Shoulder surfing attack

Top PDF Shoulder surfing attack:

A Survey On Avoid Shoulder Surfing Attack Using MultiColor Password

A Survey On Avoid Shoulder Surfing Attack Using MultiColor Password

ABSTRACT: There are a large number of Internet users around the world. Our software applications deal with sensitive as well as private information which must be saved from misuse by some malicious users and their attacks. Hence authentication is a very important technique by which the system can identify the type of users.There are many authentication schemes available among which password based authentication is most used as it is cost effective and secure. The classical PIN entry mechanism is widely used because of its ease of usability and security, but it often leads to shoulder surfing attack in which a user can record the login session and retrieve the user original PIN for misuse in future. Based on the information available to the user the login methods can be categorized into fully observable and partially observable. In fully observable attack the user can fully observe the entire login procedure and in partially observable attack the user can partially observe the login session. The existing Color Pass methodology provides onetime pass paradigm corresponding to four color PINs in which the user gets four challenges for which the user enter response to each challenge. Its easy to use and doesnt require any additional knowledge. This method leads to drawback as the user uses the headphones to get the color values. Sometimes the headphones will not work properly or the user does not have the clarity in hearing, this leads to the poor understanding of the challenge values. Here 0-9 Feature tables are generated which increases the user response time. To overcome the disadvantage in the proposed method Multi Color Pass system the color values will be received via mobile phone. Instead of Feature
Show more

5 Read more

REVIEW ON COLOR PASSWORD TO RESIST SHOULDER SURFING ATTACK

REVIEW ON COLOR PASSWORD TO RESIST SHOULDER SURFING ATTACK

In shoulder surfing safe login, proposed by Perkovic et al [8] user does not provide any numbers instead of that they will be provided by the directions. Here the user remembers the five digit PIN numbers and the system throws values to the user with respect to the table and keypad consists of arrows. SSSL gives a robust solution to the shoulder surfing attack. However, in SSSL the existence of co-relation between digits can be observed by a clever attacker and he may use it to guess the PIN.

7 Read more

A Pattern-Based Password Authentication Scheme for Minimizing Shoulder Surfing Attack

A Pattern-Based Password Authentication Scheme for Minimizing Shoulder Surfing Attack

The biggest threat nowadays that requires the user to have a password for their account is shoulder surfing attack [26]. Shoulder surfing is an attack which can be performed by the unauthorized user to obtain the authorized user’s password by watching over the user’s shoulder when he enters his password [24]. This attack is usually effective in crowded places because it is easy to observe someone without been suspicious as they are filling in their password field. The shoulder surfing attack can occur in the events when the user enters their PIN at an automated teller machine or enter a password at a cybercafe, public and university libraries. Besides, shoulder surfing can also be done at a distance using some tools like binoculars or other vision-enhancing devices. Also, some inexpensive and simple devices also can be used to make this attack such as using an illegally installed tiny camera to observe data entry.
Show more

7 Read more

Shoulder Surfing Attack Prevention using Color Pass Method

Shoulder Surfing Attack Prevention using Color Pass Method

© 2017, IRJET | Impact Factor value: 5.181 | ISO 9001:2008 Certified Journal | Page 1368 special rule to mix his textual password to get a session password to login the system is proposed by H. Zhao and X. Li [2], S3PAS: A scalable shoulder-sarong resistant textual graphical password authentication scheme. A text-based shoulder surfing resistant graphical password scheme by using colors is proposed by Sreelatha et al. 'M. Sreelatha, M. Anirudh, Md. grand Turk Ahamer, and V. Manoj Kumar [3]. Authentication schemes for session passwords using color and images, International Journal of Network Security & Its applications'. Clearly, as the user has got to additionally study the order of many colours, the memory burden of the user is high. To avoid the above drawbacks we'll describe a straightforward and efficient technique for the shoulder surfing Attack using Texts and color primarily based graphical password scheme [4], it uses ten decimal numbers.
Show more

