Classical password based schemes are widely used because it provides fair security and yet easy to use. However, when used in a public domain it is vulnerable to shoulder surfing attack in which an attacker can record the entire login session and may get the user’s original password. To avoid such attack, we have proposed a methodology known as Secure Login Against Shoulder Surfing or SLASS which is based on a partially observable attack model where an attacker can partially observe the login session. In the proposed scheme, the attacker cannot see or hear the challenges thrown by the system but can only see the responses provided by the user. User remembers a password of five characters long consisting of alphabets only and the responses are provided by some directional keys. Experimental analysis show that our scheme is less error prone, easy to use and provides high security compared to some existing approaches.


Authentication Password Shoulder Surfing Partially Observable 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Backes, M., Drmuth, M., Unruh, D.: Compromising reflections -or- how to read lcd monitors around the corner. In: Proceedings of the IEEE Symposium on Security and Privacy (SSP), Oakland, CA (May 2008)Google Scholar
  2. 2.
    Biddle, R., Chiasson, S., van Oorschot, P.: Graphical passwords: Learning from the first generation. technical report tr-09-09, school of computer science, carleton university (2009)Google Scholar
  3. 3.
    Blonder, G.E.: Graphical passwords. Lucent Technologies, Inc., Murray Hill, NJ, U. S. patent, ed. United States (June 1996)Google Scholar
  4. 4.
    Blum, L., Blum, M., Shub, M.: A simple unpredictable pseudo-random number generator. SIAM Journal on Computing 15(2), 364–383 (1986)CrossRefMATHMathSciNetGoogle Scholar
  5. 5.
    Herley, C., van Oorschot, P.C., Patrick, A.S.: Passwords: If we’re so smart, why are we still using them? In: Dingledine, R., Golle, P. (eds.) FC 2009. LNCS, vol. 5628, pp. 230–237. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  6. 6.
    Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and Other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
  7. 7.
    Li, Z., Sun, Q., Lian, Y., Giusto, D.D.: An association-based graphical password design resistant to shoulder surfing attack. In: IEEE International Conference on Multimedia and Expo. (ICME) (2005)Google Scholar
  8. 8.
    Mahansaria, D., Shyam, S., Samuel, A., Teja, R.: A fast and secure software solution [ss7.0] that counters shoulder surfing attack. In: 13th IASTED International Conference Software Engineering and Applications, pp. 190–195 (2009)Google Scholar
  9. 9.
    Paivio, A.: Mind and its evaluation: A dual coding theoretical approach (2006)Google Scholar
  10. 10.
    Perkovic, T., Cagali, M., Rakic, N.: SSSL: Shoulder surfing safe login. In: Software Telecommunications and Computer Networks, pp. 270–275 (2009)Google Scholar
  11. 11.
    Roth, V., Ritcher, K., Freidinger, R.: A pin-entry method resilient against shoulder surfing. In: ACM Conf. Comput. Commun. Security, pp. 236–245 (2004)Google Scholar
  12. 12.
    Tao, H., Adams, C.: Pass-Go:A proposal to improve the usability of graphical passwords. International Journal of Network Security 7(2), 273–292 (2008)Google Scholar
  13. 13.
    Perković, T., Čagalj, M., Saxena, N.: Shoulder-surfing safe login in a partially observable attacker model. In: Sion, R. (ed.) FC 2010. LNCS, vol. 6052, pp. 351–358. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  14. 14.
    Wiedenbeck, S., Waters, J., Birget, J., Brodskiy, A., Memon, N.: Passpoints: Design and longitudinal evaluation of a graphical password system. Special Issue on HCI Research in Privacy and Security, International Journal of Human-Computer Studies (2005) (in press)Google Scholar
  15. 15.
    Wilfong, G.: Method and appartus for secure pin entry. US Patent No. 5,940,511. Lucent Technologies, Inc., Murray Hill, NJ, U. S. Patent, Ed. United States (1997)Google Scholar
  16. 16.
    Zhao, H., Li, X.: S3PAS: A scalable shoulder-surfing resistant textual-graphical password authentication scheme. In: 21st International Conference on Advanced Information Networking and Applications Workshops, pp. 467–472 (2007)Google Scholar
  17. 17.
    Zhou, Y., Feng, D.: Side-channel attacks: Ten years after its publication and the impacts on cryptographic module security testing (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  • Nilesh Chakraborty
    • 1
  • Samrat Mondal
    • 1
  1. 1.Computer Science and Engineering DepartmentIndian Institute of Technology PatnaPatnaIndia

Personalised recommendations