Skip to the main content

Original scientific paper

https://doi.org/10.24138/jcomss.v6i2.191

SSSL: Shoulder Surfing Safe Login

Toni Perković orcid id orcid.org/0000-0001-8826-4905 ; Department of electronics, FESB, University of Split, Croatia
Mario Čagalj ; Department of electronics, FESB, University of Split, Croatia
Nikola Rakić ; Department of electronics, FESB, University of Split, Croatia


Full text: english pdf 3.018 Kb

page 65-73

downloads: 691

cite


Abstract

Classical PIN-entry methods are vulnerable to a broad class of observation attacks (shoulder surfing, key-logging). A number of alternative PIN-entry methods that are based on human cognitive skills have been proposed. These methods can be classified into two classes regarding information available to a passive adversary: (i) the adversary fully observes the entire input and output of a PIN-entry procedure, and (ii) the adversary can only partially observe the input and/or output. In this paper we propose a novel PIN-entry scheme- Shoulder Surfing Safe Login (SSSL). SSSL is a challenge response protocol that allows a user to login securely in the presence of the adversary who can observe (via key-loggers, cameras) user input. This is accomplished by restricting the access to SSSL challenge values. Compared to existing solutions, SSSL is both user-friendly (not mentally demanding) and cost efficient. Our usability study reveals that the average login time with SSSL is around 8 sec in a 5-digit PIN scenario. We also show the importance of considering side-channel timing attacks in the context of authentication schemes based on human cognitive skills.

Keywords

Hrčak ID:

180405

URI

https://hrcak.srce.hr/180405

Publication date:

22.6.2010.

Visits: 1.831 *