A personal identification number(PIN) as a 4 digit numeric password in mobile or stationary systems, including smart phones, tablet computers, automated teller machines (ATM), and point of sale (PoS) terminals, a direct observation attack based on shouldersurfing becomes great concern. The PIN entry can be observed by nearby adversaries, more effectively in a crowded area. Usually the same PIN is chosen by a user for various purposes and used repeatedly; a compromise of the PIN may cause the user a great risk. To cope with this problem, which is between the user and the system, cryptographic prevention techniques are hardly applicable because human users are limited in their capacity to process information. Instead, there have been alternative approaches considering the asymmetry between the user and the system.
Web application and mobile application are used widely in everywhere with various devices. This evolution is very useful but also increases probability leaking a password through shouldersurfing attacks. In this attack, attacker can observe directly or by external recording devices or video capturing are used for collecting password. To overcome this we proposed a system that provides pair base method and graphical password based on pass matrix concept to resist shouldersurfing attack. Pass Matrix is considered a novel and easy-to-use graphical password authentication system, which can effectively improve shoulder-surfing attacks. In graphical password where users click on images to authenticate themselves. Experimental result show that, the proposed system achieves better resistance to shouldersurfing attacks while maintaining usability.
Shouldersurfing attack can be minimized using text and color based on graphical password scheme that was proposed by . This method needs the user to choose the length of the password which is between 8 to 15 characters and chooses one color as his pass color from 8 colors that are given by the system. As the seven colors remaining, it will be the decoy colors. As usual, users also need to register an e-mail address for re-enabling his account when he enters a wrong password. The most important things in this scheme are user need to carried the registration process in an environment that is free from shouldersurfing. During the login process, a circle will display which is composed of 8 sectors of equal size when a user sends a login request. The colors of the arcs of each sector are different that can be identified by the color of its arc. Besides, there is a button for rotating the circle clockwise, anti-clockwise, the “confirm” button and the “login” button as well . The user has to rotate the sector which contains the characters of the password and has to move the character in the sector which color is selected by the user until they have their password. As the conclusion, the system that proposed which uses text and color based graphical password is useful to reduce the shouldersurfing attack. Using this authentication method, the user can log in the system without caring about shouldersurfing because they can enter their password without using the physical keyboard. The user can also easily and efficiently login to the system if they use this authentication method as they are familiar with both password scheme that is textual password and color based graphical password.
---------------------------------------------------------------------***--------------------------------------------------------------------- Abstract —The traditional PIN mechanism is mostly used for authentication. It is popular method due to its usability and security. Though it is secure method, it often leads to direct observational attack, such as human shoulder-surfing and camera based recording. In this paper proposed system provides implementation of color pass methods to defend against shouldersurfing attack. User can enter the session without revealing the actual PIN. It provide strong security against shouldersurfing attacks and have intelligent user interface.
6 Zhao and Li Proposed a shoulder-surfing resistant scheme “S3PAS”. The main idea of the scheme is as follows. In the login stage, they must find their original text passwords in the login image and click inside the invisible triangle region.
ShoulderSurfing is using direct observation techniques, such as, looking over someone's shoulder, to get information. ShoulderSurfing is an effective way to get information be it in a user‟s home while he works on his personal computer or in a public place which is more prone to ShoulderSurfing attack. ShoulderSurfing can also be done long distance with the aid of binoculars or other vision-enhancing devices . The increase in number of laptop and personal digital assistant (PDA) usage has greatly increased the danger of unauthorized observation of authentication procedures. The users have become more prone to password theft due to such kind of sneaking. Especially when the users are moving around it is difficult for them to keep a strict vigilance on their surroundings. One should remain cautious of his/her surroundings if he/she is authenticating by the traditional authentication methods prone to ShoulderSurfing.
Since the design and development of the first graphical authen- tication pioneered by Blonder in 1996, numerous research has been conducted on this area to be used in different scenario especially on the Internet. One of the major motivators is the pic- ture superiority which as studies have shown, states that image/ pictures provides higher memorability as opposed to Text based authentication. However, graphical authentication is still faced with some challenges. In this paper, a shouldersurfing resistant graphical authentication scheme is proposed to tackle the major issues related to the graphical authentication schemes devel- oped. In summary, the proposed scheme provides a high level of resistance to shouldersurfing attacks, mitigating the need to up- load pictures and aids in finding chosen objects in the scheme. Finally, the schemes still have some vulnerabilities thus, con- cluding that there cannot be a perfect graphical authentication scheme; each scheme has its merits and demerits making it a suitable candidate for different environment and/or event based on its architecture.
