Khamis, M. , Bandelow, L., Schick, S., Casadevall, D., Bulling, A. and Alt, F. (2017) They Are All After You: Investigating the Viability of a Threat Model That Involves Multiple Shoulder Surfers. In: 16th International Conference on Mobile and Ubiquitous Multimedia (MUM '17), Stuttgart, Germany, 26-29 Nov 2017, pp. 31-35. ISBN 978145035786 (doi: 10.1145/3152832.3152851)
|
Text
170212.pdf - Accepted Version 814kB |
Abstract
Many of the authentication schemes for mobile devices that were proposed lately complicate shoulder surfing by splitting the attacker's attention into two or more entities. For example, multimodal authentication schemes such as GazeTouchPIN and GazeTouchPass require attackers to observe the user's gaze input and the touch input performed on the phone's screen. These schemes have always been evaluated against single observers, while multiple observers could potentially attack these schemes with greater ease, since each of them can focus exclusively on one part of the password. In this work, we study the effectiveness of a novel threat model against authentication schemes that split the attacker's attention. As a case study, we report on a security evaluation of two state of the art authentication schemes in the case of a team of two observers. Our results show that although multiple observers perform better against these schemes than single observers, multimodal schemes are significantly more secure against multiple observers compared to schemes that employ a single modality. We discuss how this threat model impacts the design of authentication schemes.
Item Type: | Conference Proceedings |
---|---|
Additional Information: | This work was partially funded by the Bavarian State Ministry of Education, Science and the Arts in the framework of the Centre Digitisation.Bavaria (ZD.B), and by the Cluster of Excellence on Multimodal Computing and Interaction (MMCI) at Saarland University, Germany. |
Keywords: | Gaze gestures, multimodal authentication, multiple observers, privacy, shoulder surfing, threat model. |
Status: | Published |
Refereed: | Yes |
Glasgow Author(s) Enlighten ID: | Khamis, Dr Mohamed |
Authors: | Khamis, M., Bandelow, L., Schick, S., Casadevall, D., Bulling, A., and Alt, F. |
College/School: | College of Science and Engineering > School of Computing Science |
Publisher: | ACM |
ISBN: | 978145035786 |
Copyright Holders: | Copyright © 2017 The Authors |
First Published: | First published in Proceedings of the 16th International Conference on Mobile and Ubiquitous Multimedia: 31-35 |
Publisher Policy: | Reproduced in accordance with the publisher copyright policy |
University Staff: Request a correction | Enlighten Editors: Update this record