Abstract
Authentication in mobile devices is inherently vulnerable to attacks and has the weakness of being susceptible to shoulder-surfing attack. Shoulder-surfing attack is a type of attack that uses direct observation techniques such as looking over someone’s shoulder to get information. This paper aims to introduce a novel way of concealing the password within a contingent of randomly selected entries. In particular, the traditional password concept where what you input is what you get is redefined by proposing the camouflage characters approach. Based on this approach, three defensive techniques are introduced for mobile devices. By using an Android platform, the introduced techniques are implemented. Experimental studies are conducted in order to evaluate both security and usability perspectives. The empirical results showed that the proposed approach is reasonably resistant against shoulder-surfing attacks and usable for participants. Moreover, it is possible to choose very short passwords, while insuring that the password remains hidden amongst a large number of key presses. Based on the achieved results, the proposed approach is recommended to be a new avenue in the field of security to produce very simple and yet very complicated passwords, to be observed by the attacker, at the same time.
Highlights
Nowadays, the use of mobile devices has increased at an unanticipated rate
E initial version of this approach was established in [10]. We extend this approach to be applicable for mobile devices by introducing three defensive techniques. e first technique allows the user to specify the same length of camouflage characters in which the activation and deactivation keys are reflected by a number of characters. e second technique allows the user to specify the length of camouflage characters of both keys but with various lengths. e third technique allows the user to specify only one character as an activation key and another as a deactivation key
One of the options that can be utilized in this scheme is assigning access rights to the master keys. is allows mobile devices users, for example, to keep their sensitive data safe on their devices; that is, when the master keys are used in a certain sequence, access to the phone is only limited to making calls
Summary
The use of mobile devices has increased at an unanticipated rate. In particular, the landscape of mobile devices, such as smart phones, has significantly changed; that is, mobile devices are used for calling and sending messages and for several services such as e-mail, social network, and web surfing [1]. E main aim of these methods was to find a way of safeguarding the password entry Both methods, i.e., text-based and graphical passwords, are vulnerable to shoulder-surfing attacks [7], which is a type of attack that uses direct observation techniques such as looking over someone’s. Since this paper proposes an approach against shoulder-surfing attacks, the brute-forcing attack is beyond the scope of this paper in case of applying one digit as a password This approach has been introduced in Alsuhibany’s work [10,11] for shared spaces such as tabletops and pattern-based passwords, respectively, this approach is extended here in this paper for creating traditional text-based passwords for mobile devices.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
