Publication Type

Conference Proceeding Article

Version

publishedVersion

Publication Date

1-2015

Abstract

We present CipherCard, a physical token that defends against shoulder-surfing attacks on user authentication on capacitive touchscreen devices. When CipherCard is placed over a touchscreen’s pin-pad, it remaps a user’s touch point on the physical token to a different location on the pin-pad. It hence translates a visible user password into a different system password received by a touchscreen, but is hidden from observers as well as the user. CipherCard enhances authentication security through Two-Factor Authentication (TFA), in that both the correct user password and a specific card are needed for successful authentication. We explore the design space of CipherCard, and describe three implemented variations each with unique capabilities. Based on user feedback, we discuss the security and usability implications of CipherCard, and describe several avenues for continued exploration.

Keywords

Capacitive touchscreen, PIN entry, Security, Shoulder-surfing attack

Discipline

Graphics and Human Computer Interfaces

Research Areas

Information Systems and Management

Publication

Proceedings of the 15th IFIP TC 13 International Conference Bamberg, Germany, 2015 September 14-18

Volume

9297

First Page

436

Last Page

454

ISBN

9783319226675

Identifier

10.1007/978-3-319-22668-2_34

Publisher

Springer

City or Country

Cham

Copyright Owner and License

Authors

Additional URL

https://doi.org/10.1007/978-3-319-22668-2_34

Download

Share

COinS