SAFE: Shoulder-surfing attack filibustered with ease

Abstract

Websites have become an integral part of everyones life. The most important vulnerable issue in websites which has to be subjected to uncompromising security is user authentication. There is a good level of security when we use the conventional textual based password but memorizing these passwords is difficult when they are too long. Hence, users tend to keep password that are simple and short which compromises security and makes it vulnerable to many password cracking attacks. Users may also tend to write them down or store them inside the computer in the form of sticky notes which makes it even more vulnerable. This issue has motivated users towards an alternative solution which is the Graphical User Authentication (GUA) which makes use of images, patterns instead of plain text. However, one big issue incurred with the GUA is that it is very vulnerable to shoulder-surfing and spyware attacks. In this paper we propose a system called SAFE (Shoulder-Surfing Attacks Filibustered with Ease) that could restrict or filibuster shoulder-surfing and spyware attacks. This system uses an algorithm called as RALUT-G (Randomized Lookup Table-Generator) that generates a randomized look-up table with dynamic content for the user authentication based on its working module. We have also evaluated the efficiency and the effectiveness of our system using comprehensive experimental analysis.