An Improved Methodology towards Providing Immunity against Weak Shoulder Surfing Attack | SpringerLink
Skip to main content
Springer Nature Link
Log in

An Improved Methodology towards Providing Immunity against Weak Shoulder Surfing Attack

  • Conference paper
Information Systems Security (ICISS 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8880))

Included in the following conference series:

Abstract

In a conventional password based authentication system, an adversary can obtain login credentials by performing shoulder surfing. When such attacks are performed by human users with limited cognitive skills and without any recording device then it is referred as weak shoulder surfing attack. Existing methodologies that avoid such weak shoulder surfing attack, comprise of many rounds which may be the cause of fatigue to the general users. In this paper we have proposed a methodology known as Multi Color (MC) method which reduces the number of rounds in a session to half of previously proposed methodologies. Then using the predictive human performance modeling tool we have shown that proposed MC method is immune against weak shoulder surfing attack and also it improves the existing security level.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
¥17,985 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
JPY 3498
Price includes VAT (Japan)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
JPY 5719
Price includes VAT (Japan)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
JPY 7149
Price includes VAT (Japan)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Banking–Personal Identification Number (PIN) Management and Security–Part 1: Basic Principles and Requirements for Online PIN Handling in ATM and POS Systems, Clause 5.4 Packaging Considerations, ISO 9564-1:2002 (2002)

    Google Scholar 

  2. Allen, G., Buxton, R.B., Wong, E.C., Courchesne, E.: Attentional activation of the cerebellum independent of motor involvement. Science 275(5308), 1940–1943 (1997)

    Article  Google Scholar 

  3. Anderson, J.R., Matessa, M., Lebiere, C.A.-R.: A theory of higher level cognition and its relation to visual attention. Human-Computer Interaction 12(4), 439–462 (1997)

    Article  Google Scholar 

  4. Bai, X., Gu, W., Chellappan, S., Wang, X., Xuan, D., Ma, B.P.: PAS: predicate-based authentication services against powerful passive adversaries. In: Annual Computer Security Applications Conference, ACSAC, pp. 433–442. IEEE (2008)

    Google Scholar 

  5. Bavelier, D., Achtman, R., Mani, M., Föcker, J.: Neural bases of selective attention in action video game players. Vision Research 61, 132–143 (2012)

    Article  Google Scholar 

  6. Bi, X., Li, Y., Zhai, S.: FFitts law: modeling finger touch with fitts’ law. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 1363–1372. ACM (2013)

    Google Scholar 

  7. Blonder, G.: Graphical passwords. lucent technologies, inc., murray hill, nj. US patent, ed. United States (June 1996)

    Google Scholar 

  8. Brady, T.F., Konkle, T., Alvarez, G.: A review of visual memory capacity: Beyond individual items and toward structured representations. Journal of Vision 11(5), 1–34 (2011)

    Article  Google Scholar 

  9. Card, S.K., Moran, T.P., Newell, A.: The psychology of human computer interaction hillsdale. LEA, NJ (1983)

    Google Scholar 

  10. Carroll, J.M.: HCI models, theories, and frameworks: Toward a multidisciplinary science. Morgan Kaufmann (2003)

    Google Scholar 

  11. Chakraborty, N., Mondal, S.: Color Pass: An intelligent user interface to resist shoulder surfing attack. In: IEEE Students’ Technology Symposium (TechSym), pp. 13–18 (2014)

    Google Scholar 

  12. Chakraborty, N., Mondal, S.: SLASS: Secure login against shoulder surfing. In: Martínez Pérez, G., Thampi, S.M., Ko, R., Shu, L. (eds.) SNDS 2014. CCIS, vol. 420, pp. 346–357. Springer, Heidelberg (2014)

    Chapter  Google Scholar 

  13. Green, C.S., Bavelier, D.: Action video game modifies visual selective attention. Nature 423(6939), 534–537 (2003)

    Article  Google Scholar 

  14. Holz, T., Engelberth, M., Freiling, F.: Learning more about the underground economy: A case-study of keyloggers and dropzones. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 1–18. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  15. John, B.E.: Extensions of GOMS analyses to expert performance requiring perception of dynamic visual and auditory information. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 107–116. ACM (1990)

