This is going to be a test message for the sandbox.
This is a user sandbox of Lathivik. You can use it for testing or practicing edits. This is not the sandbox where you should draft your assigned article for a dashboard.wikiedu.org course. To find the right sandbox for your assignment, visit your Dashboard course page and follow the Sandbox Draft link for your assigned article in the My Articles section. |
This is a draft article. It is a work in progress open to editing by anyone. Please ensure core content policies are met before publishing it as a live Wikipedia article at Best-effort delivery. Find sources: Google (books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL Last edited by SporkBot (talk | contribs) 6 years ago. (Update) |
Shoulder-surfing is an attack on password authentication that has traditionally been hard to defeat [1]. It can be done remotely using binoculars and cameras, using keyboard acoustics, or electromagnetic emanations from displays [2]. Access to the user’s password simply by observing the user while he or she is entering a password undermines all the effort put into encrypting passwords and protocols for authenticating the user securely. To some extent, the human actions when inputting the password are the weakest link in the chain. Shoulder surfing happens when a crook is looking over your shoulder while you are carrying out a transaction at a cash dispenser. By doing this, he hopes to get to know your secret code. Once he has seen it, he will try to divert your attention in order to get hold of your bank card.
Methodologies resistance to shoulder surfing
editGaze-based password entry
editThe basic procedure for gaze-based password entry is similar to normal password entry, except that in place of typing a key or touching the screen, the user looks at each desired character or trigger region in sequence (same as eye typing). The approach can, therefore, be used both with character-based passwords by using an on-screen keyboard and with graphical password schemes as surveyed in [3]. A variety of considerations is important for ensuring usability and security. Eye tracking technology has come a long way since its origins in the early 1900’s [4]. State of the art eye trackers offers non-encumbering, remote video-based eye tracking with an accuracy of 1˚ of visual angle. Eye trackers are a specialized application of computer vision. A camera is used to monitor the user’s eyes. One or more infrared light sources illuminate the user’s face and produce a glint – a reflection of the light source on the cornea. As the user looks in different directions the pupil moves but the location of the glint on the cornea remains fixed. The relative motion and position of the center of the pupil and the glint are used to estimate the gaze vector, which is then mapped to coordinates on the screen plane.
Painting album mechanism
editPainting Album Mechanism is an anti-shoulder surfing mechanism, which has characteristics of both recall and recognition graphical techniques. Thus, this mechanism is also a hybrid graphical password anti-shoulder surfing mechanism. It was developed based on results of user’s affinity of choices [5], and through observation on the way kids are behave, while they paint the picture. When this mechanism was developed, results from user’s affinity of choice survey had become the mechanism’s architecture. Meantime, outcome of the observation have created this mechanism three input schemes, where we named it Swipe Scheme, Color Scheme, and Scot Scheme. In Painting Album Mechanism, Swipe Scheme, Color Scheme, and Scot Scheme are the methods for password creation. Each input scheme is non-identical, and it is user’s options to choose the input scheme they prefer
Input Schemes | Input Methods |
---|---|
Swipe Scheme | Swipe the pictures |
Color Scheme | Touched the picture, then, select the colored boxes. |
Scot Scheme | Swipe the picture, meantime, touch the pictures and picked the colored boxes |
Text based graphical password schemes
editTo overcome the drawbacks of text-based authentication, researchers have been developed new password scheme which uses images, pictures as a password known as graphical password scheme. This scheme is used as an alternative to the alphanumeric password. Current authentication methods are categorized into three main areas: Token based authentication, Biometric based authentication, Knowledge-based authentication. In addition to this, a comparison of current graphical password techniques classified graphical password schemes into two categories viz. recognition-based and recall based approaches. Results answer the questions like “Is a graphical password as secure as a text-based password?” It also strives to find the answer to the question: “What are the major design and implementation issues for graphical passwords?” This study is useful in graphical password methods and wants to find the alternatives to overcome the susceptibility of it [6].
Secret tap method
editBecause of the important to take measures against covert observation in order to prevent authentication information from being stolen, Secret Tap method proposes a technique that do not expose the authentication information during entry, even if other individuals try to view the input process. Additionally, it should be noted that the risk of covert observation is not restricted to direct observation by other individuals, camera recordings also pose a threat. Therefore, it is necessary to make the authentication process more complex in order to prevent authentication information from being stolen even if cameras and/or other individuals observe the information input process numerous times. There are two types of shoulder-surfing attack: direct observation attacks, in which authentication information is obtained by a person who is directly monitoring the authentication sequence, and recording attacks, in which the authentication information is obtained by recording the authentication sequence for later analysis.
Secret Tap authentication method uses icons and a touch panel liquid crystal display. The goals and design policy used are,
- Covert observation resistance Maintain the resistance strength at a level that prevents the authentication information from being revealed to other individuals, even if the authentication operation is performed numerous times.
- Recording attack resistance Maintain the resistance strength at a level that prevents the authentication information from being analyzed by other individuals even if the authentication operation is fully recorded.
- Brute-force attack resistance Maintain the resistance strength at a level that prevents the authentication process from broken more easily than by a brute-force attack on a four digit PIN. This policy follows the standard put forth in ISO 9564-1 [7].
