VibroAuth: Authentication with Haptics Based Non-visual, Rearranged Keypads to Mitigate Shoulder Surfing Attacks

Manisha Varma; Stacey Watson; Liwei Chan; Roshan Peiris

doi:10.1007/978-3-031-05563-8_19

VibroAuth: Authentication with Haptics Based Non-visual, Rearranged Keypads to Mitigate Shoulder Surfing Attacks

Manisha Varma, Stacey Watson, Liwei Chan, Roshan Peiris^*

^*Corresponding author for this work

Department of Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

7 Scopus citations

Abstract

PIN (Personal Identification Number) code entry is a widely used authentication method used on smartphones, ATMs, etc. However, it is typically subject to shoulder surfing attacks where, a bystander may observe the user’s keypad during PIN code entry. To mitigate this issue, we present a novel method that uses non-visual keypads for entering PIN codes where, the numbers on the keypad are invisible and rearranged. The numbers are rearranged by shifting the rows/columns of the keypad and we use haptic patterns to privately convey the keypad layout information to the user. The results of our first study with 22 participants indicated that the participants could learn the haptic patterns relatively fast and use the non-visual keypads with high accuracy. Next, a security experiment with 12 participants discusses the effectiveness of our method in mitigating shoulder surfing attacks.

Original language	English
Title of host publication	HCI for Cybersecurity, Privacy and Trust - 4th International Conference, HCI-CPT 2022, Held as Part of the 24th HCI International Conference, HCII 2022, Proceedings
Editors	Abbas Moallem
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	280-303
Number of pages	24
ISBN (Print)	9783031055621
DOIs	https://doi.org/10.1007/978-3-031-05563-8_19
State	Published - 2022
Event	4th International Conference on HCI for Cybersecurity, Privacy and Trust, HCI-CPT 2022 Held as Part of the 24th HCI International Conference, HCII 2022 - Virtual, Online Duration: 26 Jun 2022 → 1 Jul 2022

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	13333 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	4th International Conference on HCI for Cybersecurity, Privacy and Trust, HCI-CPT 2022 Held as Part of the 24th HCI International Conference, HCII 2022
City	Virtual, Online
Period	26/06/22 → 1/07/22

Keywords

Authentication
Haptic
Mobile
PIN codes
Usable security

Access to Document

10.1007/978-3-031-05563-8_19

Cite this

Varma, M., Watson, S., Chan, L., & Peiris, R. (2022). VibroAuth: Authentication with Haptics Based Non-visual, Rearranged Keypads to Mitigate Shoulder Surfing Attacks. In A. Moallem (Ed.), HCI for Cybersecurity, Privacy and Trust - 4th International Conference, HCI-CPT 2022, Held as Part of the 24th HCI International Conference, HCII 2022, Proceedings (pp. 280-303). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 13333 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-05563-8_19

Varma, Manisha ; Watson, Stacey ; Chan, Liwei et al. / VibroAuth : Authentication with Haptics Based Non-visual, Rearranged Keypads to Mitigate Shoulder Surfing Attacks. HCI for Cybersecurity, Privacy and Trust - 4th International Conference, HCI-CPT 2022, Held as Part of the 24th HCI International Conference, HCII 2022, Proceedings. editor / Abbas Moallem. Springer Science and Business Media Deutschland GmbH, 2022. pp. 280-303 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{dbc7cfe921bb43d8be44d852bbab6589,

title = "VibroAuth: Authentication with Haptics Based Non-visual, Rearranged Keypads to Mitigate Shoulder Surfing Attacks",

abstract = "PIN (Personal Identification Number) code entry is a widely used authentication method used on smartphones, ATMs, etc. However, it is typically subject to shoulder surfing attacks where, a bystander may observe the user{\textquoteright}s keypad during PIN code entry. To mitigate this issue, we present a novel method that uses non-visual keypads for entering PIN codes where, the numbers on the keypad are invisible and rearranged. The numbers are rearranged by shifting the rows/columns of the keypad and we use haptic patterns to privately convey the keypad layout information to the user. The results of our first study with 22 participants indicated that the participants could learn the haptic patterns relatively fast and use the non-visual keypads with high accuracy. Next, a security experiment with 12 participants discusses the effectiveness of our method in mitigating shoulder surfing attacks.",

keywords = "Authentication, Haptic, Mobile, PIN codes, Usable security",

author = "Manisha Varma and Stacey Watson and Liwei Chan and Roshan Peiris",

note = "Publisher Copyright: {\textcopyright} 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.; 4th International Conference on HCI for Cybersecurity, Privacy and Trust, HCI-CPT 2022 Held as Part of the 24th HCI International Conference, HCII 2022 ; Conference date: 26-06-2022 Through 01-07-2022",

