Three Steps Secure Login: A systematic approach
Pages 107 - 114
Abstract
Generally, user authentication performs through user's Id and password. In this process, user id remains visible and password remains secret. But through shoulder surfing and other attacks, the password can also be traced due to exact password characters are typed or marked by users during login. To counter this vulnerability of tracing password, we propose a novel login method that does not reveal the user-id/password even if keylogging traces the typed keyboard's characters. We also do a security analysis to show that proposed mechanism is able to withstand a number of attacks and also mitigates some of the attacks. We also do a usability survey to show its feasibility among real-time users without compromising any security features.
References
[1]
Web hacking incident database (July 18 2014), https://www.google.com/fusiontables/data?docid=1PqKeOdhn14po2MY31Knz1nJ48Qk7uVCJcIqFg"#'summary:id= 35
[2]
Anderson, R.: Security Engineering: A Guide to Building Dependable Distributed Systems. Wiley India Pvt. Ltd., India, second edition edn. (2008)
[3]
Bock, J.T.: Visual authentication. Project Defence 2 (1996)
[4]
Chakraborty, N., Mondal, S.: Color pass: An intelligent user interface to resist shoulder surfing attack. In: Students' Technology Symposium (TechSym). pp. 13--18. IEEE (2014)
[5]
Devi, D. Surya, e.a.: Generating session password using text and color to prevent shoulder surfing. In: Procedia Engineering. pp. 1309--1317. Elsevier (2012)
[6]
Gowraj, Narayan, e.a.: Safe: Shoulder-surfing attack filibustered with ease. In: Dependable Systems and Networks Workshop (DSN-W). pp. 1--7. IEEE (2013)
[7]
Huang, Yao-Wen, e.a.: Web application security assessment by fault injection and behavior monitoring. In: Proceedings of the 12th international conference on World Wide Web. pp. 148--159. ACM (2003)
[8]
Kassner, M.: Userids and password are equally important for access security (2010), http://www.techrepublic.com/blog/it-security/user-ids-and-passwords-equally-important-for-access-security/
[9]
Lee, M.K.: Security notions and advanced method for human shoulder-surfing resistant pin-entry. Information Forensics and Security pp. 695--708 (2014), IEEE
[10]
Lei, Ming, e.a.: A virtual password scheme to protect passwords." communications. In: ICC'08. IEEE International Conference on. pp. 1536--1540. IEEE (2008)
[11]
Lei, Ming, e.a.: Virtual password using random linear functions for on-line services, atm machines, and pervasive computing. Computer Communications pp. 4367--4375 (2008)
[12]
LLC, P.I.: The sql injection threat study. Research report, Ponemon Institute (April 2014)
[13]
Perkovi, Toni, M.a., Saxena., N.: Shoulder-surfing safe login in a partially observable attacker model. In: Financial Cryptography and Data Security. Springer Berlin Heidelberg. pp. 351--358. Springer (2010)
[14]
Raza, Mudassar, e.a.: A survey of password attacks and comparative analysis on methods for secure authentication. World Applied Sciences Journal 19, 439--444(2012)
[15]
Roth, V., Richter, K.: How to fend off shoulder surfing. Journal of Banking & Finance, Elsevier 30, 1727--1751 (2006)
[16]
Sharma, Anand, e.a.: Password based authentication: Philosophical survey. In: Intelligent Computing and Intelligent Systems (ICIS). vol. 3, pp. 619--622. IEEE (2010)
[17]
Shi, Peipei, B.Z., Youssef, A.: A rotary pin entry scheme resilient to shoulder-surfing. In: Internet Technology and Secured Transactions. pp. 1--7. IEEE (2009)
[18]
Stallings, W.: CRYPTOGRAPHY AND NETWORK SECURITY PRINCIPLES AND PRACTICE. Prentice hall, fifth edn. (2011)
[19]
Tari, Furkan, A.O., Holden, S.H.: A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords. In: Proceedings of the second symposium on Usable privacy and security. pp. 56--66. ACM (2006)
[20]
Wilfong, G.T.: Method and apparatus for secure pin entry (1999)
[21]
Xiao, Yang, e.a.: Secret little functions and codebook for protecting users from password theft. In: Communications, 2008. ICC'08. IEEE International Conference on. pp. 15251529. IEEE (2008)
- Three Steps Secure Login: A systematic approach
Recommendations
A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords
SOUPS '06: Proceedings of the second symposium on Usable privacy and securityPrevious research has found graphical passwords to be more memorable than non-dictionary or "strong" alphanumeric passwords. Participants in a prior study expressed concerns that this increase in memorability could also lead to an increased ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
October 2016
178 pages
ISBN:9781450348089
DOI:10.1145/2998476
Copyright © 2016 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 21 October 2016
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
ACM COMPUTE '16
Acceptance Rates
COMPUTE '16 Paper Acceptance Rate 22 of 117 submissions, 19%;
Overall Acceptance Rate 114 of 622 submissions, 18%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 187Total Downloads
- Downloads (Last 12 months)6
- Downloads (Last 6 weeks)1
Reflects downloads up to 28 Dec 2024
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in