Covert Attentional Shoulder Surfing: Human Adversaries Are More Powerful Than Expected

Kwon, Taekyoung; Shin, Sooyeon; Na, Sarang

doi:10.1109/tsmc.2013.2270227

Cited by 58 publications

(53 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Kim et al [19] used CogTool to evaluate the usability of a shoulder surfing resistant mobile user authentication system, and Sasse et al [28] combined CogTool with a user study to estimate the usability of a user authentication system. Kwon et al [20] used CPM-GOMS to investigate human shoulder surfers attacking PIN entry methods that rely on the evidence of effective human perceptual and cognitive capabilities.…”

Section: Related Workmentioning

confidence: 99%

“…Due to their ability to help designers and researchers evaluate human performance and refine user interface (UI) designs more easily without prototyping and user testing [13], cognitive models such as Keystroke-Level Model (KLM) [8] and other more complicated models following the GOMS (Goals, Operators, Methods, and Selection) rules [17] have been widely used in the Human-Computer Interaction (HCI) field. However, such models are relatively less known to and used by cyber security researchers and practitioners, except for some limited work on using human cognitive modeling tools to estimate usability of user authentication systems [19,20,28].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

When Eye-Tracking Meets Cognitive Modeling: Applications to Cyber Security Systems

Yuan

Rusconi

et al. 2017

Human Aspects of Information Security, Privacy and Trust

View full text Add to dashboard Cite

Abstract. Human cognitive modeling techniques and related software tools have been widely used by researchers and practitioners to evaluate the effectiveness of user interface (UI) designs and related human performance. However, they are rarely used in the cyber security field despite the fact that human factors have been recognized as a key element for cyber security systems. For a cyber security system involving a relatively complicated UI, it could be difficult to build a cognitive model that accurately captures the different cognitive tasks involved in all user interactions. Using a moderately complicated user authentication system as an example system and CogTool as a typical cognitive modeling tool, this paper aims to provide insights into the use of eye-tracking data for facilitating human cognitive modeling of cognitive tasks more effectively and accurately. We used visual scan paths extracted from an eye-tracking user study to facilitate the design of cognitive modeling tasks. This allowed us to reproduce some insecure human behavioral patterns observed in some previous lab-based user studies on the same system, and more importantly, we also found some unexpected new results about human behavior. The comparison between human cognitive models with and without eye-tracking data suggests that eye-tracking data can provide useful information to facilitate the process of human cognitive modeling as well as to achieve a better understanding of security-related human behaviors. In addition, our results demonstrated that cyber security research can benefit from a combination of eye-tracking and cognitive modeling to study human behavior related security problems.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

When Eye-Tracking Meets Cognitive Modeling: Applications to Cyber Security Systems

Yuan

Rusconi

et al. 2017

Human Aspects of Information Security, Privacy and Trust

View full text Add to dashboard Cite

show abstract

“…In response to this, studies have been carried out in order either to develop an input scheme that allows users to enter their password behind their smart phones so that they are safer from shoulder surfing attack than with the existing password entry methods or to design and implement a method using a CoverPad to prevent information leak by attacks such as peeping when the users enter their password by the touch screen method [27] [31]. In particular, the study that after standardized modeling of the shoulder surfing attack that is difficult to express by standardization, using a method like CPM-GOMS model, which can express it quantitatively and reviewed and tested the usability and safety of the qwerty keypad is one of the standardized studies related to shoulder surfing attack [26]. Xiaoyuan Suo et al proposed that a password that a Web or smart phone user should enter for user authentication can be divided into a text-based one and a picture-based one [4].…”

Section: Shoulder Surfing Attack and Password Input Schemementioning

confidence: 99%

Study on Analysis of Commercial Mobile Keypad Schemes and Modeling of Shoulder Surfing Attack

Kim¹,

Noh²,

Kim³

et al. 2014

Computer Science &Amp; Information Technology ( CS &Amp; IT )

View full text Add to dashboard Cite

show abstract

“…Recently, it was discovered that the binary method is actually vulnerable to well-trained human attackers, and PIN-entry methods that are more resistant to such attacks have been proposed [8,9]. The design goal of these methods as well as the binary method is to prevent an observation attack by a human observer who does not use a recording device, and thus such countermeasures are suitable for the few situations in which an attacker cannot use a recording device such as a phone camera [8].…”

Section: Introductionmentioning

confidence: 99%

Analysis and Improvement on a Unimodal Haptic PIN-Entry Method

Lee

Yoo

Nam³

2017

Mobile Information Systems

View full text Add to dashboard Cite

User authentication is a process in which a user of a system proves his/her identity to acquire access permission. An effective user authentication method should be both secure and usable. In an attempt to achieve these two objectives, Bianchi et al. recently proposed novel unimodal PIN-entry methods that use either audio or vibration cues. This paper analyzes the security of their method, in particular, the vibration version of one of their proposals, Timelock. A probabilistic analysis and real attack experiment reveal that the security level guaranteed by Timelock is lower than that claimed in Bianchi et al. 's paper. As countermeasures to this problem, three PIN-entry methods are proposed and a usability study is performed. According to the result of this study, a simple modification may improve the security significantly while retaining the design philosophy of unimodal systems. In addition, the proposed methods address the PIN compatibility issue of Timelock and they can be used to enter a legacy numerical PIN without any change in the PIN.

show abstract

Covert Attentional Shoulder Surfing: Human Adversaries Are More Powerful Than Expected

Cited by 58 publications

References 33 publications

When Eye-Tracking Meets Cognitive Modeling: Applications to Cyber Security Systems

When Eye-Tracking Meets Cognitive Modeling: Applications to Cyber Security Systems

Study on Analysis of Commercial Mobile Keypad Schemes and Modeling of Shoulder Surfing Attack

Analysis and Improvement on a Unimodal Haptic PIN-Entry Method

Contact Info

Product

Resources

About