Tag Digit Based Honeypot to Detect Shoulder Surfing Attack | SpringerLink
Skip to main content
Springer Nature Link
Log in

Tag Digit Based Honeypot to Detect Shoulder Surfing Attack

  • Conference paper
Security in Computing and Communications (SSCC 2014)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 467))

Included in the following conference series:

Abstract

Traditional password based authentication scheme is vulnerable to shoulder surfing attack. So if an attacker sees a legitimate user to enter password then it is possible for the attacker to use that credentials later to illegally login into the system and may do some malicious activities. Many methodologies exist to prevent such attack. These methods are either partially observable or fully observable to the attacker. In this paper we have focused on detection of shoulder surfing attack rather than prevention. We have introduced the concept of tag digit to create a trap known as honeypot. Using the proposed methodology if the shoulder surfers try to login using others’ credentials then there is a high chance that they will be caught red handed. Comparative analysis shows that unlike the existing preventive schemes, the proposed methodology does not require much computation from users end. Thus from security and usability perspective the proposed scheme is quite robust and powerful.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
¥17,985 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
JPY 3498
Price includes VAT (Japan)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
JPY 5719
Price includes VAT (Japan)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
JPY 7149
Price includes VAT (Japan)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Banking- Personal Identification Number (PIN) Management and Security - Part 1: Basic Principles and Requirements for Online PIN Handling in ATM and POS Systems, Clause 5.4 Packaging Considerations, ISO 9564-1:2002 (2002)

    Google Scholar 

  2. Bojinov, H., Bursztein, E., Boyen, X., Boneh, D.: Kamouflage: Loss-resistant password management. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 286–302. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  3. Chakraborty, N., Mondal, S.: Color Pass: An intelligent user interface to resist shoulder surfing attack. In: 2014 IEEE Students’ Technology Symposium (TechSym), pp. 13–18 (2014)

    Google Scholar 

  4. Chakraborty, N., Mondal, S.: SLASS: Secure login against shoulder surfing. In: Martínez Pérez, G., Thampi, S.M., Ko, R., Shu, L. (eds.) SNDS 2014. CCIS, vol. 420, pp. 346–357. Springer, Heidelberg (2014)

    Chapter  Google Scholar 

  5. Gardiner, S.: $217,000 ‘Skimmed’ from ATMs. The Wall Street Journal (June 2010)

    Google Scholar 

  6. Genc, Z.A., Kardas, S., Kiraz, M.S.: Examination of a new defense mechanism: Honeywords. IACR Cryptology ePrint Archive 2013, 696 (2013)

    Google Scholar 

  7. Hopper, N.J., Blum, M.: Secure human identification protocols. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 52–66. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  8. Juels, A., and Ristenpart, T. Honey encryption: Security beyond the brute-force bound. IACR Cryptology ePrint Archive 2014, 155 (2014)

    Google Scholar 

  9. Juels, A., Rivest, R.L.: Honeywords: making password-cracking detectable. In: ACM Conference on Computer and Communications Security, pp. 145–160 (2013)

    Google Scholar 

  10. Kocher, P.C.: Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)

    Google Scholar 

  11. Kwon, T., Shin, S., Na, S.: Covert attentional shoulder surfing: Human adversaries are more powerful than expected. IEEE T. Systems, Man, and Cybernetics: Systems 44(6), 716–727 (2014)

    Article  Google Scholar 

  12. Mahansaria, D., Shyam, S., Samuel, A., Teja, R.: A fast and secure software solution [ss7.0] that counters shoulder surfing attack. In: 13th International Conference on Software Engineering and Application, pp. 190–195 (2009)

    Google Scholar 

  13. Skynews. ATM ‘shoulder surfing’ card fraud on rise (June 2013), http://news.sky.com/story/1100203/atm-shoulder-surfing-card-fraud-on-rise

  14. Perković, T., Čagalj, M., Saxena, N.: Shoulder-surfing safe login in a partially observable attacker model. In: Sion, R. (ed.) FC 2010. LNCS, vol. 6052, pp. 351–358. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  15. Roth, V., Richter, K., Freidinger, R.: A PIN-entry method resilient against shoulder surfing. In: ACM Conference Computer Communication Security, pp. 236–245 (2004)

    Google Scholar 

  16. Wilfong, G.: Method and appartus for secure pin entry. Lucent Technologies, Inc., Murray Hill, NJ, U. S. Patent, ed. United States (1999)

    Google Scholar 

  17. Zhao, H., Li, X.: S3PAS: A scalable shoulder-surfing resistant textual-graphical password authentication scheme. In: 21st International Conference on Advanced Information Networking and Applications Workshops, pp. 467–472 (2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Science and Engineering Department, Indian Institute of Technology Patna, Patna, 800013, Bihar, India

    Nilesh Chakraborty & Samrat Mondal

Authors
  1. Nilesh Chakraborty
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Samrat Mondal
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Integrated Management Coastal Research Institute (IGIC), Universitat Politècnica de València, Grao de Gandia, 46033, Vaencia, Spain

    Jaime Lloret Mauri

  2. Indian Institute of Information Technology and Management, Technopark Campus, 695581, Trivandrum, Kerala, India

    Sabu M. Thampi

  3. Department of Electrical Engineering, Georgia Southern University, 8045, 30460, Statesboro, Georgia, USA

    Danda B. Rawat

  4. Chrysler Group LLC, 48326, Auburn Hills, MI, USA

    Di Jin

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Chakraborty, N., Mondal, S. (2014). Tag Digit Based Honeypot to Detect Shoulder Surfing Attack. In: Mauri, J.L., Thampi, S.M., Rawat, D.B., Jin, D. (eds) Security in Computing and Communications. SSCC 2014. Communications in Computer and Information Science, vol 467. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-44966-0_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-44966-0_10

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-662-44965-3

  • Online ISBN: 978-3-662-44966-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation