Shoulder surfing (computer security)

In computer security, shoulder surfing is a type of social engineering technique used to obtain information such as personal identification numbers (PINs), passwords and other confidential data by looking over the victim's shoulder, either from keystrokes on a device or sensitive information being spoken and heard, also known as eavesdropping.[1][2]


Methods and history

This attack can be performed either at close range (by directly looking over the victim's shoulder) or from a longer range, for example by using a pair of binoculars or similar hardware.[3] To implement this technique attackers do not require any technical skills; keen observation of victims' surroundings and the typing pattern is sufficient. Crowded places are the more likely areas for an attacker to shoulder surf the victim. In the early 1980s, shoulder surfing was practiced near public pay phones to steal calling card digits and make long-distance calls or sell them in the market for cheaper prices than the original purchaser paid. However, the advent of modern-day technologies like hidden cameras and secret microphones makes shoulder surfing easier and gives more scope for the attacker to perform long range shoulder surfing. A hidden camera allows the attacker to capture whole login process and other confidential data of the victim, which ultimately could lead to financial loss or identity theft.[4] Shoulder surfing is more likely to occur in crowded places because it is easier to observe the information without getting the victim's attention.[5] There are two types of shoulder-surfing attack: direct observation attacks, in which authentication information is obtained by a person who is directly monitoring the authentication sequence, and recording attacks, in which the authentication information is obtained by recording the authentication sequence for later analysis to open the device. Apart from threats to password or PIN entry, shoulder surfing also occurs in daily situations to uncover private content on handheld mobile devices; shoulder surfing visual content was found to leak sensitive information of the user and even private information about third-parties.[6]

Countermeasures

Gaze-based password entry

The basic procedure for gaze-based password entry is similar to normal password entry, except that in place of typing a key or touching the screen, the user looks at each desired character or trigger region in sequence (same as eye typing). The approach can, therefore, be used both with character-based passwords by using an on-screen keyboard and with graphical password schemes as surveyed in.[7] A variety of considerations is important for ensuring usability and security. Eye tracking technology has come a long way since its origins in the early 1900s.[8] State of the art eye trackers offers non-encumbering, remote video-based eye tracking with an accuracy of 1˚ of visual angle. Eye trackers are a specialized application of computer vision. A camera is used to monitor the user's eyes. One or more infrared light sources illuminate the user's face and produce a glint – a reflection of the light source on the cornea. As the user looks in different directions the pupil moves but the location of the glint on the cornea remains fixed. The relative motion and position of the center of the pupil and the glint are used to estimate the gaze vector, which is then mapped to coordinates on the screen plane.

Researchers proposed ways to counter shoulder surfing on mobile devices by leveraging the front-facing camera for gaze-based password entry. For example, GazeTouchPIN [9] and GazeTouchPass [10] combine gaze input in the form of eye movements to the left/right, and touch input by tapping on-screen buttons. These methods are more secure than traditional touch-based input (e.g., PIN and Lock Patterns) because they require shoulder surfers to (1) observe the user's eyes, (2) observe the user's touch input, and (3) combine the observations.

Painting album mechanism

Painting Album Mechanism is an anti-shoulder surfing mechanism, which has characteristics of both recall and recognition graphical techniques. Instead of using a regular PIN or password that involves alphanumeric characters, users select the picture or colour they remember (selected as a "favourite picture" during the setup of the system) to unlock the system. This anti-shoulder surfing security method was developed based on survey results of users' affinity of choices,[11] and through observation on the way children paint pictures. The resulting mechanism was developed from the survey of user choices, and the outcome created three input schemes, named Swipe Scheme, Colour Scheme, and Scot Scheme, which are the methods for password creation. Each input scheme is not identical, and it is up to the user to choose the input scheme they prefer. Swipe Scheme is implemented in Microsoft Windows 8, and in later versions, it is known as Picture Password; however it has drawn criticism for requiring the user use a secure enough gesture.[12]

Input SchemesInput Methods
Swipe SchemeSwipe the pictures
Color SchemeTouched the picture, then, select the colored boxes.
Scot SchemeSwipe the picture and in the meantime, touch the pictures and select the colored boxes

Secret tap method

For access to sensitive information with a low risk of shoulder surfing, the secret tap method is a technique that does not expose the authentication information during entry, even if other individuals try to view the input process. Additionally, the risk of camera recordings also poses a threat. Therefore, it is necessary to make the authentication process more complex in order to prevent authentication information from being stolen even if observed numerous times. One of the simplest forms of a secret tap method, implemented in many smartphones, are biometrics such as fingerprint scanning or facial recognition, which cannot be replicated by a shoulder surfer.

