See You Next Time: A Model for Modern Shoulder Surfers
| Title | See You Next Time: A Model for Modern Shoulder Surfers |
| Publication Type | Conference Paper |
| Year of Publication | 2016 |
| Authors | Wiese, Oliver, Roth, Volker |
| Conference Name | Proceedings of the 18th International Conference on Human-Computer Interaction with Mobile Devices and Services |
| Date Published | September 2016 |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-4408-1 |
| Keywords | authentication, Collaboration, composability, Human Behavior, insider threats, Metrics, mobile devices, peer to peer security, pubcrawl, Resiliency, Scalability, shoulder surfing |
| Abstract | Friends, family and colleagues at work may repeatedly observe how their peers unlock their smartphones. These "insiders" may combine multiple partial observations to form a hypothesis of a target's secret. This changing landscape requires that we update the methods used to assess the security of unlocking mechanisms against human shoulder surfing attacks. In our paper, we introduce a methodology to study shoulder surfing risks in the insider threat model. Our methodology dissects the authentication process into minimal observations by humans. Further processing is based on simulations. The outcome is an estimate of the number of observations needed to break a mechanism. The flexibility of this approach benefits the design of new mechanisms. We demonstrate the application of our methodology by performing an analysis of the SwiPIN scheme published at CHI 2015. Our results indicate that SwiPIN can be defeated reliably by a majority of the population with as few as 6 to 11 observations. |
| URL | https://dl.acm.org/doi/10.1145/2935334.2935388 |
| DOI | 10.1145/2935334.2935388 |
| Citation Key | wiese_see_2016 |