A NEW PASSWORD AUTHENTICATION SCHEME RESISTANT AGAINST SHOULDER SURFING ATTACK

Mohammed Abbas Fadhil Al-Husainy；Diaa Mohammed Uliyan

shoulder surfing attack ； textual password authentication ； information security

技術學刊

34卷1期（2019 / 03 / 01）

25 - 35

英文

Personal Identification Number (PIN) is one of the simplest ways for user authentication that is commonly used to protect user information through online information systems such as ATMs. PINs are vulnerable to several types of attacks. Usually, users tend to choose easy passwords or short passwords to make them easier to remember. However, this makes passwords vulnerable to multiple forms of attack, such as camera recording attacks and shoulder surfing attacks. This research presents a new textual password authentication technique that can be used as a competitive scheme to both traditional textual and graphical password schemes. In the proposed technique, a new 6 × 6 keyboard has been designed as an alternative to the traditional keyboard to be used by the user to enter password characters. The user does not need to press the keys that represent the password characters. The proposed technique was tested on a group of users and the recorded results of the experiments have been evaluated using a specific set of criteria. Based on the evaluation of the tests, the proposed technique succeeded to provide a more secure session for the user to enter the password. Moreover, the proposed technique helps to solve most of the defects, especially the shoulder surfing attack that exists in the authentication systems use textual or graphical passwords.