    Google Scholar 

  16. John, B.E., Gray, W.D.: CPM-GOMS: an analysis method for tasks with parallel activities. In: Conference Companion on Human Factors in Computing Systems, pp. 393–394. ACM (1995)

    Google Scholar 

  17. John, B.E., Kieras, D.E.: The GOMS family of user interface analysis techniques: comparison and contrast. ACM Transactions on Computer-Human Interaction (TOCHI) 3(4), 320–351 (1996)

    Article  Google Scholar 

  18. Kwon, T., Shin, S., Na, S.: Covert Attentional Shoulder Surfing: Human Adversaries Are More Powerful Than Expected. IEEE Transactions On Systems, Man, and Cybernatics: Systems 44(6) (2013)

    Google Scholar 

  19. Lowe, D.G.: Perceptual Organization and Visual Recognition. Tech. rep., DTIC Document (1984)

    Google Scholar 

  20. Luck, S.J., Vogel, E.K.: The capacity of visual working memory for features and conjunctions. Nature 390(6657), 279–281 (1997)

    Article  Google Scholar 

  21. Posner, M.I.: Orienting of Attention*. Quart. J. Experimental Psychology 32(1), 3–25 (1980)

    Article  MathSciNet  Google Scholar 

  22. Rabinbach, A.: The human motor: Energy, fatigue, and the origins of modernity. Univ of California Press (1992)

    Google Scholar 

  23. Rayner, K., White, S.J., Kambe, G., Miller, B., Liversedge, S.P.: On the processing of meaning from parafoveal vision during eye fixations in reading. In: The Minds Eye: Cognitive and Applied Aspects of Eye Movement Research, pp. 213–234 (2003)

    Google Scholar 

  24. Rosenkrantz, W.A.: Introduction to Probability and Statistics for Science, Engineering, and Finance. CRC Press (2011)

    Google Scholar 

  25. Treisman, A.M., Kanwisher, N.G.: Perceiving visually presented objects: Recognition, awareness, and modularity. Current Opinion Neurobiol. 8(2), 218–226 (1998)

    Article  Google Scholar 

  26. Roth, V., Ritcher, K., Freidinger, R.: A PIN-entry method resilient against shoulder surfing. In: ACM Conf. Comput. Commun. Security, pp. 236–245 (2004)

    Google Scholar 

  27. Wiedenbeck, S., Waters, J., Sobrado, L., Birget, J.-C.: Design and Evaluation of a Shoulder-Surfing Resistant Graphical Password Scheme. In: ACM Working Conference Advance Visual Interfaces, pp. 177–184 (2006)

    Google Scholar 

  28. Yan, Q., Han, J., Li, Y., Deng, R.H.: On Limitations of Designing Leakage-Resilient Password Systems: Attacks, Principles and Usability. In: 19th Internet Social Network Distributed System Security (NDSS) Symposium (2012)

    Google Scholar 

  29. Zhao, H., Li, X.: S3PAS: A scalable shoulder-surfing resistant textual-graphical password authentication scheme. In: 21st International Conference on Advanced Information Networking and Applications Workshops, pp. 467–472 (2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Science and Engineering Department, Indian Institute of Technology Patna, Patna, 800013, Bihar, India

    Nilesh Chakraborty & Samrat Mondal

Authors
  1. Nilesh Chakraborty
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Samrat Mondal
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of EECS, University of Michigan, 48109-2121, Ann Arbor, MI, USA

    Atul Prakash

  2. Faculty of Technology and Computer Science, Tata Institute of Fundamental Research, Homi Bhabha Road, 400005, Mumbai, India

    Rudrapatna Shyamasundar

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Chakraborty, N., Mondal, S. (2014). An Improved Methodology towards Providing Immunity against Weak Shoulder Surfing Attack. In: Prakash, A., Shyamasundar, R. (eds) Information Systems Security. ICISS 2014. Lecture Notes in Computer Science, vol 8880. Springer, Cham. https://doi.org/10.1007/978-3-319-13841-1_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-13841-1_17

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-13840-4

  • Online ISBN: 978-3-319-13841-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation