Proposal of Puzzle Authentication Method with Video Recording Attack Resistance
日隈, 光基 ,
山場, 久昭 ,
久保田, 真一郎岡崎, 直宣
268 , 2017-07-31 , 宮崎大学工学部
Currently, user authentication methods such as PINs, passwords and so on, are used to protect important and private data in mobile devices. However, those existing methods are not sufficiently safe against shoulder surfing attacks. Attackers can easily steal PIN codes or passwords. To prevent such attacks, the puzzle authentication method was proposed. In the method, users unlock their devices thorough solving a “puzzle." A user drags an orb to adjacent positions, and the dragged orb swaps places with the orb already there. The authentication will succeed when all of the orbs corresponding to characters of the password are put into the designated positions. The special feature of this method is that users have fun while they unlock their devices. However, it was also known that the method has several drawbacks. First, the method is not strong enough against brute-force attacks. Next, the correct answer is easily revealed by shooting the authenticated screen using a video camera. In this study, several improvements were made to the method to overcome brute-force attacks and video recording attacks. The improved authentication method was implemented and experiments for evaluation were carried out.