A Shoulder Surfing Resistant Authentication Scheme Using Polymorphic Cipher

A Shoulder Surfing Resistant Authentication Scheme Using Polymorphic Cipher

연구 분야: Analysis

학회: 2024 Multimedia University Engineering Conference (MECON)

Users who perform transactions at ATMs or computer terminals placed in high-traffic areas in public may be exposed to shoulder surfing attacks, whether through a recording attack or an over-the-shoulder snooping. While there are passwordless alternatives to conventional authentication, there are some instances where it would not be a best fit for the scenario. This paper aims to improve on the existing form of user authentication with passwords, whilst at the same time not sacrificing security or usability. The contents of this paper discuss the design and implementation of a graphical-based image grid password that utilizes a secret channel for the user to inform the system that they have knowledge of their password without revealing it directly to the system. This will be achieved whilst still maintaining a high degree of security from shoulder surfing. The proposed scheme allows the user to use a session password which is invisible to would-be attackers, while maintaining the high security of a shoulder surfing resistant scheme. The authentication method uses a 5x5 image grid, with an invisible textual password overlayed over it. Authentication can be achieved in a few strokes of the user's keyboard, all while ensuring that the user will never have to reveal their real password at any point of the authentication process.