Keylogging-resistant Visual Authentication Protocols
advertisement
TRANSACTIONS ON MOBILE COMPUTING, VOL. 1, NO. 8, AUGUST 2014 1 Keylogging-resistant Visual Authentication Protocols DaeHun Nyang, Member, IEEE, Aziz Mohaisen, Member, IEEE, Jeonil Kang, Member, IEEE, 30 Average Click Time for Each Digit (in seconds) A PPENDIX A. Numeric Keyboard with Blank Space. The box plot of the raw time measures (per subject) is shown in Figure 1(a) for 4 digit PIN case and in Figure 1(b) for 8 digit PIN case. Figure 2 shows how much time users spent to click each digit on average. Regardless of the length of PINs, users spent 2.130s on minimum, 4.918s on median, and 9.112s on maximum in clicking the first digit. 16 14 12 10 8 6 4 2 0 V16 V14 V10 V13 V9 V2 V17 V12 V7 V19 V6 V4 V18 V20 V15 V11 V3 V1 V5 V8 (a) 4 Digit PIN 20 15 10 5 V1 V2 V3 V4 V5 V6 V7 V8 V9 V10 V11 V12 V13 V14 V15 V16 V17 V18 V19 V20 (a) 4 Digit PIN 30 Time (in seconds) 25 20 Average Click Time for Each Digit (in seconds) Time (in seconds) 25 16 14 12 10 8 6 4 2 0 V16 V14 V10 V13 V9 V2 V17 V12 V7 V19 V6 V4 V18 V20 V15 V11 V3 V1 V5 V8 15 (b) 8 Digit PIN 10 5 V1 V2 V3 V4 V5 V6 V7 V8 V9 V10 V11 V12 V13 V14 V15 V16 V17 V18 V19 V20 Fig. 2. Stacked average click times for each digits. The time to click the first digit takes 2/3 of the whole authentication time in the 4 digit PIN case and 1/2 in the 8 digit PIN case. (b) 8 Digit PIN Fig. 1. Box plots of users response time when inputting different passwords with length 4 and 8 digits in our protocol’s experiment. (with 1.5 × IQR whiskers) D. Nyang and J. Kang are with the School of Computer and Information Engineering of Inha University, Incheon, Korea. J. Kang is the corresponding author; e-mail: dreamx@seclab.inha.ac.kr. This work was supported by Inha University, Republic of Korea A. Mohaisen is with VeriSign Labs, Reston, VA 20190, USA. B. Alphanumeric Keyboard. Normal QWERTY Keyboard. The box plot of the raw time measures (per subject) is shown in Figure 3(a) for 4 characters case and in Figure 3(b) for 8 characters case. Random Alphanumeric Keyboard. The box plot of the raw time measures (per subject) is shown in Figure 4(a) for 4 characters case and in Figure 4(b) for 8 characters case. Our protocol. The box plot of the raw time measures (per subject) is shown in Figure 5(a) for 4 characters case and in Figure 5(b) for 8 characters case. Finally, Table I shows the average time (per 10 trials) and success rate when inputting alphanumeric passwords using our protocol. TRANSACTIONS ON MOBILE COMPUTING, VOL. 1, NO. 8, AUGUST 2014 2 30 Time (in seconds) 25 20 15 10 5 V21 V22 V23 V24 V25 V26 V27 V28 V29 V30 V31 V32 V33 V34 V35 V36 V37 V38 V39 V40 (a) 4 Characters 30 20 15 10 60 5 50 V21 V22 V23 V24 V25 V26 V27 V28 V29 V30 V31 V32 V33 V34 V35 V36 V37 V38 V39 V40 (b) 8 Characters Fig. 3. Box plots of the different measurements of the users response time when