A Novel Two-Factor Authentication System Robust Against Shoulder Surfing
Abstract
To stop attackers from accessing protected contents of a website or a mobile application, authentication systems with various forms are presented. One of the challenging barriers in nowadays identification systems is unauthorized bystanders. This attack is mostly applicable on many sorts of authentication systems. To fight with unauthorized eyes, many approaches have been proposed. Each one has its own pros and cons. In this paper, the proposed system is a two-factor authentication in conjunction of smart-phone of owner. To disable malicious softwares to key log keystrokes or take screenshot or observers to memorize your hand movement on keyboard or mouse curse on a virtual keyboard, proposed system came up with a novel way to decrease the effect of these attacks.
Keywords
References
Abdurrahman, U. A., Kaiiali, M., & Muhammad, J. (2013). A new mobile-based multi-factor authentication scheme using pre-shared number, GPS location and time stamp. 2013 International Conference on Electronics, Computer and Computation, ICECCO 2013, 293–296. https://doi.org/10.1109/ICECCO.2013.6718286
Chakraborty, N., Randhawa, G. S., Das, K., & Mondal, S. (2016). MobSecure: A Shoulder Surfing Safe Login Approach Implemented on Mobile Device. Procedia Computer Science, 93(September), 854–861. https://doi.org/10.1016/j.procs.2016.07.256
Chen, Y., Sun, J., Zhang, R., & Zhang, Y. (2015). Your Song Your Way: Rhythm-Based Two-Factor Authentication for Multi-Touch Mobile Devices. 2015 IEEE Conference on Computer Communications (INFOCOM), 2686–2694. https://doi.org/10.1109/INFOCOM.2015.7218660
Crossman, M. A., & Liu, H. (2016). Two-factor authentication through near field communication. 2016 IEEE Symposium on Technologies for Homeland Security, HST 2016. https://doi.org/10.1109/THS.2016.7568941
De Luca, A., Hertzschuch, K., & Hussmann, H. (2010). ColorPIN – Securing PIN Entry through Indirect Input. Proceedings of the 28th International Conference on Human Factors in Computing Systems - CHI ’10, 1103. https://doi.org/10.1145/1753326.1753490
De Luca, A., von Zezschwitz, E., Pichler, L., & Hussmann, H. (2013). Using fake cursors to secure on-screen password entry. Proceedings of the SIGCHI Conference on Human Factors in Computing Systems - CHI ’13, 2399. https://doi.org/10.1145/2470654.2481331
Gokhale, M. A. S., & Waghmare, V. S. (2016). The Shoulder Surfing Resistant Graphical Password Authentication Technique. Procedia Computer Science, 79, 490–498. https://doi.org/10.1016/j.procs.2016.03.063
Haque, S. A., Islam, S., Islam, M. J., & Grégoire, J. C. (2016). An architecture for client virtualization: A case study. Computer Networks, 100, 75–89. https://doi.org/10.1016/j.comnet.2016.02.020
Kang, J., Nyang, D., & Lee, K. (2014). Two-factor face authentication using matrix permutation transformation and a user password. Information Sciences, 269, 1–20. https://doi.org/10.1016/j.ins.2014.02.011
Lee, M. K., & Nam, H. (2013). Secure and Usable PIN-Entry Method with Shoulder-Surfing Resistance. Communications in Computer and Information Science, 374(PART II), 745–748. https://doi.org/10.1007/978-3-642-39476-8_149
Maheshwari, A., & Mondal, S. (2016). SPOSS: Secure Pin-Based-Authentication Obviating Shoulder Surfing. In I. Ray, M. S. Gaur, M. Conti, D. Sanghi, & V. Kamakoti (Eds.), Information Systems Security: 12th International Conference, ICISS 2016, Jaipur, India, December 16-20, 2016, Proceedings (pp. 66–86). Cham: Springer International Publishing. https://doi.org/10.1007/978-3-319-49806-5_4
Prabhu, S., & Shah, V. (2015). Authentication using session based passwords. Procedia Computer Science, 45(C), 460–464. https://doi.org/10.1016/j.procs.2015.03.079
Shankar, V., Singh, K., & Kumar, A. (2016). IPCT: A scheme for mobile authentication. Perspectives in Science, 8(C), 522–524. https://doi.org/10.1016/j.pisc.2016.06.009
Shen, C., Yu, T., Xu, H., Yang, G., & Guan, X. (2016). User practice in password security: An empirical study of real-life passwords in the wild. Computers and Security, 61, 130–141. https://doi.org/10.1016/j.cose.2016.05.007
Socket.IO. (2017). Retrieved December 3, 2017, from https://socket.io/
Svogor, I., & Kisasondi, T. (2012). Two factor authentication using EEG augmented passwords. Proceedings of the International Conference on Information Technology Interfaces, ITI, 373–378. https://doi.org/10.2498/iti.2012.0441
Wu, T. S., Lee, M. L., Lin, H. Y., & Wang, C. Y. (2014). Shoulder-surfing-proof graphical password authentication scheme. International Journal of Information Security, 13(3), 245–254. https://doi.org/10.1007/s10207-013-0216-7
Refbacks
- There are currently no refbacks.
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.