A Shoulder Surfing Resistant Authentication Scheme Using Polymorphic Cipher

Faretz Emir Imran; Vik Tor Goh; Sook Chin Yip; Timothy Tzen Vun Yap; Yvonne Hwei-Syn Kam

doi:10.1109/mecon62796.2024.10776103

A Shoulder Surfing Resistant Authentication Scheme Using Polymorphic Cipher

Faretz Emir Imran, Vik Tor Goh, Sook Chin Yip, Timothy Tzen Vun Yap, Yvonne Hwei-Syn Kam

School of Mathematical & Computer Sciences

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Users who perform transactions at ATMs or computer terminals placed in high-traffic areas in public may be exposed to shoulder surfing attacks, whether through a recording attack or an over-the-shoulder snooping. While there are passwordless alternatives to conventional authentication, there are some instances where it would not be a best fit for the scenario. This paper aims to improve on the existing form of user authentication with passwords, whilst at the same time not sacrificing security or usability. The contents of this paper discuss the design and implementation of a graphical-based image grid password that utilizes a secret channel for the user to inform the system that they have knowledge of their password without revealing it directly to the system. This will be achieved whilst still maintaining a high degree of security from shoulder surfing. The proposed scheme allows the user to use a session password which is invisible to would-be attackers, while maintaining the high security of a shoulder surfing resistant scheme. The authentication method uses a 5x5 image grid, with an invisible textual password overlayed over it. Authentication can be achieved in a few strokes of the user's keyboard, all while ensuring that the user will never have to reveal their real password at any point of the authentication process.

Original language	English
Title of host publication	2024 Multimedia University Engineering Conference (MECON)
Publisher	IEEE
ISBN (Electronic)	9798331530747
ISBN (Print)	9798331530754
DOIs	https://doi.org/10.1109/mecon62796.2024.10776103
Publication status	Published - 10 Dec 2024
Event	Digital Futures International Congress and 4th Multimedia University Engineering Conference 2024: Intelligence for Sustainable Futures: A Journey Towards Society 5.0 - virtual, Cyberjaya, Malaysia Duration: 23 Jul 2024 → 25 Jul 2024 https://www.mmu-cnergy.com/difcon2024

Conference

Conference	Digital Futures International Congress and 4th Multimedia University Engineering Conference 2024
Abbreviated title	DIFCON 2024 MECON 2024
Country/Territory	Malaysia
City	Cyberjaya
Period	23/07/24 → 25/07/24
Internet address	https://www.mmu-cnergy.com/difcon2024

Keywords

graphical password
passwordless
authentication
Playfair
shoulder surfing
polymorphic password
Resistance
Measurement
Ciphers
prototypes
Recording
Security
Usability
Protection

Access to Document

10.1109/mecon62796.2024.10776103

Cite this

@inproceedings{ba40179cef104eff94788f56af53a6e5,

title = "A Shoulder Surfing Resistant Authentication Scheme Using Polymorphic Cipher",

abstract = "Users who perform transactions at ATMs or computer terminals placed in high-traffic areas in public may be exposed to shoulder surfing attacks, whether through a recording attack or an over-the-shoulder snooping. While there are passwordless alternatives to conventional authentication, there are some instances where it would not be a best fit for the scenario. This paper aims to improve on the existing form of user authentication with passwords, whilst at the same time not sacrificing security or usability. The contents of this paper discuss the design and implementation of a graphical-based image grid password that utilizes a secret channel for the user to inform the system that they have knowledge of their password without revealing it directly to the system. This will be achieved whilst still maintaining a high degree of security from shoulder surfing. The proposed scheme allows the user to use a session password which is invisible to would-be attackers, while maintaining the high security of a shoulder surfing resistant scheme. The authentication method uses a 5x5 image grid, with an invisible textual password overlayed over it. Authentication can be achieved in a few strokes of the user's keyboard, all while ensuring that the user will never have to reveal their real password at any point of the authentication process.",

keywords = "graphical password, passwordless, authentication, Playfair, shoulder surfing, polymorphic password, Resistance, Measurement, Ciphers, prototypes, Recording, Security, Usability, Protection",

author = "Imran, {Faretz Emir} and Goh, {Vik Tor} and Yip, {Sook Chin} and {Vun Yap}, {Timothy Tzen} and Kam, {Yvonne Hwei-Syn}",