10 Read more

A Survey On Resisting Shoulder Surfing Attack Using Graphical Password

A Survey On Resisting Shoulder Surfing Attack Using Graphical Password

Web application and mobile application are used widely in everywhere with various devices. This evolution is very useful but also increases probability leaking a password through shoulder surfing attacks. In this attack, attacker can observe directly or by external recording devices or video capturing are used for collecting password. To overcome this we proposed a system that provides pair base method and graphical password based on pass matrix concept to resist shoulder surfing attack. Pass Matrix is considered a novel and easy-to-use graphical password authentication system, which can effectively improve shoulder-surfing attacks. In graphical password where users click on images to authenticate themselves. Experimental result show that, the proposed system achieves better resistance to shoulder surfing attacks while maintaining usability.
Show more

5 Read more

A Novel Approach to Resist Shoulder Surfing Attack

A Novel Approach to Resist Shoulder Surfing Attack

No special mathematical knowledge is required to use our scheme. Thus the scheme can be easily used by any type of users which widens the scope of applicability of our scheme. However one problem associated with our scheme is that scheme cannot be used by color blind people. As the scheme is based on colors only, Except this limitation our methodology is quite powerful against attacks such as guessing PIN, shoulder surfing attack, side channel attack and yet provides a simple to use interface which consumes a very low login time. 5. C ONCLUSIONS
Show more

6 Read more

A Survey on Shoulder Surfing Resistant Graphical Authentication Systems

A Survey on Shoulder Surfing Resistant Graphical Authentication Systems

The shoulder surfing attack in an attack that can be performed by the adversary to obtain the user's password by watching over the user's shoulder as he enters his password. As conventional password schemes are vulnerable to shoulder surfing, Sobrado and Birget proposed three shoulder surfing resistant graphical password schemes. Since then, many graphical password schemes with different degrees of resistance to shoulder surfing have been proposed, and each has its pros and cons. seeing that most users are more familiar with textual passwords than pure graphical passwords.
Show more

5 Read more

Implementation of Graphical Authentication System for Shoulder Surfing Attacks

Implementation of Graphical Authentication System for Shoulder Surfing Attacks

Author presents a novel graphical password design in this paper. It rests on the human cognitive ability of association- based memorization to make the authentication more user-friendly, comparing with traditional textual password. Based on the principle of zero-knowledge proof protocol, we further improve our primary design to overcome the shoulder- surfing attack issue without adding any extra complexity into the authentication procedure. System performance analysis and comparisons are presented to support our proposals.

9 Read more

A Shoulder Surfing Resistant Graphical Password System             

A Shoulder Surfing Resistant Graphical Password System             

In our proposed system in order to provide more security to the existing authentication methods, in each page where all images within each category are shown, the false image (not my password) is added automatically. This image can be replaced with one of the images in each category. Since the user is aware of the selected image in each category, if the known image is available, he can pick out the correct image, otherwise, he takes the false image. In order to make the process to be more complex for the attacker, a random category will be added between selected categories. In this example, since the pet category was not selected by the user as part of his password in the registration step, he must select the false image to ignore this category. However, this category can be considered as the real image category by an attacker who watches the user authentication process, since the user selected an image from this category. After the graphical password will be validated, then the system will automatically direct the user to the appropriate web page (user profile). To this end, it can prevent shoulder-surfing attack by pretending that the selected image (false image) is one of the images that user selected as his password.
Show more

5 Read more

CUED CLICK POINT (CCP) ALGORITHM FOR GRAPHICAL PASSWORD TO AUTHENTICATE SHOULDER SURFING RESISTANCE

CUED CLICK POINT (CCP) ALGORITHM FOR GRAPHICAL PASSWORD TO AUTHENTICATE SHOULDER SURFING RESISTANCE

From the above literature surveys, we have came to conclusion that there are many attacks taking place regarding the authentication process of the existing system.So we come up with the new authentication system which includes cued click point algorithm to resist shoulder surfing attack based on image password selected by user from image grid and image point is stored in the form of rows and coloumns as password ..

7 Read more

A Shoulder Surfing Resistance using HMAC Algorithm

A Shoulder Surfing Resistance using HMAC Algorithm

Our proposed idea of login gives you the user- friendly authentication system. The system provides the login indicator from the numeric values 0 to 9. Using the proximity sensor and holding the screen using hands to see the indicator to avoid the shoulder surfing attack. After seeing the indicator, the user moves to the authentication activity, there the image uploaded by the user will be loaded and above the image the numeric numbers will scattered throughout the screen. If you touch the single numeric value and drag it. The whole scattered numbers will be moved with respective to the numeric value that you are dragging. You can drag any of the number and you should place your indicator on the image password position you selected during registration.
Show more