- Usability Maintain a level of usability that permits operators to perform the authentication operation with ease.
Comparision of risks between alphanumeric and graphical Passwords
editThe primary benefit of graphical passwords compared to alphanumeric passwords is the improved memorability. However, the potential detriment of this advantage is the increased risk of shoulder-surfing. Graphical passwords that use graphics or pictures [8] such as PassFaces , Jiminy [9], VIP, Passpoints [10] or a combination of graphics and audio such as AVAP are likely all subject to this increased risk unless somehow mitigated in implementation. The results indicate the fact that both alphanumeric and graphical password-based authentication mechanisms may have a significant vulnerability to shoulder-surfing unless certain precautions are taken. Despite the common belief that nondictionary passwords are the most secure type of password-based authentication, our results demonstrate that it is, in fact, the most vulnerable configuration to shoulder-surfing.
References
edit- Henessey, C., B. Noureddin, and P. Lawrence. A Single Camera Eye-Gaze Tracking System with Free Head Motion. In Proceedings of ETRA: Eye Tracking Research and Applications Symposium. San Diego, California, USA: ACM Press. pp. 87-94, 2006.
- Kuhn, M. G., Electromagnetic Eavesdropping Risks of FlatPanel Displays, in 4th Workshop on Privacy Enhancing Technologies, LNCS. Springer-Verlag: Berlin / Heidelberg. pp. 23–25, 2004.
- Jacob, R. J. K. and K. S. Karn, Eye Tracking in HumanComputer Interaction and Usability Research: Ready to Deliver the Promises, in The Mind's eye: Cognitive and Applied Aspects of Eye Movement Research, J. Hyona, R. Radach, and H. Deubel, Editors. Elsevier Science: Amsterdam. pp. 573-605, 2003
- Suo, X. and Y. Zhu. Graphical Passwords: A Survey. In Proceedings of Annual Computer Security Applications Conference. Tucson, Arizona, USA, 2005.
- L. K. Seng, N. Ithnin and H. K. Mammi, “User’s Affinity of Choice: Features of Mobile Device Graphical Password Scheme’s Anti-Shoulder Surfing Mechanism”, International Journal of Computer Science Issues, vol. 2, no. 8, (2011)
- R. C. Thomas, A. Karahasanovic, and G. E. Kennedy, "An Investigation into Keystroke Latency Metrics as an Indicator of Programming Performance," presented at Australasian Computing Education Conference 2005, Newcastle, Australia 2005.
- ^ Henessey, C., B. Noureddin, and P. Lawrence. A Single Camera Eye-Gaze Tracking System with Free Head Motion. In Proceedings of ETRA: Eye Tracking Research and Applications Symposium. San Diego, California, USA: ACM Press. pp. 87-94, 2006.
- ^ Kuhn, M. G., Electromagnetic Eavesdropping Risks of FlatPanel Displays, in 4th Workshop on Privacy Enhancing Technologies, LNCS. Springer-Verlag: Berlin / Heidelberg. pp. 23–25, 2004.
- ^ Suo, X. and Y. Zhu. Graphical Passwords: A Survey. In Proceedings of Annual Computer Security Applications Conference. Tucson, Arizona, USA, 2005.
- ^ Jacob, R. J. K. and K. S. Karn, Eye Tracking in HumanComputer Interaction and Usability Research: Ready to Deliver the Promises, in The Mind's eye: Cognitive and Applied Aspects of Eye Movement Research, J. Hyona, R. Radach, and H. Deubel, Editors. Elsevier Science: Amsterdam. pp. 573-605, 2003
- ^ L. K. Seng, N. Ithnin and H. K. Mammi, “User’s Affinity of Choice: Features of Mobile Device Graphical Password Scheme’s Anti-Shoulder Surfing Mechanism”, International Journal of Computer Science Issues, vol. 2, no. 8, (2011)
- ^ Henessey, C., B. Noureddin, and P. Lawrence. A Single Camera Eye-Gaze Tracking System with Free Head Motion. In Proceedings of ETRA: Eye Tracking Research and Applications Symposium. San Diego, California, USA: ACM Press. pp. 87-94, 2006.
- ^ Suo, X. and Y. Zhu. Graphical Passwords: A Survey. In Proceedings of Annual Computer Security Applications Conference. Tucson, Arizona, USA, 2005.
- ^ R. C. Thomas, A. Karahasanovic, and G. E. Kennedy, "An Investigation into Keystroke Latency Metrics as an Indicator of Programming Performance," presented at Australasian Computing Education Conference 2005, Newcastle, Australia 2005.
- ^ L. K. Seng, N. Ithnin and H. K. Mammi, “User’s Affinity of Choice: Features of Mobile Device Graphical Password Scheme’s Anti-Shoulder Surfing Mechanism”, International Journal of Computer Science Issues, vol. 2, no. 8, (2011)
- ^ R. C. Thomas, A. Karahasanovic, and G. E. Kennedy, "An Investigation into Keystroke Latency Metrics as an Indicator of Programming Performance," presented at Australasian Computing Education Conference 2005, Newcastle, Australia 2005.