inputting different passwords with length 4 and 8 characters with the case study 1 (with 1.5 × IQR whiskers). Time (in seconds) Time (in seconds) 25 40 30 20 10 V21 V22 V23 V24 V25 V26 V27 V28 V29 V30 V31 V32 V33 V34 V35 V36 V37 V38 V39 V40 (a) 4 Characters Time (in seconds) 60 45 Time (in seconds) 40 30 20 10 40 35 V21 V22 V23 V24 V25 V26 V27 V28 V29 V30 V31 V32 V33 V34 V35 V36 V37 V38 V39 V40 30 (b) 8 Characters 25 20 Fig. 5. Box plots of the different measurements of the users response time when inputting different passwords with length 4 and 8 characters in protocol’s experiment (with 1.5 × IQR whiskers). 15 10 5 V21 V22 V23 V24 V25 V26 V27 V28 V29 V30 V31 V32 V33 V34 V35 V36 V37 V38 V39 V40 (a) 4 Characters 45 40 Time (in seconds) 50 35 30 25 20 15 10 5 V21 V22 V23 V24 V25 V26 V27 V28 V29 V30 V31 V32 V33 V34 V35 V36 V37 V38 V39 V40 (b) 8 Characters Fig. 4. Box plots of the different measurements of the users response time when inputting different passwords with length 4 and 8 characters with the case study 2 (with 1.5 × IQR whiskers). TRANSACTIONS ON MOBILE COMPUTING, VOL. 1, NO. 8, AUGUST 2014 3 TABLE I R ESULTS OF THE USER STUDIES WITH ALPHANUMERIC KEYBOARD . T HE TIME IS THE AVERAGE TIME PER 10 TRIALS ( IN SECONDS ) FOR EACH USER ( ROW ) TO INPUT THE PASSWORD . T HE KEYBOARD ON THE SMARTPHONE IS RE - RANDOMIZED AT EACH TIME . T HE SUCCESS IS COMPUTED OUT OF 10 TRIALS PER EACH USER . V21 V22 V23 V24 V25 V26 V27 V28 V29 V30 V31 V32 V33 V34 V35 V36 V37 V38 V39 V40 pwd (4) t4pw data code usa8 head 1213 1596 4455 2222 1317 bhnj 2168 0712 aple save cola asdf 0503 u137 uku0 normal t 9.40 10 3.89 9 4.56 9 6.00 10 4.10 10 4.60 10 4.20 10 2.50 10 3.00 10 2.89 9 3.70 10 4.10 10 4.20 10 4.80 10 2.90 10 2.70 10 3.60 10 4.22 9 5.40 10 4.00 10 4.24 9.8 random t 13.90 10 13.00 10 10.10 10 10.20 10 13.30 10 6.70 10 6.60 10 4.10 10 5.00 10 5.50 10 10.10 10 5.60 10 6.10 10 11.20 10 10.10 10 9.30 10 23.40 10 5.30 10 9.40 10 8.60 10 9.38 10 our t 25.20 27.60 21.10 18.50 25.30 14.80 16.90 16.80 13.10 24.60 28.10 19.50 23.00 20.00 24.10 24.00 18.11 16.44 16.70 16.90 20.57 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 9 9 10 10 9.9 pwd (8) aplegw2j keywords asdfnews microarm networks jjae1213 mbc2356z dd4455ee 78061622 ucsl1317 1116baek 66272168 88061100 hjh37267 20110714 cocacola 19830325 babosmjk coffee20 terminal normal t 7.78 9 7.33 9 6.40 10 10.25 8 9.50 4 6.40 10 6.50 10 3.80 10 8.50 10 6.13 8 6.30 10 5.80 10 5.40 10 6.11 9 5.44 9 5.20 10 7.20 10 7.33 9 8.30 10 7.30 10 6.74 9.25 random t 17.67 9 19.33 9 22.30 10 13.20 10 24.00 10 11.00 9 14.29 7 9.40 10 10.70 10 15.10 10 19.00 9 8.40 10 8.40 10 11.40 10 11.29 7 16.10 10 17.30 10 16.00 10 11.44 9 18.30 10 14.77 9.45 our t 43.00 37.60 29.70 24.90 39.30 23.44 30.60 23.60 34.40 39.90 30.50 24.90 18.70 26.50 25.20 27.25 25.70 35.13 22.63 25.90 29.44 9 10 10 10 10 9 10 10 10 10 10 10 10 10 10 8 10 8 8 10 9.6
