing shoulder-surfing by using gaze-based password entry
Proceedings of the 3rd symposium on Usable privacy and security
Undercover: authentication usable in front of prying eyes
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Can "Something You Know" Be Saved?
ISC '08 Proceedings of the 11th international conference on Information Security
PAS: Predicate-Based Authentication Services Against Powerful Passive Adversaries
ACSAC '08 Proceedings of the 2008 Annual Computer Security Applications Conference
Vibrapass: secure authentication based on shared lies
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Look into my eyes!: can you guess my password?
Proceedings of the 5th Symposium on Usable Privacy and Security
Multi-touch authentication on tabletops
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Human identification through insecure channel
EUROCRYPT'91 Proceedings of the 10th annual international conference on Theory and application of cryptographic techniques
Towards understanding ATM security: a field study of real world ATM use
Proceedings of the Sixth Symposium on Usable Privacy and Security
The phone lock: audio and haptic shoulder-surfing resistant PIN entry methods for mobile devices
Proceedings of the fifth international conference on Tangible, embedded, and embodied interaction
Obfuscating authentication through haptics, sound and light
CHI '11 Extended Abstracts on Human Factors in Computing Systems
The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes
SP '12 Proceedings of the 2012 IEEE Symposium on Security and Privacy
Graphical passwords: Learning from the first twelve years
ACM Computing Surveys (CSUR)
Correct horse battery staple: exploring the usability of system-assigned passphrases
Proceedings of the Eighth Symposium on Usable Privacy and Security
The most dangerous code in the world: validating SSL certificates in non-browser software
Proceedings of the 2012 ACM conference on Computer and communications security
| Hi-index | 0.00 |
Touchscreen mobile devices are becoming commodities as the wide adoption of pervasive computing. These devices allow users to access various services at anytime and anywhere. In order to prevent unauthorized access to these services, passwords have been pervasively used in user authentication. However, password-based authentication has intrinsic weakness in password leakage. This threat could be more serious on mobile devices, as mobile devices are widely used in public places. Most prior research on improving leakage resilience of password entry focuses on desktop computers, where specific restrictions on mobile devices such as small screen size are usually not addressed. Meanwhile, additional features of mobile devices such as touch screen are not utilized, as they are not available in the traditional settings with only physical keyboard and mouse. In this paper, we propose a user authentication scheme named CoverPad for password entry on touchscreen mobile devices. CoverPad improves leakage resilience by safely delivering hidden messages, which break the correlation between the underlying password and the interaction information observable to an adversary. It is also designed to retain most benefits of legacy passwords, which is critical to a scheme intended for practical use. The usability of CoverPad is evaluated with an extended user study which includes additional test conditions related to time pressure, distraction, and mental workload. These test conditions simulate common situations for a password entry scheme used on a daily basis, which have not been evaluated in the prior literature. The results of our user study show the impacts of these test conditions on user performance as well as the practicability of the proposed scheme.