Abstract

Using textual passwords suffer from the balance between security and usability. Password policies are usually adopted by system administrators to force users to choose strong passwords. However, users often use a simple password to make it easy to remember, which reduces the password strength and make it vulnerable to information security threats. When users enter their passwords in public places like airports or cafes, they become exposed to shoulder surfing attacks which are considered as a kind of social engineering. With a little effort, an attacker can capture a password by recording the individual’s authentication session or by direct observation. To overcome this vulnerability, we propose a new textual-password approach that uses camouflage characters and a virtual keyboard which leads to generating strong and easy to remember passwords. The perspective of usability and security was evaluated by experimental studies conducted with 65 users and then compared with recent studies. The results showed that the proposed technique has the lowest shoulder surfing success rate with just 3.63% with reasonable usability.

Highlights

  • Current authentication systems have a lot of weaknesses even if the system is secured, an individual’s behaviour may cause a security breach

  • Users often use a simple password to make it easy to remember, which reduces the password strength and make it vulnerable to information security threats. When users enter their passwords in public places like airports or cafes, they become exposed to shoulder surfing attacks which are considered as a kind of social engineering

  • It might be worth mentioning that the delay in M2 entry time is happening because the user must first check his email to get the AK key, he must enter the password according to the dynamic virtual keyboard

Read more

Summary

INTRODUCTION

Current authentication systems have a lot of weaknesses even if the system is secured, an individual’s behaviour may cause a security breach. Using input devices such as the mouse and touch-screen makes graphical authentication techniques possible They are unsecured to many attacks such as shoulder-surfing, spyware, Social Engineering and Dictionary attacks. Shoulder surfing attack is a type of identity theft, it occurs when the attacker looks over someone's shoulder to get passwords, login PINs or other sensitive personal data This attack can be done by a small wireless camera that is easy to install. Systems login that is based on gazing to select a character from an onscreen keyboard is one of the solutions for shoulder-surfing but it may take a long entry time and lack of input accuracy [7] Another approach to solve this problem is using a graphical password or integrating both graphical and textual passwords [8][9]. After applying an experimental study to test the defensive model with 65 participants and analyzing the data, the conclusion is presented to summarize the primary outcomes and to determine model usability and efficiency against shoulder surfing attacks

RELATED WORK
SOCIAL ENGINEERING AND SHOULDER SURFING ATTACKS
PROPOSED DEFENSE MODEL
Login Phase
EXPERIMENTAL STUDY
RESULTS
Entring Time
The Success Rate of Login
Success Rate of Shoulder Surfing Attack
DISCUSSION
VIII. CONCLUSION
Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call