Abstract
Access management of IoT devices is extremely important, and a secure login authentication scheme can effectively protect users’ privacy. However, traditional authentication schemes are threatened by shoulder-surfing attacks, and biometric-based schemes, such as fingerprint recognition and face recognition, that are commonly used today can also be cracked. Researchers have proposed some schemes for current attacks, but they are limited by usability. For example, the login authentication process requires additional device support. This method solves the problem of attacks, but it is unusable, which limits its application. At present, most authentication schemes for the Internet of Things and mobile platforms either focus on security, thus ignoring availability, or have excellent convenience but insufficient security. This is a symmetry problem worth exploring. Therefore, users need a new type of login authentication scheme that can balance security and usability to protect users’ private data or maintain device security. In this paper, we propose a login authentication scheme named PinWheel, which combines a textual password, a graphical password, and biometrics to prevent both shoulder-surfing attacks and smudge attacks and solves the current schemes’ lack of usability. We implemented PinWheel and evaluated it from the perspective of security and usability. The experiments required 262 days, and 573 subjects participated in our investigation. The evaluation results show that PinWheel can at least effectively resist both mainstream attacks and is superior to most existing schemes in terms of usability.
Highlights
With the rapid development of Internet technology, various smart devices are connecting through the Internet and using the convenience of the Internet to disseminate information to realize various functions such as automatic reporting of data, remote accessing, and remote control management.Authentication security on IoT devices: Many IoT devices are unguarded most of the time, requiring users to remotely manage devices over the network, or the devices share collected information with specific users
A survey conducted by researchers for shoulder-surfing attacks showed that 35% of participants were worried that someone might observe them and steal their certificates when the smart device is unlocked [2,3]
This paper proposes a login authentication scheme named PinWheel, which does not require other media to spread the challenge value
Summary
Authentication security on IoT devices: Many IoT devices are unguarded most of the time, requiring users to remotely manage devices over the network, or the devices share collected information with specific users. Most of this information contains privacy attributes, so access management and authentication are very important. It is worth mentioning that in the first phase of login, the distribution of the beads’ colors is fixed, set by the user registration phase, and the color of the second phase beads is randomly generated each time the user logs in.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
