Preventing Shoulder-Surfing Attack with the Concept of Concealing the Password Objects’ Information
Traditionally, picture-based password systems employ password objects (pictures/icons/symbols) as input during an authentication session, thus making them vulnerable to “shoulder-surfing” attack because the visual interface by function is easily observed by others. Recent software-based approaches a...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Wiley
2014-01-01
|
| Series: | The Scientific World Journal |
| Online Access: | http://dx.doi.org/10.1155/2014/838623 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850173103385083904 |
|---|---|
| author | Peng Foong Ho Yvonne Hwei-Syn Kam Mee Chin Wee Yu Nam Chong Lip Yee Por |
| author_facet | Peng Foong Ho Yvonne Hwei-Syn Kam Mee Chin Wee Yu Nam Chong Lip Yee Por |
| author_sort | Peng Foong Ho |
| collection | DOAJ |
| description | Traditionally, picture-based password systems employ password objects (pictures/icons/symbols) as input during an authentication session, thus making them vulnerable to “shoulder-surfing” attack because the visual interface by function is easily observed by others. Recent software-based approaches attempt to minimize this threat by requiring users to enter their passwords indirectly by performing certain mental tasks to derive the indirect password, thus concealing the user’s actual password. However, weaknesses in the positioning of distracter and password objects introduce usability and security issues. In this paper, a new method, which conceals information about the password objects as much as possible, is proposed. Besides concealing the password objects and the number of password objects, the proposed method allows both password and distracter objects to be used as the challenge set’s input. The correctly entered password appears to be random and can only be derived with the knowledge of the full set of password objects. Therefore, it would be difficult for a shoulder-surfing adversary to identify the user’s actual password. Simulation results indicate that the correct input object and its location are random for each challenge set, thus preventing frequency of occurrence analysis attack. User study results show that the proposed method is able to prevent shoulder-surfing attack. |
| format | Article |
| id | doaj-art-d145dc01ec7b4250a3c080ba186ff92c |
| institution | OA Journals |
| issn | 2356-6140 1537-744X |
| language | English |
| publishDate | 2014-01-01 |
| publisher | Wiley |
| record_format | Article |
| series | The Scientific World Journal |
| spelling | doaj-art-d145dc01ec7b4250a3c080ba186ff92c2025-08-20T02:19:55ZengWileyThe Scientific World Journal2356-61401537-744X2014-01-01201410.1155/2014/838623838623Preventing Shoulder-Surfing Attack with the Concept of Concealing the Password Objects’ InformationPeng Foong Ho0Yvonne Hwei-Syn Kam1Mee Chin Wee2Yu Nam Chong3Lip Yee Por4Faculty of Computer Science and Information Technology, University of Malaya, 50603 Lembah Pantai, Kuala Lumpur, MalaysiaMultimedia University, Jalan Multimedia, 63100 Cyberjaya, Selangor, MalaysiaFaculty of Computer Science and Information Technology, University of Malaya, 50603 Lembah Pantai, Kuala Lumpur, MalaysiaFaculty of Computer Science and Information Technology, University of Malaya, 50603 Lembah Pantai, Kuala Lumpur, MalaysiaFaculty of Computer Science and Information Technology, University of Malaya, 50603 Lembah Pantai, Kuala Lumpur, MalaysiaTraditionally, picture-based password systems employ password objects (pictures/icons/symbols) as input during an authentication session, thus making them vulnerable to “shoulder-surfing” attack because the visual interface by function is easily observed by others. Recent software-based approaches attempt to minimize this threat by requiring users to enter their passwords indirectly by performing certain mental tasks to derive the indirect password, thus concealing the user’s actual password. However, weaknesses in the positioning of distracter and password objects introduce usability and security issues. In this paper, a new method, which conceals information about the password objects as much as possible, is proposed. Besides concealing the password objects and the number of password objects, the proposed method allows both password and distracter objects to be used as the challenge set’s input. The correctly entered password appears to be random and can only be derived with the knowledge of the full set of password objects. Therefore, it would be difficult for a shoulder-surfing adversary to identify the user’s actual password. Simulation results indicate that the correct input object and its location are random for each challenge set, thus preventing frequency of occurrence analysis attack. User study results show that the proposed method is able to prevent shoulder-surfing attack.http://dx.doi.org/10.1155/2014/838623 |
| spellingShingle | Peng Foong Ho Yvonne Hwei-Syn Kam Mee Chin Wee Yu Nam Chong Lip Yee Por Preventing Shoulder-Surfing Attack with the Concept of Concealing the Password Objects’ Information The Scientific World Journal |
| title | Preventing Shoulder-Surfing Attack with the Concept of Concealing the Password Objects’ Information |
| title_full | Preventing Shoulder-Surfing Attack with the Concept of Concealing the Password Objects’ Information |
| title_fullStr | Preventing Shoulder-Surfing Attack with the Concept of Concealing the Password Objects’ Information |
| title_full_unstemmed | Preventing Shoulder-Surfing Attack with the Concept of Concealing the Password Objects’ Information |
| title_short | Preventing Shoulder-Surfing Attack with the Concept of Concealing the Password Objects’ Information |
| title_sort | preventing shoulder surfing attack with the concept of concealing the password objects information |
| url | http://dx.doi.org/10.1155/2014/838623 |
| work_keys_str_mv | AT pengfoongho preventingshouldersurfingattackwiththeconceptofconcealingthepasswordobjectsinformation AT yvonnehweisynkam preventingshouldersurfingattackwiththeconceptofconcealingthepasswordobjectsinformation AT meechinwee preventingshouldersurfingattackwiththeconceptofconcealingthepasswordobjectsinformation AT yunamchong preventingshouldersurfingattackwiththeconceptofconcealingthepasswordobjectsinformation AT lipyeepor preventingshouldersurfingattackwiththeconceptofconcealingthepasswordobjectsinformation |