To resist shouldersurfing attack, Roth et al. proposes a authentication system based on personal identification number-PIN. In this scheme all characters are displayed in black or white color and randomly placed on a screen. User need to select the color sequence of PIN digit. The sequence is binary sequence. This system resists the shouldersurfing attacks of direct viewer attackers. But if attacker uses the video recording system to record the PIN entering process, attacker can easily crack the password.
Traditionally, picture-based password color coding systems employ password objects (pictures/icons/symbols) as input during an authentication session, thus making them vulnerable to “shoulder-surfing” attack because the visual interface by function is easily observed by others. Recent software-based approaches attempt to minimize this threat by requiring users to enter their passwords indirectly by performing certain mental tasks to derive the indirect password, thus concealing the user’s actual password. However, weaknesses in the positioning of distracter and password objects introduce usability and security issues. In this paper, a new method, which conceals information about the password objects as much as possible, is proposed. Besides concealing the password objects and the number of password objects, the proposed method allows both password and distracter objects to be used as the challenge set’s input. The correctly entered password appears to be random and can only be derived with the knowledge of the full set of password objects. Therefore, it would be difficult for a shoulder-surfing adversary to identify the user’s actual password. Simulation results indicate that the correct input object and its location are random for each challenge set, thus preventing frequency of occurrence analysis attack. User study results show that the proposed method is able to prevent shoulder-surfing attack.
In this paper, the cause for shouldersurfing attack and the prevention methods is put forth. An attempt that has been made to contemplate the significance of various graphical authentication systems that have been proposed over the years to overcome shouldersurfing attacks. The methods to overcome the disadvantages of textual passwords are presented. The system’s advantages and disadvantages that have been surveyed are presented for each paper. The need for graphical authentication system is emphasized. Implementation of the honeypot is addressed here to secure the system from counteracting attempts of unauthorized users to steal the information. Like any other graphical authentication system, HoneyPass is also vulnerable to random guessing attacks but it is strongly resistant to any form of shouldersurfing attacks i.e. either direct observation or with the help of external devices. This approach will help various research analysts to move forward with the graphical authentication system who was unfortunate about the textual password system and their drawbacks.
To maintain a strategic distance from the distinctive sorts of attacks which is happens in user account. To overcomes security weakness, the easiness of obtaining password by observers in public. We will utilize graphical validation system called PassMatrix. In PassMatrix, a password comprises of just selecting pass-squares per pass-image send for authentication form a sequence of n images. The image will be send by server. In the event that the If the user select incorrect pass-squares within the pass-image then user does not login into system. Be that as it may, primary motivation to oppose shouldersurfing attacks and maintain user privacy as well as authentication.
 Arash Habibi Lashkari, Computer Science and Data Communication (MCS), University Malaya (UM) Kuala Lumpur, SAMANEH FARMAND Computer Science and Information Technology (IT),University Malaya (UM) Kuala Lumpur, Dr. OMAR BIN ZAKARIA Computer Science and Data Communication (MCS), University of Malaya (UM), Kuala Lumpur, DR. ROSLI SALEH Computer Science and Data Communication (MCS), University of Malaya (UM), Kuala Lumpur,”ShoulderSurfing
Abstract: For any organization, it is essential to protect its all private resources from security threats from all over the world. The most general computer authentication method is to use alphanumerical usernames and passwords. Traditional alphanumerical passwords are vulnerable to many attacks. Graphical passwords are introduced as alternatives to textual passwords to overcome these problems . For example, users tend to pick passwords that can be easily guessed. On the other hand, if a password is hard to guess, then it is hard to remember. To solve this problem, some researchers have developed authentication methods that use pictures as passwords. The fact is that humans can remember pictures better than text . During password creation, the user selects a theme consisting of photos in thumbnail size and set a sequence of pictures as a password. During authentication, user must recognize the images in the correct order. Each thumb nail image is assigned a numerical value, thus the sequence of the chosen images will create a numerical password. In this paper, we conduct a comprehensive survey of the existing graphical password techniques. This paper publishes the analysis of graphical passwords and shouldersurfing resistant technique. Shoulder-surfing is a known risk where an attacker can capture a password by direct observation or by recording the authentication session.
