Hollow-Pass: A Dual-View Pattern Password Against Shoulder-Surfing Attacks
Pages 251 - 272
Abstract
This paper presents Hollow-Pass, a developed solution that strengthens the security of pattern passwords against shoulder-surfing attacks. It is a novel approach to graphical password (GP) schemes that utilize a dual-view technology known as the global precedence effect, which eliminates the need for external devices and makes the grid and pattern invisible to potential shoulder surfers. The usability of Hollow-Pass was evaluated through an online as well as an offline user test. We recruited 30 participants from varied backgrounds, ranging in age from 20 to 80 years, for the online user test. An offline small-scale sampling test was conducted among 19 undergraduates from the Universiteit of Twente. The developed solution successfully demonstrated its ability to effectively resist shoulder-surfing attacks for simple patterns at various viewing angles (front, left-front, and right-front) and different distances (1.0 m, 1.5 m, and 2.0 m).
References
[1]
Railway. https://railway.app/. Accessed 28 Mar 2023
[2]
Welcome to flask. https://flask.palletsprojects.com/en/2.2.x/. Accessed 28 Jan 2023
[3]
Anderson, M., Perrin, A.: Barriers to adoption and attitudes towards technology. Tech adoption climbs among older adults (2017)
[4]
Aris, H., Yaakob, W.F.: Shoulder surf resistant screen locking for smartphones: a review of fifty non-biometric methods. In: 2018 IEEE Conference on Application, Information and Network Security (AINS), pp. 7–14 (2018).
[5]
Aviv, A.J., Budzitowski, D., Kuber, R.: Is bigger better? Comparing user-generated passwords on vs. grid sizes for android’s pattern unlock. In: Proceedings of the 31st Annual Computer Security Applications Conference, pp. 301–310. ACSAC ’15, Association for Computing Machinery, New York, NY, USA (2015).
[6]
Aviv, A.J., Davin, J.T., Wolf, F., Kuber, R.: Towards baselines for shoulder surfing on mobile authentication. CoRR abs/1709.04959 (2017). https://arxiv.org/abs/1709.04959
[7]
Bhanushali, A., Mange, B., Vyas, H., Bhanushali, H., Bhogle, P.: Comparison of graphical password authentication techniques. Int. J. Comput. Appl. 116(1), 11–14 (2015)
[8]
Boring, E.G.: Size constancy and Emmert’s law. Am. J. Psychol. 53(2), 293–295 (1940). https://www.jstor.org/stable/1417427
[9]
Bruggen, D.V.: Studying the Impact of Security Awareness Efforts on User Behavior. Ph.D. thesis, University of Notre Dame, April 2014., https://curate.nd.edu/show/st74cn7217h
[10]
Campbell, F.W., Maffei, L.: Contrast and spatial frequency. Sci. Am. 231(5), 106–115 (1974). https://www.jstor.org/stable/24950220
[11]
Chen, C.Y.D., Lin, B.Y., Wang, J., Shin, K.G.: Keep others from peeking at your mobile device screen! In: The 25th Annual International Conference on Mobile Computing and Networking. MobiCom ’19, Association for Computing Machinery, New York, NY, USA (2019).
[12]
Cho, G., Huh, J.H., Cho, J., Oh, S., Song, Y., Kim, H.: SysPal: system-guided pattern locks for android. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 338–356. IEEE (2017)
[13]
De Luca, A., et al.: Now you see me, now you don’t: protecting smartphone authentication from shoulder surfers. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 2937–2946 (2014)
[14]
De Luca, A., et al.: Back-of-device authentication on smartphones. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 2389–2398 (2013)
[15]
Deyashini Chakravorty: What if we used graphical passwords for authentication? (2020). https://uxdesign.cc/graphical-passwords-for-authentication-4e716b94eb47. Accessed 21 Nov 2022
[16]
Flevaris AV, Martínez A, and Hillyard SA Attending to global versus local stimulus features modulates neural processing of low versus high spatial frequencies: an analysis with event-related brain potentials Front. Psychol. 2014 5 277
[17]
Hodrien A, Fernando T, et al. A review of post-study and post-task subjective questionnaires to guide assessment of system usability J. Usability Stud. 2021 16 3 203-232
[18]
Kalloniatis, M., Luu, C.: Visual acuity. Webvision: The Organization of the Retina and Visual System [Internet] (2007)
[19]
Lashkari, A.H., Farmand, S., Zakaria, D., Bin, O., Saleh, D., et al.: Shoulder surfing attack in graphical password authentication. arXiv preprint arXiv:0912.0951 (2009)
[20]
Li W, Tan J, Meng W, and Wang Y A swipe-based unlocking mechanism with supervised learning on smartphones: design and evaluation J. Netw. Comput. Appl. 2020 165
[21]
Lions, S., Monsalve, C., Dartnell, P., Blanco, M.P., Ortega, G., Lemarié, J.: Does the response options placement provide clues to the correct answers in multiple-choice tests? A systematic review. Appl. Meas. Educ. 35(2), 133–152 (2022)
[22]
Mihajlov, M., Jerman-Blazic, B.: Eye tracking graphical passwords. In: Nicholson, D. (eds.) Advances in Human Factors in Cybersecurity. AHFE 2017. AISC, vol. 593, pp. 37–44. Springer, Cham (2018).
