FakePointer: An Authentication Scheme for Improving Security against Peeping Attacks Using Video Cameras
Mobile Ubiquitous Computing, Systems, Services and Technologies, International Conference on (2008)
Sept. 29, 2008 to Oct. 4, 2008
Peeping attacks in the real world are a threat to user authentication. What is worse, an emerging attack method such as video capture makes traditional measures against peeping attack insufficient. This paper presents a unique user authentication scheme named "fakePointer'' as a solution to peeping attacks conducted by video capture. It makes it difficult for attackers to obtain a secret even if someone captures an authentication scene using a video camera. The fakePointer has two unique features to ensure security against such a peeping attack. One is that fakePointer provides a double-layered interface for a secret input. This interface makes it difficult for attackers to identify a legitimate user's secret even if they have a video record showing a target user's authentication action. The other feature is that fakePointer uses two secrets: a fixed secret and a disposable secret. This feature enables change of a secret input operation in each authentication, which is also a necessary feature for ensuring security. This feature makes it difficult to extract a secret by statistical inference even if an attacker has many video records of the same user.
authentication, security, peeping attack, shoulder surfing attack, usable security
Tetsuji Takada, "FakePointer: An Authentication Scheme for Improving Security against Peeping Attacks Using Video Cameras", Mobile Ubiquitous Computing, Systems, Services and Technologies, International Conference on, vol. 00, no. , pp. 395-400, 2008, doi:10.1109/UBICOMM.2008.76