Hybrid Images with Biometric Authentication to Avoid Shoulder-Surfing Attacks
DOI:
https://doi.org/10.64149/J.Carcinog.24.8s.17-32Keywords:
Shoulder-surfing attack, Hybrid Image, Illusion-PIN (IPIN), OTP, Biometric AuthenticationAbstract
A shoulder-surfing attack aims to acquire personal data such as passwords and sensitive user credentials. It does not require special technical knowledge, just observation of the user's inputs. The rapid advancement of surveillance technology and covert tools, including closed-circuit cameras, is leading to an increase in shoulder surfing attacks. To resist them, an authentication approach is proposed that combines several defensive techniques, such as an Illusion Personal Identification Number (IPIN), entered via a virtual keypad. The approach employs a hybrid image displaying two keypads, or a hybrid keypad overlaying another designed for direct and indirect lines of sight, seeking the shortest distance at which an attacker is incapable of tracking the inputs. The approach uses an innovative algorithm to shuffle the keypads for each authentication session, as well as a novel keypad pattern exclusive to the IPIN. Even if an attacker remembers the spatial layout of the keypad, they will be unable to trace the IPIN in the next session. To provide more security, the IPIN approach has been added to biometric authentication (fingerprint) and one-time-password (OTP) verification to proposed a new approach to prevent this kind of attack. The proposed approach was tested in terms of usability, clarity, user awareness of an attack, and ease of use of these blended techniques. The suitability of the proposed approach was examined for vital departments within organizations. In addition, the proposed approach was compared with other authentication systems to gauge resilience against certain attacks. The results are promising, although as an authentication approach, continuous enhancements are required, including testing with a larger number of users.
