Conference Proceeding Article
Touchscreen mobile devices are becoming commodities as the wide adoption of pervasive computing. These devices allow users to access various services at anytime and anywhere. In order to prevent unauthorized access to these services, passwords have been pervasively used in user authentication. However, password-based authentication has intrinsic weakness in password leakage. This threat could be more serious on mobile devices, as mobile devices are widely used in public places. Most prior research on improving leakage resilience of password entry focuses on desktop computers, where specific restrictions on mobile devices such as small screen size are usually not addressed. Meanwhile, additional features of mobile devices such as touch screen are not utilized, as they are not available in the traditional settings with only physical keyboard and mouse. In this paper, we propose a user authentication scheme named Cover- Pad for password entry on touchscreen mobile devices. CoverPad improves leakage resilience by safely delivering hidden messages, which break the correlation between the underlying password and the interaction information observable to an adversary. It is also designed to retain most benefits of legacy passwords, which is critical to a scheme intended for practical use. The usability of Cover- Pad is evaluated with an extended user study which includes additional test conditions related to time pressure, distraction, and mental workload. These test conditions simulate common situations for a password entry scheme used on a daily basis, which have not been evaluated in the prior literature. The results of our user study show the impacts of these test conditions on user performance as well as the practicability of the proposed scheme.
User Authentication, Leakage-Resilience, Mobile Devices
Information Security and Trust
ASIA CCS '13 Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
City or Country
YAN, Qiang; HAN, Jin; LI, Yingjiu; ZHOU, Jianying; and DENG, Robert H..
Designing leakage-resilient password entry on touchscreen mobile devices. (2013). ASIA CCS '13 Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security. 37-48. Research Collection School Of Information Systems.
Available at: http://ink.library.smu.edu.sg/sis_research/1944