SSSL: Shoulder Surfing Safe Login
Abstract
Classical PIN-entry methods are vulnerable to a broad class of observation attacks (shoulder surfing, key-logging). A number of alternative PIN-entry methods that are based on human cognitive skills have been proposed. These methods can be classified into two classes regarding information available to a passive adversary: (i) the adversary fully observes the entire input and output of a PIN-entry procedure, and (ii) the adversary can only partially observe the input and/or output. In this paper we propose a novel PIN-entry scheme - Shoulder Surfing Safe Login (SSSL). SSSL is a challenge response protocol that allows a user to login securely in the presence of the adversary who can observe (via key-loggers, cameras) user input. This is accomplished by restricting the access to SSSL challenge values. Compared to existing solutions, SSSL is both user-friendly (not mentally demanding) and cost efficient. Our usability study reveals that the average login time with SSSL is around 8 sec in a 5-digit PIN scenario. We also show the importance of considering side-channel timing attacks in the context of authentication schemes based on human cognitive skills.
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
T. Perković, M. Čagalj and N. Rakić, "SSSL: Shoulder Surfing Safe Login," in Journal of Communications Software and Systems, vol. 6, no. 2, pp. 65-73, June 2010, doi: 10.24138/jcomss.v6i2.191
@article{perkovic2010ssslshoulder,
author = {Toni Perković and Mario Čagalj and Nikola Rakić},
title = {SSSL: Shoulder Surfing Safe Login},
journal = {Journal of Communications Software and Systems},
month = {6},
year = {2010},
volume = {6},
number = {2},
pages = {65--73},
doi = {10.24138/jcomss.v6i2.191},
url = {https://doi.org/10.24138/jcomss.v6i2.191}
}