CipherCard: A Token-based Approach against Camera- based Shoulder Surfing Attacks on Common Touchscreen Devices

Seyed, T., Yang, X., Tang, A., Greenberg, S., Gu, J., Zhu, B., and Cao, X. (2015). CipherCard: A Token-based Approach against Camera- based Shoulder Surfing Attacks on Common Touchscreen Devices. In INTERACT 2015: Proceedings of INTERACT 2015 - 16th IFIP TC 13 International Conference, 436--454.

Acceptance: 93/319 - 29.6%.

Abstract

We present CipherCard, a physical token that defends against shoulder-surfing attacks on user authentication on capacitive touchscreen devices. When CipherCard is placed over a touchscreen’s pin-pad, it remaps a user’s touch point on the physical token to a different location on the pin-pad. It hence translates a visible user password into a different system password received by a touchscreen, but is hidden from observers as well as the user. CipherCard enhances authentication security through Two-Factor Authentication (TFA), in that both the correct user password and a specific card are needed for successful authentication. We explore the design space of CipherCard, and describe three implemented variations each with unique capabilities. Based on user feedback, we discuss the security and usability implications of CipherCard, and describe several avenues for continued exploration.

Materials

PDF File (http://hcitang.org/papers/2015-interact2015-ciphercard.pdf)
URL (http://www.interact2015.org/)
Video (http://hcitang.org/papers/2015-interact2015-ciphercard.mov)

BibTeX

@inproceedings{seyed2015ciphercard,
  pages = {436--454},
  acceptance = {93/319 - 29.6%},
  year = {2015},
  url = {http://www.interact2015.org/},
  type = {conference},
  title = {CipherCard: A Token-based Approach against Camera- based Shoulder Surfing Attacks on Common Touchscreen Devices},
  videourl = {http://hcitang.org/papers/2015-interact2015-ciphercard.mov},
  pdfurl = {http://hcitang.org/papers/2015-interact2015-ciphercard.pdf},
  booktitle = {INTERACT 2015: Proceedings of INTERACT 2015 - 16th IFIP TC 13 International Conference},
  author = {Seyed, Teddy and Yang, Xing-Dong and Tang, Anthony and Greenberg, Saul and Gu, Jiawei and Zhu, Bin and Cao, Xiang},
  abstract = {We present CipherCard, a physical token that defends against shoulder-surfing attacks on user authentication on capacitive touchscreen devices. When CipherCard is placed over a touchscreen’s pin-pad, it remaps a user’s touch point on the physical token to a different location on the pin-pad. It hence translates a visible user password into a different system password received by a touchscreen, but is hidden from observers as well as the user. CipherCard enhances authentication security through Two-Factor Authentication (TFA), in that both the correct user password and a specific card are needed for successful authentication. We explore the design space of CipherCard, and describe three implemented variations each with unique capabilities. Based on user feedback, we discuss the security and usability implications of CipherCard, and describe several avenues for continued exploration.},
}