GraphNeighbors: Hampering Shoulder-Surfing Attacks on Smartphones

Irfan Altiok, Sebastian Uellenbeck, Thorsten Holz

GI Si­cher­heit - Schutz und Zu­ver­läs­sig­keit, Jah­res­ta­gung des Fach­be­reichs Si­cher­heit der Ge­sell­schaft für In­for­ma­tik, Vienna, Austria, March 2014


Today, smartphones are widely used and they already have a growing market share of more than 70 % according to recent studies. These devices often contain sensitive data like contacts, pictures, or even passwords that can easily be accessed by an attacker if the phone is not locked. Since they are mobile and used as everyday gadgets, they are susceptible to get lost or stolen. Hence, access control mechanisms such as user authentication are required to prevent the data from being accessed by an attacker. However, commonly used authentication mechanisms like PINs, passwords, and Android Unlock Patterns suffer from the same weakness: they are all vulnerable against different kinds of attacks, most notably shoulder-surfing. A promising strategy to prevent shoulder-surfing is to only enter a derivation of the secret during the authentication phase.

In this paper, we present a novel authentication mechanism based on the concept of graphical neighbors to hamper shoulder-surfing attacks. Results of a usability evaluation with 100 participants show that our implementation called GraphNeighbors is applicable in comparison to commonly used authentication mechanisms.


Tags: authentication, mobile, security;