An Improved Methodology towards Providing Immunity against Weak Shoulder Surfing Attack

  • Nilesh Chakraborty
  • Samrat Mondal
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8880)


In a conventional password based authentication system, an adversary can obtain login credentials by performing shoulder surfing. When such attacks are performed by human users with limited cognitive skills and without any recording device then it is referred as weak shoulder surfing attack. Existing methodologies that avoid such weak shoulder surfing attack, comprise of many rounds which may be the cause of fatigue to the general users. In this paper we have proposed a methodology known as Multi Color (MC) method which reduces the number of rounds in a session to half of previously proposed methodologies. Then using the predictive human performance modeling tool we have shown that proposed MC method is immune against weak shoulder surfing attack and also it improves the existing security level.


Authentication Human shoulder surfer Human performance modeling tool Session password 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Banking–Personal Identification Number (PIN) Management and Security–Part 1: Basic Principles and Requirements for Online PIN Handling in ATM and POS Systems, Clause 5.4 Packaging Considerations, ISO 9564-1:2002 (2002)Google Scholar
  2. 2.
    Allen, G., Buxton, R.B., Wong, E.C., Courchesne, E.: Attentional activation of the cerebellum independent of motor involvement. Science 275(5308), 1940–1943 (1997)CrossRefGoogle Scholar
  3. 3.
    Anderson, J.R., Matessa, M., Lebiere, C.A.-R.: A theory of higher level cognition and its relation to visual attention. Human-Computer Interaction 12(4), 439–462 (1997)CrossRefGoogle Scholar
  4. 4.
    Bai, X., Gu, W., Chellappan, S., Wang, X., Xuan, D., Ma, B.P.: PAS: predicate-based authentication services against powerful passive adversaries. In: Annual Computer Security Applications Conference, ACSAC, pp. 433–442. IEEE (2008)Google Scholar
  5. 5.
    Bavelier, D., Achtman, R., Mani, M., Föcker, J.: Neural bases of selective attention in action video game players. Vision Research 61, 132–143 (2012)CrossRefGoogle Scholar
  6. 6.
    Bi, X., Li, Y., Zhai, S.: FFitts law: modeling finger touch with fitts’ law. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 1363–1372. ACM (2013)Google Scholar
  7. 7.
    Blonder, G.: Graphical passwords. lucent technologies, inc., murray hill, nj. US patent, ed. United States (June 1996)Google Scholar
  8. 8.
    Brady, T.F., Konkle, T., Alvarez, G.: A review of visual memory capacity: Beyond individual items and toward structured representations. Journal of Vision 11(5), 1–34 (2011)CrossRefGoogle Scholar
  9. 9.
    Card, S.K., Moran, T.P., Newell, A.: The psychology of human computer interaction hillsdale. LEA, NJ (1983)Google Scholar
  10. 10.
    Carroll, J.M.: HCI models, theories, and frameworks: Toward a multidisciplinary science. Morgan Kaufmann (2003)Google Scholar
  11. 11.
    Chakraborty, N., Mondal, S.: Color Pass: An intelligent user interface to resist shoulder surfing attack. In: IEEE Students’ Technology Symposium (TechSym), pp. 13–18 (2014)Google Scholar
  12. 12.
    Chakraborty, N., Mondal, S.: SLASS: Secure login against shoulder surfing. In: Martínez Pérez, G., Thampi, S.M., Ko, R., Shu, L. (eds.) SNDS 2014. CCIS, vol. 420, pp. 346–357. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  13. 13.
    Green, C.S., Bavelier, D.: Action video game modifies visual selective attention. Nature 423(6939), 534–537 (2003)CrossRefGoogle Scholar
  14. 14.
    Holz, T., Engelberth, M., Freiling, F.: Learning more about the underground economy: A case-study of keyloggers and dropzones. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 1–18. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  15. 15.
    John, B.E.: Extensions of GOMS analyses to expert performance requiring perception of dynamic visual and auditory information. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 107–116. ACM (1990)Google Scholar
  16. 16.
    John, B.E., Gray, W.D.: CPM-GOMS: an analysis method for tasks with parallel activities. In: Conference Companion on Human Factors in Computing Systems, pp. 393–394. ACM (1995)Google Scholar
  17. 17.
    John, B.E., Kieras, D.E.: The GOMS family of user interface analysis techniques: comparison and contrast. ACM Transactions on Computer-Human Interaction (TOCHI) 3(4), 320–351 (1996)CrossRefGoogle Scholar
  18. 18.
    Kwon, T., Shin, S., Na, S.: Covert Attentional Shoulder Surfing: Human Adversaries Are More Powerful Than Expected. IEEE Transactions On Systems, Man, and Cybernatics: Systems 44(6) (2013)Google Scholar
  19. 19.
    Lowe, D.G.: Perceptual Organization and Visual Recognition. Tech. rep., DTIC Document (1984)Google Scholar
  20. 20.
    Luck, S.J., Vogel, E.K.: The capacity of visual working memory for features and conjunctions. Nature 390(6657), 279–281 (1997)CrossRefGoogle Scholar
  21. 21.
    Posner, M.I.: Orienting of Attention*. Quart. J. Experimental Psychology 32(1), 3–25 (1980)CrossRefMathSciNetGoogle Scholar
  22. 22.
    Rabinbach, A.: The human motor: Energy, fatigue, and the origins of modernity. Univ of California Press (1992)Google Scholar
  23. 23.
    Rayner, K., White, S.J., Kambe, G., Miller, B., Liversedge, S.P.: On the processing of meaning from parafoveal vision during eye fixations in reading. In: The Minds Eye: Cognitive and Applied Aspects of Eye Movement Research, pp. 213–234 (2003)Google Scholar
  24. 24.
    Rosenkrantz, W.A.: Introduction to Probability and Statistics for Science, Engineering, and Finance. CRC Press (2011)Google Scholar
  25. 25.
    Treisman, A.M., Kanwisher, N.G.: Perceiving visually presented objects: Recognition, awareness, and modularity. Current Opinion Neurobiol. 8(2), 218–226 (1998)CrossRefGoogle Scholar
  26. 26.
    Roth, V., Ritcher, K., Freidinger, R.: A PIN-entry method resilient against shoulder surfing. In: ACM Conf. Comput. Commun. Security, pp. 236–245 (2004)Google Scholar
  27. 27.
    Wiedenbeck, S., Waters, J., Sobrado, L., Birget, J.-C.: Design and Evaluation of a Shoulder-Surfing Resistant Graphical Password Scheme. In: ACM Working Conference Advance Visual Interfaces, pp. 177–184 (2006)Google Scholar
  28. 28.
    Yan, Q., Han, J., Li, Y., Deng, R.H.: On Limitations of Designing Leakage-Resilient Password Systems: Attacks, Principles and Usability. In: 19th Internet Social Network Distributed System Security (NDSS) Symposium (2012)Google Scholar
  29. 29.
    Zhao, H., Li, X.: S3PAS: A scalable shoulder-surfing resistant textual-graphical password authentication scheme. In: 21st International Conference on Advanced Information Networking and Applications Workshops, pp. 467–472 (2007)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Nilesh Chakraborty
    • 1
  • Samrat Mondal
    • 1
  1. 1.Computer Science and Engineering DepartmentIndian Institute of Technology PatnaPatnaIndia

Personalised recommendations