Tag Digit Based Honeypot to Detect Shoulder Surfing Attack
Traditional password based authentication scheme is vulnerable to shoulder surfing attack. So if an attacker sees a legitimate user to enter password then it is possible for the attacker to use that credentials later to illegally login into the system and may do some malicious activities. Many methodologies exist to prevent such attack. These methods are either partially observable or fully observable to the attacker. In this paper we have focused on detection of shoulder surfing attack rather than prevention. We have introduced the concept of tag digit to create a trap known as honeypot. Using the proposed methodology if the shoulder surfers try to login using others’ credentials then there is a high chance that they will be caught red handed. Comparative analysis shows that unlike the existing preventive schemes, the proposed methodology does not require much computation from users end. Thus from security and usability perspective the proposed scheme is quite robust and powerful.
KeywordsAuthentication Shoulder Surfing Attack Honeypot Partially Observable Scheme
Unable to display preview. Download preview PDF.
- 1.Banking- Personal Identification Number (PIN) Management and Security - Part 1: Basic Principles and Requirements for Online PIN Handling in ATM and POS Systems, Clause 5.4 Packaging Considerations, ISO 9564-1:2002 (2002)Google Scholar
- 3.Chakraborty, N., Mondal, S.: Color Pass: An intelligent user interface to resist shoulder surfing attack. In: 2014 IEEE Students’ Technology Symposium (TechSym), pp. 13–18 (2014)Google Scholar
- 5.Gardiner, S.: $217,000 ‘Skimmed’ from ATMs. The Wall Street Journal (June 2010)Google Scholar
- 6.Genc, Z.A., Kardas, S., Kiraz, M.S.: Examination of a new defense mechanism: Honeywords. IACR Cryptology ePrint Archive 2013, 696 (2013)Google Scholar
- 8.Juels, A., and Ristenpart, T. Honey encryption: Security beyond the brute-force bound. IACR Cryptology ePrint Archive 2014, 155 (2014)Google Scholar
- 9.Juels, A., Rivest, R.L.: Honeywords: making password-cracking detectable. In: ACM Conference on Computer and Communications Security, pp. 145–160 (2013)Google Scholar
- 10.Kocher, P.C.: Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
- 12.Mahansaria, D., Shyam, S., Samuel, A., Teja, R.: A fast and secure software solution [ss7.0] that counters shoulder surfing attack. In: 13th International Conference on Software Engineering and Application, pp. 190–195 (2009)Google Scholar
- 13.Skynews. ATM ‘shoulder surfing’ card fraud on rise (June 2013), http://news.sky.com/story/1100203/atm-shoulder-surfing-card-fraud-on-rise
- 15.Roth, V., Richter, K., Freidinger, R.: A PIN-entry method resilient against shoulder surfing. In: ACM Conference Computer Communication Security, pp. 236–245 (2004)Google Scholar
- 16.Wilfong, G.: Method and appartus for secure pin entry. Lucent Technologies, Inc., Murray Hill, NJ, U. S. Patent, ed. United States (1999)Google Scholar
- 17.Zhao, H., Li, X.: S3PAS: A scalable shoulder-surfing resistant textual-graphical password authentication scheme. In: 21st International Conference on Advanced Information Networking and Applications Workshops, pp. 467–472 (2007)Google Scholar