[23]
N., S.M.: Global perception. https://psychologydictionary.org/global-perception/. Accessed 10 Feb 2023
[24]
Navon D Forest before trees: the precedence of global features in visual perception Cogn. Psychol. 1977 9 3 353-383
[25]
Pandey, M.: rgb2lab.py. https://gist.github.com/manojpandey/f5ece715132c572c80421febebaf66ae. Accessed 17 Jan 2023
[26]
Papadopoulos A, Nguyen T, Durmus E, and Memon N Illusionpin: shoulder-surfing resistant authentication using hybrid images IEEE Trans. Inf. Forensics Secur. 2017 12 12 2875-2889
[27]
Pappas T and Neuhoff D Least-squares model-based halftoning IEEE Trans. Image Process. 1999 8 8 1102-1116
[28]
Schuessler, Z.: Delta e 101. https://zschuessler.github.io/DeltaE/learn/#toc-delta-e-76. Accessed 17 Jan 2023
[29]
Seng, L., Ithnin, A.P.D.N., Km, H.: User’s affinity of choice: Features of mobile device graphical password scheme’s anti-shoulder surfing mechanism. Int. J. Comput. Sci. Issues 8 (2011)
[30]
Service, P.: Defining and communicating color: the cielab system (2013)
[31]
Shammee TI, Akter T, Mou M, Chowdhury F, and Ferdous MS A systematic literature review of graphical password schemes J. Comput. Sci. Eng. 2020 14 4 163-185
[32]
Song, Y., Cho, G., Oh, S., Kim, H., Huh, J.H.: On the effectiveness of pattern lock strength meters: measuring the strength of real world pattern locks. In: Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems, pp. 2343–2352. CHI ’15, Association for Computing Machinery, New York, NY, USA (2015).
[33]
Sun, C., Wang, Y., Zheng, J.: Dissecting pattern unlock: the effect of pattern strength meter on pattern selection. J. Inf. Secur. Appl. 19 (2014).
[34]
Sun HM, Chen ST, Yeh JH, and Cheng CY A shoulder surfing resistant graphical authentication system IEEE Trans. Dependable Secure Comput. 2018 15 2 180-193
[35]
Takahashi, K., Hasegawa, M., Tanaka, Y., Kato, S.: A structural similarity assessment for generating hybrid images. In: 2011 Conference Record of the Forty Fifth Asilomar Conference on Signals, Systems and Computers (ASILOMAR), pp. 240–243 (2011).
[36]
Tan, J.: Hollow-pass online survey. https://hollow-pass.up.railway.app/. Accessed 02 Feb 2023
[37]
Tao H and Adams CM Pass-go: a proposal to improve the usability of graphical passwords Int. J. Netw. Secur. 2008 7 273-292
[38]
Tupsamudre, H., Banahatti, V., Lodha, S., Vyas, K.: Pass-o: a proposal to improve the security of pattern unlock scheme. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, pp. 400–407 (2017)
[39]
Tupsamudre, H., Vaddepalli, S., Banahatti, V., Lodha, S.: TinPal: an enhanced interface for pattern locks. In: Workshop on Usable Security, ser. USEC, vol. 18 (2018)
[40]
Uellenbeck, S., Dürmuth, M., Wolf, C., Holz, T.: Quantifying the security of graphical passwords: the case of android unlock patterns. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 161–172. CCS ’13, Association for Computing Machinery, New York, NY, USA (2013).
[41]
Vorster, J.: A Framework for the Implementation of Graphical Passwords. Ph.D. thesis, December 2014.
[42]
Vorster, J., van Heerden, R.: Graphical passwords: a qualitative study of password patterns, March 2015
[43]
Wolf, F., Aviv, A.J., Kuber, R.: It’s all about the start classifying eyes-free mobile authentication techniques. J. Inf. Secur. Appl. 41, 28–40 (2018)
[44]
Zhang L, Guo Y, Guo X, and Shao X Does the layout of the android unlock pattern affect the security and usability of the password? J. Inf. Secur. Appl. 2021 62
[45]
zhangstar: gesturepassword (2018). https://github.com/zhangstar1331/gesturePassword
[46]
Zhu BB, Yan J, Bao G, Yang M, and Xu N Captcha as graphical passwords-a new security primitive based on hard AI problems IEEE Trans. Inf. Forensics Secur. 2014 9 6 891-904
Recommendations
A new shoulder-surfing resistant password for mobile environments
ICUIMC '11: Proceedings of the 5th International Conference on Ubiquitous Information Management and CommunicationIn mobile devices such as smart phones, it is important to provide adequate user authentication. Conventional text-based passwords have significant drawbacks though they are used as the most common authentication method. To address the vulnerabilities of ...
Design and evaluation of a shoulder-surfing resistant graphical password scheme
AVI '06: Proceedings of the working conference on Advanced visual interfacesWhen users input their passwords in a public place, they may be at risk of attackers stealing their password. An attacker can capture a password by direct observation or by recording the individual's authentication session. This is referred to as ...
A New Graphical Password Scheme Resistant to Shoulder-Surfing
CW '10: Proceedings of the 2010 International Conference on CyberworldsShoulder-surfing is a known risk where an attacker can capture a password by direct observation or by recording the authentication session. Due to the visual interface, this problem has become exacerbated in graphical passwords. There have been some ...
Comments
Information & Contributors
Information
Published In
Jun 2023
538 pages
© The Author(s), under exclusive license to Springer Nature Switzerland AG 2023.
Publisher
Springer-Verlag
Berlin, Heidelberg
Publication History
Published: 29 June 2023
Author Tags
Qualifiers
- Article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 06 Jan 2025