5 Read more

Study and Analysis of Shoulder-Surfing Methods

Study and Analysis of Shoulder-Surfing Methods

In this paper we had studied different textual and graphical methods of preventing shoulder surfing attack. From Table III, it is seen that the time required to enter the PIN using this Textual methods is little more as compared to the time required to enter the graphical methods. Because textual methods is based on computations, where Mod 10 method takes more time for login than Mod 10 table method and Color pass method because Mod 10 is fully math oriented but Mod 10 table and Color pass method are user friendly and takes less login time for login compared to Mod 10 method. Graphical methods, BW method have several drawbacks, such as round redundancy, unbalanced key press, recording non- resilience the more strengthened TictocPIN method requires smaller number of rounds than original BW method.
Show more

7 Read more

Human Interaction in Shoulder Surfing Security

Human Interaction in Shoulder Surfing Security

The main aim of this project is to prevent human shoulder surfing attack and to establish a secure transaction by implementing the color matching algorithm. When a user enters a personal identification number(PIN) as a numeric password in mobile or stationary systems, including smart phones, tablet computers, automated teller machines (ATM), and point of sale (PoS) terminals, bank lockers, online net banking sites a direct observation attack based on shoulder surfing becomes great concern. The PIN entry can be observed by nearby adversaries, more effectively in a crowded place. Since the same PIN is usually chosen by a user for various purposes and used repeatedly, a compromise of the PIN may cause the user a great risk.
Show more

5 Read more

Implementing Authentication, Authorization and Access Technique using Session Password with Pair based Scheme

Implementing Authentication, Authorization and Access Technique using Session Password with Pair based Scheme

intruder can scrutinizethe password by recording the authentication session orthrough direct surveillance when any user is perform login to his account. Even though there are some of the graphical password that procedures resistant to the shoulder surfing attack, but they also have their own downside like usability issues or consuming additional time for user to login or having some tolerance levels [3] in them also. Along with this issues, the cost of installing the graphical password scheme is much more as compared to our traditional text based scheme.
Show more

5 Read more

Smart Locker System to Crack Shoulder Surfing Techniques

Smart Locker System to Crack Shoulder Surfing Techniques

Traditionally, picture-based password color coding systems employ password objects (pictures/icons/symbols) as input during an authentication session, thus making them vulnerable to “shoulder-surfingattack because the visual interface by function is easily observed by others. Recent software-based approaches attempt to minimize this threat by requiring users to enter their passwords indirectly by performing certain mental tasks to derive the indirect password, thus concealing the user’s actual password. However, weaknesses in the positioning of distracter and password objects introduce usability and security issues. In this paper, a new method, which conceals information about the password objects as much as possible, is proposed. Besides concealing the password objects and the number of password objects, the proposed method allows both password and distracter objects to be used as the challenge set’s input. The correctly entered password appears to be random and can only be derived with the knowledge of the full set of password objects. Therefore, it would be difficult for a shoulder-surfing adversary to identify the user’s actual password. Simulation results indicate that the correct input object and its location are random for each challenge set, thus preventing frequency of occurrence analysis attack. User study results show that the proposed method is able to prevent shoulder-surfing attack.
Show more

6 Read more

HoneyPass: A Shoulder Surfing Resistant Graphical Authentication System using Honeypot

HoneyPass: A Shoulder Surfing Resistant Graphical Authentication System using Honeypot

Shoulder Surfing attack is a direct observation approach where the shoulder surfer steals the user's Personal Identification Number (PIN), passwords by looking over his shoulder. [2,3] It commonly happens in public transports while the victim is commuting which involves a smart phone in almost all cases. A good example is shoulder surfing at ATMs, a crime in which a suspect watch over the victim's shoulder as he punches in his PIN number. The ATM screen asks for another transaction when the customers complete theirs. Some customers fail to notice the prompt and walk away leaving it on the screen. In this way, the thief enters the stolen PIN and pretends to be the user. But the phenomenon of shoulder surfing is not widely known. [4] Users tend to use the strategies such as hiding the device screen, shielding the device with their hand etc. However, by observing, one cannot get a hold with most of the victim’s detailed biodata such as information about his relationships, sexual preferences, interests, hobbies, and login data. Hence, the damage shoulder surfing can cause is widely unknown. [5].
Show more

