Authors: Nilesh Chakraborty; Samrat Mondal
Addresses: Department of Computer Science and Engineering, Indian Institute of Technology, Patna, Bihar, India ' Department of Computer Science and Engineering, Indian Institute of Technology, Patna, Bihar, India
Abstract: In a password-based authentication scheme, shoulder surfing attack is a common problem. To overcome this, challenge response scheme is a possible solution. However, to address this security aspect the authentication schemes should not compromise too much with the usability aspect. Thus, the main challenge in such schemes is to provide a balance between security and usability aspect. In this paper, some partially observable shoulder surfing resilient schemes such as SSSL, SLASS are analysed and their limitations have been overcome in the proposed I-SLASS scheme which is built on top of SLASS concept. Two variants of I-SLASS schemes are developed. I-SLASS-CPASS is used to address character-based password and I-SLASS-DPASS uses the digit-based PIN. Experimental analysis shows that both the variants are more secure and more flexible compared to their respective counterpart, i.e., SLASS and SSSL.
Keywords: password-based authentication; shoulder surfing attacks; partially observable scheme; login approach; SLASS; security.
International Journal of Trust Management in Computing and Communications, 2014 Vol.2 No.4, pp.309 - 329
Received: 23 Apr 2014
Accepted: 20 Sep 2014
Published online: 07 Feb 2015 *