Baseline Measurements of Shoulder Surfing Analysis and Comparability for Smartphone Unlock Authentication

Thumbnail Image

Files

3027063.3053221.pdf (1.04 MB)

Links to Files

https://dl.acm.org/doi/10.1145/3027063.3053221

Permanent Link

https://doi.org/10.1145/3027063.3053221
 http://hdl.handle.net/11603/19844

Collections

UMBC Information Systems Department
UMBC Faculty Collection
UMBC Student Collection

Author/Creator

Author/Creator ORCID

Date

2017-05

Type of Work

conference papers and proceedings
Text

Department

Program

Citation of Original Publication

Davin, John T.; Aviv, Adam J.; Wolf, Flynn; Kuber, Ravi; Baseline Measurements of Shoulder Surfing Analysis and Comparability for Smartphone Unlock Authentication; CHI EA '17: Proceedings of the 2017 CHI Conference Extended Abstracts on Human Factors in Computing Systems, May 2017, Pages 2496–2503; https://dl.acm.org/doi/10.1145/3027063.3053221

Rights

This item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author.
Public Domain Mark 1.0
This work was written as part of one of the author's official duties as an Employee of the United States Government and is therefore a work of the United States Government. In accordance with 17 U.S.C. 105, no copyright protection is available for such works under U.S. Law.

Subjects

Abstract

In this paper, we describe a novel approach to measure the susceptibility of smartphone unlock authentication to shoulder surfing attacks. In our methodology, participants play the role of attackers, viewing video-recorded footage of PIN and graphical password pattern authentication input with various camera angles, hand positions, phone sizes, and authentication length and strength. Based on the data collected and recording methodology developed, we aim to provide insight into the factors of mobile unlock authentication which best and least resist shoulder surfing attacks and examine scenarios where weaknesses may occur. The goal is to identify more effective guidance for mobile device users to avoid observational attacks. We also aim to advance the methodologies used to measure the shoulder surfing attack surfaces where baselines of comparisons to preexisting systems (e.g., PINs and patterns) are not standardized. Utilizing the methodology and recordings, other researchers may build upon this approach to analyze future systems and replicate our results.