SLASS: Secure Login against Shoulder Surfing

Abstract

Classical password based schemes are widely used because it provides fair security and yet easy to use. However, when used in a public domain it is vulnerable to shoulder surfing attack in which an attacker can record the entire login session and may get the user's original password. To avoid such attack, we have proposed a methodology known as Secure Login Against Shoulder Surfing or SLASS which is based on a partially observable attack model where an attacker can partially observe the login session. In the proposed scheme, the attacker cannot see or hear the challenges thrown by the system but can only see the responses provided by the user. User remembers a password of five characters long consisting of alphabets only and the responses are provided by some directional keys. Experimental analysis show that our scheme is less error prone, easy to use and provides high security compared to some existing approaches. © Springer-Verlag Berlin Heidelberg 2014.