They Are All After You: Investigating the Viability of a Threat Model That Involves Multiple Shoulder Surfers

Khamis, M. , Bandelow, L., Schick, S., Casadevall, D., Bulling, A. and Alt, F. (2017) They Are All After You: Investigating the Viability of a Threat Model That Involves Multiple Shoulder Surfers. In: 16th International Conference on Mobile and Ubiquitous Multimedia (MUM '17), Stuttgart, Germany, 26-29 Nov 2017, pp. 31-35. ISBN 978145035786 (doi: 10.1145/3152832.3152851)

[img]
Preview
Text
170212.pdf - Accepted Version

814kB

Abstract

Many of the authentication schemes for mobile devices that were proposed lately complicate shoulder surfing by splitting the attacker's attention into two or more entities. For example, multimodal authentication schemes such as GazeTouchPIN and GazeTouchPass require attackers to observe the user's gaze input and the touch input performed on the phone's screen. These schemes have always been evaluated against single observers, while multiple observers could potentially attack these schemes with greater ease, since each of them can focus exclusively on one part of the password. In this work, we study the effectiveness of a novel threat model against authentication schemes that split the attacker's attention. As a case study, we report on a security evaluation of two state of the art authentication schemes in the case of a team of two observers. Our results show that although multiple observers perform better against these schemes than single observers, multimodal schemes are significantly more secure against multiple observers compared to schemes that employ a single modality. We discuss how this threat model impacts the design of authentication schemes.

Item Type:Conference Proceedings
Additional Information:This work was partially funded by the Bavarian State Ministry of Education, Science and the Arts in the framework of the Centre Digitisation.Bavaria (ZD.B), and by the Cluster of Excellence on Multimodal Computing and Interaction (MMCI) at Saarland University, Germany.
Keywords:Gaze gestures, multimodal authentication, multiple observers, privacy, shoulder surfing, threat model.
Status:Published
Refereed:Yes
Glasgow Author(s) Enlighten ID:Khamis, Dr Mohamed
Authors: Khamis, M., Bandelow, L., Schick, S., Casadevall, D., Bulling, A., and Alt, F.
College/School:College of Science and Engineering > School of Computing Science
Publisher:ACM
ISBN:978145035786
Copyright Holders:Copyright © 2017 The Authors
First Published:First published in Proceedings of the 16th International Conference on Mobile and Ubiquitous Multimedia: 31-35
Publisher Policy:Reproduced in accordance with the publisher copyright policy

University Staff: Request a correction | Enlighten Editors: Update this record