year = "2022",

doi = "10.1007/978-3-031-05563-8_19",

language = "English",

isbn = "9783031055621",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "280--303",

editor = "Abbas Moallem",

booktitle = "HCI for Cybersecurity, Privacy and Trust - 4th International Conference, HCI-CPT 2022, Held as Part of the 24th HCI International Conference, HCII 2022, Proceedings",

address = "德國",

}

Varma, M, Watson, S, Chan, L & Peiris, R 2022, VibroAuth: Authentication with Haptics Based Non-visual, Rearranged Keypads to Mitigate Shoulder Surfing Attacks. in A Moallem (ed.), HCI for Cybersecurity, Privacy and Trust - 4th International Conference, HCI-CPT 2022, Held as Part of the 24th HCI International Conference, HCII 2022, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 13333 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 280-303, 4th International Conference on HCI for Cybersecurity, Privacy and Trust, HCI-CPT 2022 Held as Part of the 24th HCI International Conference, HCII 2022, Virtual, Online, 26/06/22. https://doi.org/10.1007/978-3-031-05563-8_19

VibroAuth: Authentication with Haptics Based Non-visual, Rearranged Keypads to Mitigate Shoulder Surfing Attacks. / Varma, Manisha; Watson, Stacey; Chan, Liwei et al.
HCI for Cybersecurity, Privacy and Trust - 4th International Conference, HCI-CPT 2022, Held as Part of the 24th HCI International Conference, HCII 2022, Proceedings. ed. / Abbas Moallem. Springer Science and Business Media Deutschland GmbH, 2022. p. 280-303 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 13333 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - VibroAuth

T2 - 4th International Conference on HCI for Cybersecurity, Privacy and Trust, HCI-CPT 2022 Held as Part of the 24th HCI International Conference, HCII 2022

AU - Varma, Manisha

AU - Watson, Stacey

AU - Chan, Liwei

AU - Peiris, Roshan

PY - 2022

Y1 - 2022

N2 - PIN (Personal Identification Number) code entry is a widely used authentication method used on smartphones, ATMs, etc. However, it is typically subject to shoulder surfing attacks where, a bystander may observe the user’s keypad during PIN code entry. To mitigate this issue, we present a novel method that uses non-visual keypads for entering PIN codes where, the numbers on the keypad are invisible and rearranged. The numbers are rearranged by shifting the rows/columns of the keypad and we use haptic patterns to privately convey the keypad layout information to the user. The results of our first study with 22 participants indicated that the participants could learn the haptic patterns relatively fast and use the non-visual keypads with high accuracy. Next, a security experiment with 12 participants discusses the effectiveness of our method in mitigating shoulder surfing attacks.

AB - PIN (Personal Identification Number) code entry is a widely used authentication method used on smartphones, ATMs, etc. However, it is typically subject to shoulder surfing attacks where, a bystander may observe the user’s keypad during PIN code entry. To mitigate this issue, we present a novel method that uses non-visual keypads for entering PIN codes where, the numbers on the keypad are invisible and rearranged. The numbers are rearranged by shifting the rows/columns of the keypad and we use haptic patterns to privately convey the keypad layout information to the user. The results of our first study with 22 participants indicated that the participants could learn the haptic patterns relatively fast and use the non-visual keypads with high accuracy. Next, a security experiment with 12 participants discusses the effectiveness of our method in mitigating shoulder surfing attacks.

KW - Authentication

KW - Haptic

KW - Mobile

KW - PIN codes

KW - Usable security

UR - http://www.scopus.com/inward/record.url?scp=85133254019&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-05563-8_19

DO - 10.1007/978-3-031-05563-8_19

M3 - Conference contribution

AN - SCOPUS:85133254019

SN - 9783031055621

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 280

EP - 303

BT - HCI for Cybersecurity, Privacy and Trust - 4th International Conference, HCI-CPT 2022, Held as Part of the 24th HCI International Conference, HCII 2022, Proceedings

A2 - Moallem, Abbas

PB - Springer Science and Business Media Deutschland GmbH

Y2 - 26 June 2022 through 1 July 2022

ER -

Varma M, Watson S, Chan L, Peiris R. VibroAuth: Authentication with Haptics Based Non-visual, Rearranged Keypads to Mitigate Shoulder Surfing Attacks. In Moallem A, editor, HCI for Cybersecurity, Privacy and Trust - 4th International Conference, HCI-CPT 2022, Held as Part of the 24th HCI International Conference, HCII 2022, Proceedings. Springer Science and Business Media Deutschland GmbH. 2022. p. 280-303. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-031-05563-8_19

VibroAuth: Authentication with Haptics Based Non-visual, Rearranged Keypads to Mitigate Shoulder Surfing Attacks

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this