摘要
针对手机移动端设备输入口令容易遭受肩窥攻击的问题,提出一种抗肩窥攻击的移动端安全口令输入方法。该方法改变标准的口令输入界面,将设备的振动信道作为辅助信道向用户传递隐蔽信息,用户通过简单的选择输入口令。通过分析表明,该方法能有效抵御肩窥攻击。
Aiming at the problem that the traditional PIN entry method is vulnerable to shoulder-surfing attack, a secure PIN entry method against shoulder-surfing attack was proposed. The method changes the traditional input interface on the mobile device and uses the vibration channel of the device as the auxiliary channel to transmit the hidden information to the user. The user simply selects items to input PIN. The analysis shows that the proposed method can effectively resist shoulder-surfing attack.
引文
[1]KWON T,HONG J.Analysis and improvement of a PIN-entry method resilient to shoulder-surfing and recording attacks[J].IEEETransactions on Information Forensics and Security,2015,10(2):278-292.
[2]ROTH V,RICHTER K,FREIDINGER R.A PIN-entry method resilientagainst shoulder surfing[C]//ACM Conf Comput Commun Secur(CCS).2004:236-245.
[3]BAI X,GU W,CHELLAPPAN S,et al.Pas:predicate based authentication services against powerful passive adversaries[C]//Computer Security Applications Conference.2008:433-442.
[4]ZHAO H,LI X.S3PAS:a scalable shoulder-surfing resistant textual-graphical password authentication scheme[C]//International Conference on Advanced Information Networking&Applications Workshops.2007:467-472.
[5]WEINSHALL D.Cognitive authentication schemes for unassisted humans,safe against spyware[C]//IEEE Symposium on Security&Privacy.2006.
[6]WIEDENBECK S,WATERS J,SOBRADO L,et al.Design and evaluation of a shoulder-surfing resistant graphical password scheme[C]//The Working Conference on Advanced Visual Interfaces.2006:177-184.
[7]SUN H,CHEN S,YEH J,et al.A shoulder surfing resistant graphical authentication system[J].IEEE Transactions on Dependable and Secure Computing,2018,15(2):180-193.
[8]DE LUCA A,HERTZSCHUCH K,HUSMANN H.Color PIN-securing PIN entry through indirect input[C]//ACM CHI Conf Human Factors Comput.Syst.2010:1103-1106.
[9]PERKOVIC T,CAGALJ M,RAKIC N.SSSL:Shoulder surfing safe login[C]//Int Conf Softw Telecommun Comput Netw(SoftCOM).2009:270-275.
[10]LEE M K.Security notions and advanced method for human shoulder-surfing resistant PIN-entry[J].IEEE Transactions on Information Forensics&Security,2017,9(4):695-708.
[11]MATSUMOTO T,IMAI H.Human identification through insecure channel[C]//International Conference on Theory&Application of Cryptographic Techniques.1991.
[12]DE LUCA A,VON ZEZSCHWITZ E,HUSMANN H.Vibrapass:secureauthentication based on shared lies[C]//International Conference on Human Factors Incomputing Systems.2009:913-916.
[13]BIANCHI A,OAKLEY I,KOSTAKOS V,et al.The phone lock:audioand haptic shoulder-surfing resistant pin entry methods formobile devices[C]//International Conference on Tangible,Embedded,and Embodiedinteraction.2011:197-200.
[14]BIANCHI A,OAKLEY I,KWON DS.Counting clicks and beeps:exploring numerosity based haptic and audio PIN entry[J].Interact Comput,2012,24(5):409-422.
[15]MILLER G.The magical number seven,plus or minus two:some limits on our capacity for processing information[J].Psychological Review,1956,63(2):81-97.