A Mobile Device-Based Antishoulder-Surfing Identity Authentication Mechanism

  • Jia-Ning LuoEmail author
  • Ming-Hour Yang
  • Cho-Luen Tsai
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9955)


Text-based passwords are unable to prevent shoulder-surfing attacks. In this paper, a new authentication mechanism was introduced to send out misleading information to attackers when the former entered its text-based passwords; the latter was unable to decipher the true passwords by simply recording or looking at them. The misleading information was the pressure values (i.e., pressures exerted by the users) measured by pressure sensors embedded under the smartphone touchscreens. The systems detected each pressure value entered by the users and determined whether it was to be saved (i.e., as a true password) or omitted (i.e., as misleading information). Regarding this authentication method, because attackers were unable to know the users’ pressure values, they were unable to differentiate between true and misleading information and thus had no way of knowing the users’ actual passwords. In the end, our authentication mechanism improved the deficiency of current text-based passwords and enhanced system security.


Shoulder-surfing attacks Graphical password 



This research was supported by the Ministry of Science and Technology, Taiwan under grant no. MOST 104-2221-E-103-009 and MOST 105-2221-E-130-005.


  1. 1.
    Bianchi, A., Oakley, I., Kostakos, V., Kwon, D.S.: The phone lock: audio and haptic shoulder-surfing resistant PIN entry methods for mobile devices. In: Proceedings of the Fifth International Conference on Tangible, Embedded, and Embodied Interaction, pp. 197–200 (2011)Google Scholar
  2. 2.
    Chakraborty, N., Mondal, S.: SLASS: secure login against shoulder surfing. In: Recent Trends in Computer Networks and Distributed Systems Security, pp. 346–357 (2014)Google Scholar
  3. 3.
    Chen, Y.L., Ku, W.C., Yeh, Y.C., Liao, D.M.: A simple text-based shoulder surfing resistant graphical password scheme. In: Proceedings of the 2013 IEEE International Symposium on Next-Generation Electronics (ISNE), pp. 161–164 (2013)Google Scholar
  4. 4.
    Kim, S.H., Kim, J.W., Kim, S.Y., Cho, H.G.: A new shoulder-surfing resistant password for mobile environments. In: Proceedings of the 5th International Conference on Ubiquitous Information Management and Communication, Article no. 27 (2011)Google Scholar
  5. 5.
    Lee, M.K.: Security notions and advanced method for human shoulder-surfing resistant pin-entry. IEEE Trans. Inf. Forensics Secur. 9(4), 695–708 (2014)CrossRefGoogle Scholar
  6. 6.
    Lei, M., Xiao, Y., Vrbsky, S.V., Li, C.C., Liu, L.: A virtual password scheme to protect passwords. In: Proceedings of the IEEE International Conference on Communications (ICC 2008), pp. 1536–1540 (2008)Google Scholar
  7. 7.
    Perkovi, T., agalj, M., Raki, N: SSSL: shoulder surfing safe login. In: Profeedings of the 17th International Conference on Software, Telecommunications and Computer Networks (SoftCOM 2009), pp. 270–275 (2009)Google Scholar
  8. 8.
    Rajarajan, S., Maheswari, K., Hemapriya, R., Sriharilakshmi, S.: Shoulder surfing resistant virtual keyboard for internet banking. World Appl. Sci. J. 31(7), 1297–1304 (2014)Google Scholar
  9. 9.
    Yi, H., Piao, Y., Yi, J.H.: Touch logger resistant mobile authentication scheme using multimodal sensors. In: Jeong, H.Y., Obaidat, M.S., Yen, N.Y., Park, J.J. (eds.) Advances in Computer Science and its Applications. LNEE, pp. 19–26. Springer, Heidelberg (2014)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  1. 1.Department of Information and Telecommunications EngineeringMing Chuan UniversityTaoyuanTaiwan
  2. 2.Department of Information and Computer EngineeringChung Yuan Christian UniversityTaoyuanTaiwan

Personalised recommendations