The secret tap authentication method can use icons or some other form of system. The goals of a secret tap system are:

  • Covert observation resistance: Maintain the resistance strength at a level that prevents the authentication information from being revealed to other individuals, even if the authentication operation is performed numerous times.
  • Recording attack resistance: Maintain the resistance strength at a level that prevents the authentication information from being analyzed by other individuals even if the authentication operation is fully recorded.
  • Brute-force attack resistance: Maintain the resistance strength at a level that prevents the authentication process from broken more easily than by a brute-force attack on a four digit PIN. This policy follows the standard put forth in ISO 9564-1.[13]
  • Usability: Maintain a level of usability that permits operators to perform the authentication operation with ease.

Comparison of risks between alphanumeric and graphical passwords

The primary benefit of graphical passwords compared to alphanumeric passwords is the improved memorability. However, the potential detriment of this advantage is the increased risk of shoulder-surfing. Graphical passwords that use graphics or pictures [14] such as PassFaces, Jiminy,[15] VIP, Passpoints [16] or a combination of graphics and audio such as AVAP are likely all subject to this increased risk unless somehow mitigated in implementation. The results indicate the fact that both alphanumeric and graphical password-based authentication mechanisms may have a significant vulnerability to shoulder-surfing unless certain precautions are taken. Despite the common belief that nondictionary passwords are the most secure type of password-based authentication, our results demonstrate that it is, in fact, the most vulnerable configuration to shoulder-surfing.

PIN entry

Personal identification number (or PIN for short) is used to authenticate oneself in various situations, while withdrawing or depositing the money from an automatic teller machine, unlocking a phone, a door, a laptop or a PDA. Though this method of authentication is a two step verification process in some situations, it is vulnerable to shoulder surfing attack. An attacker can obtain the PIN either by directly looking over the victim's shoulder or by recording the whole login process. On items such as mobile phones with glass, glossy screens, the user could leave smudges on the screen, revealing a PIN.[17] Some highly advanced attacks use thermal cameras to see the thermal signature of the PIN entered.[18] So, various shoulder surfing resistant PIN entry methodologies are used to make the authentication process secure.[19] Examples include PIN pads with covers to protect the privacy of the user, a system implemented at most ATMs.[20] Another example used in ATMs and some entry systems is that of the use of metal PIN pads, making thermal camera attacks nearly impossible due to their material.[21]

Countermeasure testing

The cognitive trapdoor game has three groups involved in it: a machine verifier, a human prover, and a human observer. The goal of each group is that a human prover has to input the PIN by answering the questions posed by the machine verifier while an observer attempts to shoulder surf the PIN. As the countermeasures are by design harder to easily usurp, it is not easy for the observer to remember the whole login process unless the observer had a recording device.[22]

