Publication Type

Conference Proceeding Article

Publication Date

5-2013

Abstract

Touchscreen mobile devices are becoming commodities as the wide adoption of pervasive computing. These devices allow users to access various services at anytime and anywhere. In order to prevent unauthorized access to these services, passwords have been pervasively used in user authentication. However, password-based authentication has intrinsic weakness in password leakage. This threat could be more serious on mobile devices, as mobile devices are widely used in public places. Most prior research on improving leakage resilience of password entry focuses on desktop computers, where specific restrictions on mobile devices such as small screen size are usually not addressed. Meanwhile, additional features of mobile devices such as touch screen are not utilized, as they are not available in the traditional settings with only physical keyboard and mouse. In this paper, we propose a user authentication scheme named Cover- Pad for password entry on touchscreen mobile devices. CoverPad improves leakage resilience by safely delivering hidden messages, which break the correlation between the underlying password and the interaction information observable to an adversary. It is also designed to retain most benefits of legacy passwords, which is critical to a scheme intended for practical use. The usability of Cover- Pad is evaluated with an extended user study which includes additional test conditions related to time pressure, distraction, and mental workload. These test conditions simulate common situations for a password entry scheme used on a daily basis, which have not been evaluated in the prior literature. The results of our user study show the impacts of these test conditions on user performance as well as the practicability of the proposed scheme.

Keywords

User Authentication, Leakage-Resilience, Mobile Devices

Discipline

Information Security

Research Areas

Information Security and Trust

Publication

ASIA CCS '13 Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security

First Page

37

Last Page

48

ISBN

9781450317672

Identifier

10.1145/2484313.2484318

Publisher

ACM

City or Country

Hangzhou, China

Additional URL

http://dx.doi.org/10.1145/2484313.2484318

Share

COinS