We propose a web application based security system. When a user interacts with a computing system to enter a secret password, shoulder surfing attacks are of great concern. This system overcomes the problem of shoulder surfing. Previous system proposed a methodology in which the user has to remember all the events performed. This limits the system usage. Our novel approach enhances the shoulder surfing security with human interaction; indeed can break the well-known PIN entry method previously evaluated to be secure against shoulder surfing. To overcome the problem, we design a multi-color number panel. This interface provides the user, a higher level of security that the shoulder surfer cannot be aware of the process the user undergoes. The color pattern in the number panel changes periodically so that for each user is provided a different pattern.
S. Geethanjali, J. Mary Monika, V. Nandhini
human adversaries, information security, shoulder-surfing
- V. Roth, K. Richter, and R. Freidinger, “A PIN entry method resilient against shoulder surfing,” in Proc. ACM Conf. Comput. Commun. Security, 2004, pp. 236–245.
- M. I. Posner, “Orienting of attention,” Quart. J. Experimental Psychology, vol. 32, no. 1, pp. 3–25, 1980.
- D. G. Lowe, “Perceptual Organization and Visual Recognition. Norwell”, MA, USA: Kluwer, 1985.
- S. K. Card, T. P. Moran, and A. Newell, “The keystroke-level model for user performance time with interactive systems,” Commun. ACM, vol. 23, no. 7, pp. 396–410, 1980.
- B. E. John and W. D. Gray, “CPM-GOMS: An analysis method for tasks with parallel activities,” in Proc. ACM SIGCHI Conf. Human Factors Comput. Syst., 1995, pp. 393–394.
- Q. Yan, J. Han, Y. Li, and R. H. Deng, “On limitations of designing leakage-resilient password systems: Attacks, principles and usability,” in Proc. 19th Internet Soc. Netw. Distrib. Syst. Security (NDSS) Symp., 2012.
- “Banking—Personal Identification Number (PIN) Management and Security—Part 1: Basic Principles and Requirements for Online PIN Handling in ATM and POS Systems”, Clause 5.4 Packaging Considerations, ISO 9564-1:2002, 2002.
- X. Bai, W. Gu, S. Chellappan, X. Wang, D. Xuan, and B. Ma, “PAS: Predicate-based authentication services against powerful passive adversaries,” in Proc. IEEE Annu. Comput. Security Appl. Conf., Dec. 2008, pp. 433–442.
- H. Gao, X. Liu, S. Wang, and R. Dai, “A new graphical password scheme against spyware by using CAPTCHA,” in Proc. ACM Symp.Usable Privacy Security, 2009, pp. 15-17.
- A. D. Luca, K. Hertzschuch, and H. Hussmann, “ColorPIN-securing PIN entry through indirect input,” in Proc. ACM SIGCHI Conf. Human Factors Comput. Syst., 2010, pp. 1103–1106.
- N. Hopper and M. Blum, “Secure human identification protocols,” in Proc. Adv. Cryptology-ASIACRYPT, 2001, pp. 52–66.
- D. Weinshall, “Cognitive authentication schemes safe against spyware,” in Proc. IEEE Symp. Security Privacy, May 2006, pp. 295–300.
- P. Golle and D. Wagner, “Cryptanalysis of a cognitive authentication scheme,” in Proc. IEEE Symp. Security Privacy, May 2007, pp. 66–70.
- S. Li, H. J. Asghar, J. Pieprzyk, A.-R. Sadeghi, R. Schmitz, and H. Wang, “On the security of PAS (predicate-based authentication service),” in Proc. IEEE Annu. Comput. Security Appl. Conf., Dec. 2009, pp. 209– 218.
- P. Dunphy, A. P. Heiner, and N. Asokan, “A closer look at recognitionbased graphical passwords on mobile devices,” in Proc.
|Published in :
||Volume 1 | Issue 2 | March-April - 2015
|Date of Publication
Cite This Article
S. Geethanjali, J. Mary Monika, V. Nandhini, "Human Interaction in Shoulder Surfing Security", International Journal of Scientific Research in Science, Engineering and Technology(IJSRSET), Print ISSN : 2395-1990, Online ISSN : 2394-4099, Volume 1, Issue 2, pp.334-338, March-April-2015.
URL : http://ijsrset.com/IJSRSET1522108.php