See also

References

  1. "Shoulder surfing - definition of shoulder surfing in ... (n.d.)". Retrieved October 21, 2016.
  2. "What Is Shoulder Surfing?". www.experian.com. 2018-04-30. Retrieved 2020-02-23.
  3. Kee, Jared (April 28, 2008). "Social Engineering: Manipulating the Source". SANS Institute InfoSec Reading Room. Retrieved October 24, 2016.
  4. Long, Johnny (2008). "Shoulder surfing". No Tech Hacking: A Guide to Social Engineering, Dumpster Diving, and Shoulder Surfing. Burlington, MA: Syngress. pp. 27–60.
  5. Goucher, Wendy (November 2011). "Look behind you: The dangers of shoulder surfing". Computer Fraud & Security. 2011 (11): 17–20. doi:10.1016/s1361-3723(11)70116-6.
  6. Eiband, Malin; Khamis, Mohamed; von Zezschwitz, Emanuel; Hussmann, Heinrich; Alt, Florian (May 2017). "Understanding Shoulder Surfing in the Wild: Stories from Users and Observers" (PDF). CHI '17 – Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems: 4254–4265. doi:10.1145/3025453.3025636. Retrieved May 3, 2018.
  7. Suo, X. and Y. Zhu. Graphical Passwords: A Survey. In Proceedings of Annual Computer Security Applications Conference. Tucson, Arizona, USA, 2005.
  8. Jacob, R. J. K. and K. S. Karn, Eye Tracking in HumanComputer Interaction and Usability Research: Ready to Deliver the Promises, in The Mind's eye: Cognitive and Applied Aspects of Eye Movement Research, J. Hyona, R. Radach, and H. Deubel, Editors. Elsevier Science: Amsterdam. pp. 573–605, 2003
  9. Khamis et al. GazeTouchPIN: Protecting Sensitive Data on Mobile Devices using Secure Multimodal Authentication. In Proceedings of the 19th ACM International Conference on Multimodal Interaction (ICMI 2017) http://www.mkhamis.com/data/papers/khamis2017icmi.pdf
  10. Khamis et al. GazeTouchPass: Multimodal Authentication Using Gaze and Touch on Mobile Devices. In Proceedings of the 34th Annual ACM Conference Extended Abstracts on Human Factors in Computing Systems (CHI 2016 EA) 2016. http://www.mkhamis.com/data/papers/khamis2016chi.pdf
  11. L. K. Seng, N. Ithnin and H. K. Mammi, “User’s Affinity of Choice: Features of Mobile Device Graphical Password Scheme’s Anti-Shoulder Surfing Mechanism”, International Journal of Computer Science Issues, vol. 2, no. 8, (2011) https://www.ijcsi.org/papers/IJCSI-8-4-2-255-261.pdf
  12. Spector, Lincoln; Editor, Contributing; Solutions, PCWorld | About |; Tips; Problems, Answers for PC (2016-03-14). "Windows 10 picture password: Draw your own conclusions about its safety". PCWorld. Retrieved 2020-02-23.CS1 maint: extra text: authors list (link)
  13. Suo, X. and Y. Zhu. Graphical Passwords: A Survey. In Proceedings of Annual Computer Security Applications Conference. Tucson, Arizona, USA, 2005.
  14. R. C. Thomas, A. Karahasanovic, and G. E. Kennedy, "An Investigation into Keystroke Latency Metrics as an Indicator of Programming Performance," presented at Australasian Computing Education Conference 2005, Newcastle, Australia 2005.
  15. L. K. Seng, N. Ithnin and H. K. Mammi, “User’s Affinity of Choice: Features of Mobile Device Graphical Password Scheme’s Anti-Shoulder Surfing Mechanism”, International Journal of Computer Science Issues, vol. 2, no. 8, (2011)
  16. R. C. Thomas, A. Karahasanovic, and G. E. Kennedy, "An Investigation into Keystroke Latency Metrics as an Indicator of Programming Performance," presented at Australasian Computing Education Conference 2005, Newcastle, Australia 2005.
  17. "Smudge attacks on smartphone touch screens | Proceedings of the 4th USENIX conference on Offensive technologies" (PDF). dl.acm.org. Retrieved 2020-07-25.
  18. "Thermal-imaging devices can steal your PINs and passcodes". www.consumeraffairs.com. 2014-09-02. Retrieved 2020-07-25.
  19. Lee, M. (2014, April). Security Notions and Advanced Method for Human Shoulder-Surfing Resistant PIN-Entry. IEEE Transactions on Information Forensics and Security, 9(4), 695–708. doi:10.1109/tifs.2014.2307671
  20. "Poll: Most cardholders cover ATM PIN pad to protect their PINs". www.atmmarketplace.com. 2011-05-26. Retrieved 2020-07-25.
  21. "Stealing ATM PINs with thermal cameras". Naked Security. 2011-08-17. Retrieved 2020-07-25.
  22. Roth, V., & Richter, K. (2006). How to fend off shoulder surfing. Journal of Banking & Finance, 30(6), 1727-1751. doi:10.1016/j.jbankfin.2005.09.010
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.