Shoulder-Surfing Safe Login in a Partially Observable Attacker Model

14 years 2 months ago

Download www.fesb.hr

Abstract. Secure login methods based on human cognitive skills can be classified into two categories based on information available to a passive attacker: (i) the attacker fully observes the entire input and output of a login procedure, (ii) the attacker only partially observes the input and output. Login methods secure in the fully observable model imply very long secrets and/or complex calculations. In this paper, we study three simple PIN-entry methods designed for the partially observable attacker model. A notable feature of the first method is that the user needs to perform a very simple mathematical operation, whereas, in the other two methods, the user performs a simple table lookup. Our usability study shows that all the methods have reasonably low login times and minimal error rates. These results, coupled with low-cost hardware requirements (only earphones), are a significant improvement over existing approaches for this model [9, 10]. We also show that side-channel timing at...

Toni Perkovic, Mario Cagalj, Nitesh Saxena

Real-time Traffic

Cryptology | FC 2010 | Human Cognitive Skills | Login Methods | Secure Login Methods |

claim paper

Post Info
More Details (n/a)

Added	02 Sep 2010
Updated	02 Sep 2010
Type	Conference
Year	2010
Where	FC
Authors	Toni Perkovic, Mario Cagalj, Nitesh Saxena

Comments (0)

Sciweavers

Shoulder-Surfing Safe Login in a Partially Observable Attacker Model

Cryptology | FC 2010 | Human Cognitive Skills | Login Methods | Secure Login Methods |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers