PassGame: Robust Shoulder-Surfing Resistance Through Challenge-Response Authentication

Gurary, Jonathan; Zhu, Ye; Alnahash, Nahed; Fu, Huirong

Home // International Journal On Advances in Security, volume 10, numbers 3 and 4, 2017 // View article

PassGame: Robust Shoulder-Surfing Resistance Through Challenge-Response Authentication

Authors:
Jonathan Gurary
Ye Zhu
Nahed Alnahash
Huirong Fu

Keywords: Shoulder Surfing; Challenge Response; Mobile; Graphical Password; Authentication

Abstract:
Mobile devices are constantly exposed to the risk of shoulder-surfing by prying eyes and video surveillance. In this paper, we propose PassGame, a shoulder-surfing resistant mobile authentication scheme based on chess. PassGame can offer extremely high shoulder-surfing resistance, even against camera attacks, at some cost to usability. PassGame works by challenging a user with a random formation of chess pieces on a game board; successful authentication requires the user to alter the board so that a set of predefined rules are satisfied. We implement PassGame on Android. Our user studies show that PassGame can achieve 100% recall rates one week after password setup. Our user studies on the shoulder-surfing resistance of PassGame show that weak PassGame passwords cannot be shoulder-surfed even after viewing 5 complete recorded password entries, and strong passwords are resilient even against camera attacks.

Pages: 182 to 195

Publication date: December 31, 2017

Published in: journal

ISSN: 1942-2636