year = "2024",

month = dec,

day = "10",

doi = "10.1109/mecon62796.2024.10776103",

language = "English",

isbn = "9798331530754",

booktitle = "2024 Multimedia University Engineering Conference (MECON)",

publisher = "IEEE",

address = "United States",

note = "Digital Futures International Congress and 4th Multimedia University Engineering Conference 2024 : Intelligence for Sustainable Futures: A Journey Towards Society 5.0, DIFCON 2024 MECON 2024 ; Conference date: 23-07-2024 Through 25-07-2024",

url = "https://www.mmu-cnergy.com/difcon2024",

}

Imran, FE, Goh, VT, Yip, SC, Vun Yap, TT & Kam, YH-S 2024, A Shoulder Surfing Resistant Authentication Scheme Using Polymorphic Cipher. in 2024 Multimedia University Engineering Conference (MECON)., 10776103, IEEE, Digital Futures International Congress and 4th Multimedia University Engineering Conference 2024, Cyberjaya, Malaysia, 23/07/24. https://doi.org/10.1109/mecon62796.2024.10776103

TY - GEN

T1 - A Shoulder Surfing Resistant Authentication Scheme Using Polymorphic Cipher

AU - Imran, Faretz Emir

AU - Goh, Vik Tor

AU - Yip, Sook Chin

AU - Vun Yap, Timothy Tzen

AU - Kam, Yvonne Hwei-Syn

PY - 2024/12/10

Y1 - 2024/12/10

N2 - Users who perform transactions at ATMs or computer terminals placed in high-traffic areas in public may be exposed to shoulder surfing attacks, whether through a recording attack or an over-the-shoulder snooping. While there are passwordless alternatives to conventional authentication, there are some instances where it would not be a best fit for the scenario. This paper aims to improve on the existing form of user authentication with passwords, whilst at the same time not sacrificing security or usability. The contents of this paper discuss the design and implementation of a graphical-based image grid password that utilizes a secret channel for the user to inform the system that they have knowledge of their password without revealing it directly to the system. This will be achieved whilst still maintaining a high degree of security from shoulder surfing. The proposed scheme allows the user to use a session password which is invisible to would-be attackers, while maintaining the high security of a shoulder surfing resistant scheme. The authentication method uses a 5x5 image grid, with an invisible textual password overlayed over it. Authentication can be achieved in a few strokes of the user's keyboard, all while ensuring that the user will never have to reveal their real password at any point of the authentication process.

AB - Users who perform transactions at ATMs or computer terminals placed in high-traffic areas in public may be exposed to shoulder surfing attacks, whether through a recording attack or an over-the-shoulder snooping. While there are passwordless alternatives to conventional authentication, there are some instances where it would not be a best fit for the scenario. This paper aims to improve on the existing form of user authentication with passwords, whilst at the same time not sacrificing security or usability. The contents of this paper discuss the design and implementation of a graphical-based image grid password that utilizes a secret channel for the user to inform the system that they have knowledge of their password without revealing it directly to the system. This will be achieved whilst still maintaining a high degree of security from shoulder surfing. The proposed scheme allows the user to use a session password which is invisible to would-be attackers, while maintaining the high security of a shoulder surfing resistant scheme. The authentication method uses a 5x5 image grid, with an invisible textual password overlayed over it. Authentication can be achieved in a few strokes of the user's keyboard, all while ensuring that the user will never have to reveal their real password at any point of the authentication process.

KW - graphical password

KW - passwordless

KW - authentication

KW - Playfair

KW - shoulder surfing

KW - polymorphic password

KW - Resistance

KW - Measurement

KW - Ciphers

KW - prototypes

KW - Recording

KW - Security

KW - Usability

KW - Protection

U2 - 10.1109/mecon62796.2024.10776103

DO - 10.1109/mecon62796.2024.10776103

M3 - Conference contribution

SN - 9798331530754

BT - 2024 Multimedia University Engineering Conference (MECON)

PB - IEEE

T2 - Digital Futures International Congress and 4th Multimedia University Engineering Conference 2024

Y2 - 23 July 2024 through 25 July 2024

ER -

A Shoulder Surfing Resistant Authentication Scheme Using Polymorphic Cipher

Abstract

Conference

Keywords

Access to Document

Fingerprint

Cite this