The Surfing Attacks Secured Password Authentication System

Abstract

People enjoy the convenience of on-line services, but online environments may bring many risks. We propose a virtual password concept involving a small amount of human computing to secure users’ passwords in on-line environments. We adopt user determined randomized linear generation functions to secure users’ passwords based on the fact that a server has more information than any adversary does. We analyze how the proposed scheme defends against phishing, key logger, and shoulder-surfing attacks. To the best of our knowledge, our virtual password mechanism is the first one which is able to defend against all three attacks together. In this work, we discussed how to prevent users’ passwords from being stolen by adversaries. We proposed a virtual password concept involving a small amount of human computing to secure users’ passwords in on-line environments. We also implemented the system to do some tests and survey feedback indicates the feasibility of such a system. In this paper, we discuss how to prevent users’ passwords from being stolen by adversaries in online environments and automated teller machines. We propose differentiated virtual password mechanisms in which a user has the freedom to choose a virtual password scheme ranging from weak security to strong security, where a virtual password requires a small amount of human computing to secure users’ passwords. Among the schemes, we have a default method (i.e., traditional password scheme), system recommended functions, user-specified functions, user-specified programs, and so on. A function/program is used to implement the virtual password concept with a tradeoff of security for complexity requiring a small amount of human computing