11 Read more

PASSMATRIX  An Authentication System to Resist Shoulder Surfing Attacks

PASSMATRIX An Authentication System to Resist Shoulder Surfing Attacks

pattern based password. These patterns based authentication system is vulnerable to shoulder surfing attack as well as the Smudge Attacks. The attacker can easily get the password pattern by observing the smudge left on the touch screen. Defining bad and easily crackable password and/or login using password in insecure environment mainly causes loopholes in password authentication security. There is a need of secured password authentication system which overcomes the drawbacks of existing text and image based password schemes. To overcome these problems biometrical password scheme is introduced. In biometric password authentication system user voice, retina, thumbprint, face are used as a passwords. There are various types of biometric sensors which as able to authenticate user. Such schemes are secured but hardware specific. Special sensor devices are required for authentication. It is impractical to have such authentication system to regular web based resources and such system installation and maintenance is costly. This proposed work provides a graphical authentication system. This system is able to restrict shoulder surfing attack. To resist shoulder surfing attack it uses session password technique. In session password user will add new password at every login attempt. The added password is valid for only single login session. Pass-matrix technique is proposed in this work. This technique uses pass-point clicking. This technique uses more than one image as a password. For every image it defines the click points as a pass-square. If user is not being able to click on correct pass square then system displays a wrong image for next pass input. This wrong image is treated as a warning to the user. To define session password for pass square click, a hint is provided to the user. Based on the given hint user will select the password for that session.
Show more

6 Read more

A Novel Two-Factor Authentication System Robust Against Shoulder Surfing

A Novel Two-Factor Authentication System Robust Against Shoulder Surfing

To pave the way for significantly more secure future regarding authentication systems and defeating possible and common threats, so many suggestions have been proposed in different forms. Each one has its own advantages and disadvantages while achieving a good trade-off between perfect security and usability is always hard. Typically, shoulder surfing attacks are classified into two categories. There is no special equipment most of times in the first type which is called weak shoulder surfing attack while in the second type a strong shoulder surfing attack with the help of equipment like cameras would help attackers to record hands movements or mouse clicks for later use (Wu, Lee, Lin, & Wang, 2014). The proposed system main focus is to battle with malicious software and the two types of shoulder surfing attacks. Experiments have shown that in different scenarios bystanders were not able to grab the second-pass as client click different positions with a hidden cursor. In the future work, experiments can be extended to several bystanders and more complicated scenarios while it perhaps requires some considerations to be applied to the system to make it more robust in those conditions. Performance of system under heavy load, different internet speed at client side must be considered as well. In addition, other factors that may influence the performance should be investigated precisely.
Show more

7 Read more

MIRAGE 1 0: A Key Entry Scheme Resilient to Shoulder Surfing

MIRAGE 1 0: A Key Entry Scheme Resilient to Shoulder Surfing

Shoulder Surfing is using direct observation techniques, such as, looking over someone's shoulder, to get information. Shoulder Surfing is an effective way to get information be it in a user‟s home while he works on his personal computer or in a public place which is more prone to Shoulder Surfing attack. Shoulder Surfing can also be done long distance with the aid of binoculars or other vision-enhancing devices [1]. The increase in number of laptop and personal digital assistant (PDA) usage has greatly increased the danger of unauthorized observation of authentication procedures. The users have become more prone to password theft due to such kind of sneaking. Especially when the users are moving around it is difficult for them to keep a strict vigilance on their surroundings. One should remain cautious of his/her surroundings if he/she is authenticating by the traditional authentication methods prone to Shoulder Surfing.
Show more

7 Read more

A Comprehensive Survey On Graphical Passwords And Shoulder Surfing Resistant Technique Analysis

A Comprehensive Survey On Graphical Passwords And Shoulder Surfing Resistant Technique Analysis

Graphical passwords are more vulnerable to shoulder surfing attacks than conventional textual passwords; research has been done to study the difficulty of cracking graphical passwords. Because graphical passwords are not widely used in practice, there is no report on real cases of breaking graphical passwords. Here we briefly exam some of the possible techniques for breaking graphical passwords and try to do a comparison with text-based passwords. The intruder captures the password either by direct observation or by using hidden cameras. Many shoulder surfing resistant techniques have been proposed and each technique has its own way in providing security against shoulder surfing attack.
Show more

7 Read more

Show all 5700 documents...