1. Al-Husainy, M. A. F.,Malih, R. A.(2015).Using Emoji Poctures to Strengthen The Immunity of Passwords Against Attackers.European Scientific Journal,11(30),153-165.
2. Alomar, N.,Alsaleh, M.,Alarifi, A.(2017).Someone in Your Contact List: Cued Recall-Based Textual Passwords.IEEE Transactions on Information Forensics and Security,12(11),2574-2589.
3. Bianchi, A.,Oakley, I.,Kostakos, V.,Kwon, D. S.(2011).The Phone Lock: Audio and Haptic ShoulderSurfing Resistant PIN Entry Methods for Mobile Devices.Proceedings of the fifth international conference on Tangible, embedded, and embodied interaction, Funchal, Madeira, Portugal, 22-26 Jan 2011,New York, USA:
4. Bianchi, A.,Oakley, I.,Kwon, D. S.(2010).The Secure Haptic Keypad: a Tactile Password System.Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, Atlanta, Georgia, USA, 10-15 Apr 2010,New York:
5. Biddle, R.,Chiasson, S.,Van Oorschot, P. C.(2012).Graphical Passwords: Learning from the First Twelve Years.ACM Computing Surveys (CSUR),44(4),1-25.
6. Gokhale, A. S.,Waghmare, V. S.(2016).The Shoulder Surfing Resistant Graphical Password Authentication Technique.Procedia Computer Science,79,490-498.
7. Ho, P. F.,Kam, Y. H.-S.,Wee, M. C.,Chong, Y. N.,Por, L. Y.(2014).Preventing Shoulder-Surfing Attack with the Concept of Concealing the Password Objects’ information.The Scientific World Journal,2014,838623.
8. Istyaq, S.,Agrawal, L.(2016).A New Technique For User Authentication Using Numeric One Time Password Scheme.International Journal of Advanced Trends in Computer Science and Engineering,4(5),163-165.
9. Kaur, R.,Kaur, A.(2015).Multi-Factor Graphical Password for Cloud Interface Authentication Security.International Journal of Computer Applications,125(7),32-35.
10. Khodadadi, T.,Islam, A. M.,Baharun, S.,Komaki, S.(2016).Evaluation of Recognition-Based Graphical Password Schemes in Terms of Usability and Security Attributes.International Journal of Electrical and Computer Engineering,6(6),2939-2948.
11. Kita, Y.,Sugai, F.,Park, M.,Okazaki, N.(2013).Proposal and Its Evaluation of A Shoulder-Surfing Attack Resistant Authentication Method: Secret Tap with Double Shift.International Journal of Cyber-Security and Digital Forensics,2(1),48-55.
12. Kumar, M.,Garfinkel, T.,Boneh, D.,Winograd, T.(2007).Reducing Shoulder-Surfing by Using Gaze-Based Password Entry.Proceedings of the 3rd symposium on Usable privacy and security, Pittsburgh, Pennsylvania, USA, 18-20 Jul 2007,New York, USA:
13. Kwon, T.,Hong, J.(2015).Analysis and Improvement of A Pin-Entry Method Resilient to Shoulder-Surfing and Recording Attacks.IEEE Transactions on Information Forensics and Security,10(2),278-292.
14. Kwon, T.,Shin, S.,Na, S.(2014).Covert Attentional Shoulder Surfing: Human Adversaries Are More Powerful Than Expected.IEEE Trans. Systems, Man, and Cybernetics: Systems,44(6),716-727.
15. Narayanan, A.,Shmatikov, V.(2005).Fast Dictionary Attacks on Passwords Using Time-Space Tradeoff.Proceedings of the 12th ACM conference on Computer and communications security, Alexandria, VA, USA, 7-11 Nov 2005,New York, USA:
16. Nurul, K. U.,Nugroho, L. E.,Adhipta, D.(2015).Shoulder Surfing Resistant Text Based Graphical Password Schemes Using Color.International Conference on Science, Technology and Humanity 2015
17. Rittenhouse, R. G.,Chaudry, J. A.,Lee, M.(2013).Security in Graphical Authentication.International Journal of Security and Its Applications,7(3),347-356.
18. Schaub, F.,Deyhle, R.,Weber, M.(2012).Password Entry Usability and Shoulder Surfing Susceptibility on Different Smartphone Platforms.Proceedings of the 11th international conference on mobile and ubiquitous multimedia, Ulm, Germary, 4-6 Dec 2012,New York, USA:
19. Sun, H. M.,Chen, S. T.,Yeh, J. H.,Cheng, C. Y.(2016).A Shoulder Surfing Resistant Graphical Authentication System.IEEE Transactions on Dependable and Secure Computing,15(2),180-193.
20. Suo, X.,Zhu, Y.,Owen, G. S.(2005).Graphical Passwords: A Survey.IEEE proceedings of 21st annual Computer security applications conference, Tucson, AZ, USA, 5-9 Dec 2005,Washington, DC:
21. Ur, B.,Kelley, P. G.,Komanduri, S.,Lee, J.,Maass, M.,Mazurek, M. L.,Passaro, T.(2012).How does your password measure up? The effect of strength meters on password creation.annual meeting for the USENIX Security Symposium,Bellevue:
22. Vachaspati, P.,Chakravarthy, A.,Avadhani, P.(2013).A Novel Soft Computing Authentication Scheme for Textual and Graphical Passwords.International Journal of Computer Applications,71(10),42-54.
23. Von Zezschwitz, E.,De Luca, A.,Hussmann, H.(2014).Honey, I Shrunk the Keys: Influences of Mobile Devices on Password Composition and Authentication Performance.Proceedings of the 8th nordic conference on human-computer interaction: fun, fast, foundational, Helsinki, Finland, 26-30 Oct 2014,New York, USA:
24. Weinshall, D.(2006).Cognitive Authentication Schemes Safe Against Spyware.IEEE Proceedings of Symposium on Security and Privacy, Berkeley/Oakland, CA, USA, 21-24 May 2006,Washington, DC:
25. Yeung, A. L. C.,Wai, B. L. W.,Fung, C. H.,Mughal, F.,Iranmanesh, V.(2015).Graphical Password: ShoulderSurfing Resistant Using Falsification.IEEE Proceedings of 2015 9th Malaysian Software Engineering Conference (MySEC), Kuala Lumpur, Malaysia, 16-17 Dec 2015,Washington, DC: