Sciweavers

73
Voted
FC
2010
Springer

Shoulder-Surfing Safe Login in a Partially Observable Attacker Model

15 years 1 months ago
Shoulder-Surfing Safe Login in a Partially Observable Attacker Model
Abstract. Secure login methods based on human cognitive skills can be classified into two categories based on information available to a passive attacker: (i) the attacker fully observes the entire input and output of a login procedure, (ii) the attacker only partially observes the input and output. Login methods secure in the fully observable model imply very long secrets and/or complex calculations. In this paper, we study three simple PIN-entry methods designed for the partially observable attacker model. A notable feature of the first method is that the user needs to perform a very simple mathematical operation, whereas, in the other two methods, the user performs a simple table lookup. Our usability study shows that all the methods have reasonably low login times and minimal error rates. These results, coupled with low-cost hardware requirements (only earphones), are a significant improvement over existing approaches for this model [9, 10]. We also show that side-channel timing at...
Toni Perkovic, Mario Cagalj, Nitesh Saxena
Added 02 Sep 2010
Updated 02 Sep 2010
Type Conference
Year 2010
Where FC
Authors Toni Perkovic, Mario Cagalj, Nitesh Saxena
Comments (0)