Covert attentional shoulder surfing: Human adversaries are more powerful than expected

Taekyoung Kwon, Sooyeon Shin, Sarang Na

Research output: Contribution to journalArticlepeer-review

39 Citations (Scopus)

Abstract

When a user interacts with a computing system to enter a secret password, shoulder surfing attacks are of great concern. To cope with this problem, previous methods presumed limited cognitive capabilities of a human adversary as a deterrent, but there was a pitfall with the assumption. In this paper, we show that human adversaries, even without a recording device, can be more effective at eavesdropping than expected, in particular by employing cognitive strategies and by training themselves. Our novel approach called covert attentional shoulder surfing indeed can break the well known PIN entry method previously evaluated to be secure against shoulder surfing. Another contribution in this paper is the formal modeling approach by adapting the predictive human performance modeling tool for security analysis and improvement. We also devise a defense technique in the modeling paradigm to deteriorate severely the perceptual performance of the adversaries while preserving that of the user. To the best of our knowledge, this is the first work to model and defend the new form of attack through human performance modeling. Real attack experiments and user studies are also conducted.

Original languageEnglish
Article number6814830
Pages (from-to)716-727
Number of pages12
JournalIEEE Transactions on Systems, Man, and Cybernetics: Systems
Volume44
Issue number6
DOIs
Publication statusPublished - 2014 Jun

All Science Journal Classification (ASJC) codes

  • Software
  • Control and Systems Engineering
  • Human-Computer Interaction
  • Computer Science Applications
  • Electrical and Electronic Engineering

Fingerprint Dive into the research topics of 'Covert attentional shoulder surfing: Human adversaries are more powerful than expected'. Together they form a unique fingerprint.

Cite this