Browse > Article
http://dx.doi.org/10.13089/JKIISC.2010.20.3.93

Shoulder-Surfing Resistant Password Input Method for Mobile Environment  

Kim, Chang-Soon (Inha University)
Youn, Sun-Bum (Korea Institute of Science and Technology)
Lee, Mun-Kyu (Inha University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.20, no.3, 2010 , pp. 93-104 More about this Journal
Abstract
The advent of various mobile devices and mobile services has caused diversification of information stored in a mobile device, e.g., SMS, photos, movies, addresses, e-mails, digital certificates, and so on. Because mobile devices are lost or stolen easily, user authentication is critical to protect the information stored in mobile devices. However, the current user authentication methods using Personal Identification Numbers (PINs) and passwords are vulnerable to Shoulder Surfing Attacks (SSAs), which enables an attacker to obtain user's information. Although there are already several SSA-resistant authentication methods in the literature, most of these methods lack of usability. Moreover, they are not suitable for use in mobile devices. In this paper, we propose a user friendly password input method for mobile devices which is secure against SSA. We also perform user tests and compare the security and usability of the proposed method with those of the existing password input methods.
Keywords
Password; Personal Identification Number; Shoulder Surfing Attack; Mobile Phone;
Citations & Related Records
연도 인용수 순위
  • Reference
1 X. Suo, Y. Zhu, and G.S. Owen, "Graphical passwords: a survey," Proceedings of the 21st Annual Computer Security Applications Conference, pp. 463-472, Dec. 2005.
2 E.K. Vogel and M.G. Machizawa, "Neural activity predicts individual differences in visual working memory capacity," Nature 428, pp. 748-751, Apr. 2004.   DOI   ScienceOn
3 P. Golle and D. Wagner, "Cryptanalysis of a cognitive authentication schme," Proceedings of the 2007 IEEE Symposium on Security and Privacy, pp. 66-70, May 2007.
4 H. Jameel, R.A. Shaikh, H. Lee, and S. Lee, "Human identification through image evaluation using secret predicates," Proceedings of the Cryptographer's Track at RSA Conference, LNCS 4377, pp. 67-84, 2007.
5 D. Weinshall, "Cognitive authentication schemes safe against spyware," Proceedings of the 2006 IEEE Symposium on Security and Privacy, pp. 1-16, May 2006.
6 S. Wiedenbeck, J. Waters, L. Sobrado, and J. Birget, "Design and evaluation of a shoulder- surfing resistant graphical password scheme," Proceedings of the Advanced Visual Interfaces, pp. 177-184, May 2006.
7 H. Zhao and X. Li, "S3PAS: a scalable shoulder-surfing resistant textual-graphical password authentication scheme," Proceedings of the 21st IEEE International Conference on Advanced Information Networking and Applications Workshops, vol. 2, pp. 467-472, May 2007.