Author presents a novel graphical password design in this paper . It rests on the human cognitive ability of association-based memorization to make the authentication more user-friendly, comparing with traditional textual password. Based on the principle of zero-knowledge proof protocol, we further improve our primary design to overcome the shoulder-surfing attack issue without adding any extra complexity into the authentication procedure. System performance analysis and comparisons are presented to support our proposals.
A basic aim of the security is to create cryptographic and highly non forgeable primitives based on hard mathematical formulations that are computationally intractable. For example, the integer factorization problem is basic to the RSA public-key cryptographic system. In the past decade, the use of online banking and online transactions i.e. in E- Commerce have rapidly increased and Using difficult (Artificial Intelligence) AI challenges for security using CAPTCHA, Graphical Passwords, initially proposed in ,it was exciting new pattern. Captcha is invented for the security and it was most used technique, i.e., a puzzle. Most of another techniques are not able to keep security toward shouldersurfing attack and therefor makes the system vulnerable to attacks and however create password is insecure. In 1999 as alternative many graphical password techniques are used. This paper provides a comprehensive and analytical overview of published research work in this domain, analyzing the both the features such as usability, security aspects, and along with that system evaluation.
The primary objective of this method is to make the keyboard easily. For this reason we have created an extension for Google‟s Chrome browser. The extension has a popup window that has a randomized virtual keyboard containing buttons in a square matrix format. There are separate square matrices for alphanumeric and special characters. The user has to first locate that required character in the randomized keyboard. Alphanumeric keys are in the first block and special characters are in the second block. The input method is same for both. The user has to perform two button clicks to get the desired character. The first click (henceforth referred to as Row Click) can be on any button in the same row as the desired character of the PassBoard. The second click (henceforth referred to as Column Click) can be on any button in the same column as the desired character. This way he/she can input the entire password without actually pressing any of the characters that occur in his/her password, thus effectively preventing shouldersurfing. After he‟s done entering all the characters he/she can press the „Done‟ button to copy the password onto the clipboard and subsequently paste it in the password field of the webpage.
There are lot of research on password based on authentication has been done in the literature. Among all of these proposed schemes, from this paper focuses mainly on the graphical-based authentication systems along with a virtual keyboard shuffling. It defines that the keys will be hidden and shuffled after we pressed a password key by using fisher Yates shuffling algorithm. To avoid the shouldersurfing and key logger attack, we introduced the above concepts. We need to choose image. After the image is accepted to split into 7*11 matrixes, we need to specify the cell to set as password. After the cell is selected as password, login indicator will be generated based on cell which is selected. At initial stage we need to create with a username. To avoid key loggers attack while we typing username and other authentication based, keys are shuffled by using above mentioned algorithm.
In this paper we have proposed a novel scheme to authenticate a user using color PINS. The scheme is known as Color Pass scheme which provides an intelligent interface for users to login into system in a public domain. In this scheme, the user remembers four colors as his PIN. The scheme works on the framework of partially observable attacker model. From security point of view the scheme is quite robust against some possible attacks such as shouldersurfing, guessing password,side channel attack, etc. And from usability point of view the scheme is user friendly and takes very less time for login. Also the scheme can be used by both math and non-math oriented people. The proposed methodology shows significant low error rate during login procedure. In future we will explore how to extend this scheme for fully observable attacker model.
We propose a web application based security system. When a user interacts with a computing system to enter a secret password, shouldersurfing attacks are of great concern. This system overcomes the problem of shouldersurfing. Previous system proposed a methodology in which the user has to remember all the events performed. This limits the system usage. Our novel approach enhances the shouldersurfing security with human interaction; indeed can break the well-known PIN entry method previously evaluated to be secure against shouldersurfing. To overcome the problem, we design a multi-color number panel. This interface provides the user, a higher level of security that the shoulder surfer cannot be aware of the process the user undergoes. The color pattern in the number panel changes periodically so that for each user is provided a different pattern.
The proposed color methodology implements one time pass paradigm. Thus corresponding to four color PIN’s the user gets four challenges and enters four responses with respect to each challenge. The main target of color pass scheme is that it is very easy to use and does not require any special knowledge. Against shouldersurfing attack it also provides equal password strength as compared with the color PIN entry scheme.