| Peer-Reviewed

Role of Shoulder Surfing in Cyber Security (Experimental Study to the Comparative Framework)

Received: 23 August 2023     Accepted: 7 September 2023     Published: 18 September 2023
Views:       Downloads:
Abstract

Shoulder surfing attacks pose a significant threat to the security of sensitive information, such as passwords, social security numbers, and credit card details. In these attacks, malicious individuals strategically position themselves to observe a victim's screen and keyboard inputs covertly. As the security landscape evolves, researchers are actively exploring alternative authentication methods to replace traditional textual passwords. However, evaluating the resilience of these authentication systems against shoulder surfing attacks has been a complex task. This research aims to provide a comprehensive framework for objectively assessing the vulnerability of authentication mechanisms to shoulder surfing attacks. Through a systematic analysis, our study reveals intriguing insights. Notably, it demonstrates that pictorial passwords are more susceptible to shoulder surfing than their textual counterparts. This susceptibility arises from the ease with which attackers can visually capture and recall graphical representations. However, our research also highlights the potential for designing graphical authentication schemes that can resist shoulder surfing attempts effectively. While visual passwords exhibit inherent vulnerability due to their visibility, creative design choices can mitigate these risks. Furthermore, we found that textual passwords, while less susceptible to shoulder surfing, face limitations due to their smaller character pool size. In conclusion, this study sheds light on the nuanced landscape of authentication mechanisms and their susceptibility to shoulder surfing attacks. By providing a robust set of measures for objective analysis, our research serves as a valuable resource for developing and implementing secure authentication solutions. It emphasizes the importance of considering both usability and security factors when designing authentication systems to combat the persistent challenge of shoulder surfing attacks.

Published in American Journal of Computer Science and Technology (Volume 6, Issue 3)
DOI 10.11648/j.ajcst.20230603.12
Page(s) 102-108
Creative Commons

This is an Open Access article, distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution and reproduction in any medium or format, provided the original work is properly cited.

Copyright

Copyright © The Author(s), 2023. Published by Science Publishing Group

Keywords

Shoulder Surfing, Observer, Attacker, Surfer, Security, Privacy

References
[1] Angeli, A. D., Coventry, L., Johnson, G., Renaud, K., (2005). Is a picture worth a thousand words? Exploring the feasibility of graphical authentication systems. Int. J. Hum.-Comput. Stud. 63 (1), 128–152. https://doi.org/10.1016/j.ijhcs.2005.04.020.
[2] Antonella De Angeli, Lynne Coventry, Graham Johnson, and Karen Renaud. (2005). Is a picture really worth a thousand words? Exploring the feasibility of graphical authentication systems. International Journal of Human-Computer Studies 63, 1 (2005), 128–152. https://doi.org/ 10.1016/j.ijhcs.2005.04.020 HCI research in privacy and security.
[3] Adam J. Aviv, John T. Davin, Flynn Wolf, and Ravi Kuber. (2017). Towards Baselines for Shoulder Surfing on Mobile Authentication. In Proceedings of the 33rd Annual Computer Security Applications Conference (ACSAC 2017). ACM, New York, NY, USA, 486–498. https://doi.org/10.1145/ 3134600.3134609
[4] Leon Boˇsnjak and Boˇstjan Brumen. (2019). Rejecting the Death of Passwords: Advice for the Future. Computer Science and Information Systems 16, 1 (2019), 313332.
[5] Botjan Brumen. (2019). Security analysis of Game Changer Password System. International Journal of Human-Computer Studies 126 (2019), 44–52. https://doi.org/10.1016/j.ijhcs.2019.01.004
[6] Ashley A. Cain, Liya Chiu, Felicia Santiago, and Jeremiah D. (2016) Still. 2016. Swipe Authentication: Exploring Over-the-Shoulder Attack Performance. In Advances in Human Factors in Cybersecurity, Denise Nicholson (Ed.). Springer International Publishing, Cham, 327–336.
[7] H. Sun, S. Chen, J. Yeh, and C. Cheng. (2018). A Shoulder Surfing Resistant Graphical Authentication System. IEEE Transactions on Dependable and Secure Computing 15, 2 (March 2018), 180–193. https://doi.org/10. 1109/TDSC.2016.2539942
[8] Matt Weir, Sudhir Aggarwal, Michael Collins, and Henry Stern. (2010). Testing Metrics for Password Creation Policies by Attacking Large Sets of Revealed Passwords. In Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS ’10). ACM, New York, NY, USA, 162–175.
[9] Marran Zabin Aldossari, “A Survey on Phishing Attacks in Cyberspace”, IJC, vol. 41, no. 1, pp. 46–58, Dec. 2021.
[10] Aldossari, Marran and Zhang, Dongsong, "D&L: A Natural Language Processing Based Approach for Protecting Sensitive Information from Shoulder Surfing Attacks" (2023). AMCIS 2023 Proceedings. 7.
[11] Tabassum, M., Alqhatani, A., Aldossari, M., & Richter Lipford, H. (2018, April). Increasing user attention with a comic-based policy. In Proceedings of the 2018 chi conference on human factors in computing systems (pp. 1-6).‏
[12] Aldossari, M. (2023). The use of text recognition, lip reading, and object detection for protecting sensitive information from shoulder surfing attacks (Order No. 30529612). Available from ProQuest Dissertations & Theses Global. (2840101210). Retrieved from https://www.proquest.com/dissertations-theses/use-text-recognition-lip-reading-object-detection/docview/2840101210/se-2
[13] Zimmeck, Sebastian, Rafael Goldstein, and David Baraka. "PrivacyFlash Pro: Automating Privacy Policy Generation for Mobile Apps." NDSS. Vol. 2. 2021.‏
[14] Bui, D., Shin, K. G., Choi, J. M., & Shin, J. (2021). Automated Extraction and Presentation of Data Practices in Privacy Policies. Proc. Priv. Enhancing Technol., 2021 (2), 88-110.‏
[15] Kitkowska, A., Warner, M., Shulman, Y., Wästlund, E., & Martucci, L. A. (2020). Enhancing privacy through the visual design of privacy notices: Exploring the interplay of curiosity, control and affect. In Sixteenth Symposium on Usable Privacy and Security (SOUPS 2020) (pp. 437-456).‏
Cite This Article
  • APA Style

    Marran Aldossari, Abdullah Albalawi. (2023). Role of Shoulder Surfing in Cyber Security (Experimental Study to the Comparative Framework). American Journal of Computer Science and Technology, 6(3), 102-108. https://doi.org/10.11648/j.ajcst.20230603.12

    Copy | Download

    ACS Style

    Marran Aldossari; Abdullah Albalawi. Role of Shoulder Surfing in Cyber Security (Experimental Study to the Comparative Framework). Am. J. Comput. Sci. Technol. 2023, 6(3), 102-108. doi: 10.11648/j.ajcst.20230603.12

    Copy | Download

    AMA Style

    Marran Aldossari, Abdullah Albalawi. Role of Shoulder Surfing in Cyber Security (Experimental Study to the Comparative Framework). Am J Comput Sci Technol. 2023;6(3):102-108. doi: 10.11648/j.ajcst.20230603.12

    Copy | Download

  • @article{10.11648/j.ajcst.20230603.12,
      author = {Marran Aldossari and Abdullah Albalawi},
      title = {Role of Shoulder Surfing in Cyber Security (Experimental Study to the Comparative Framework)},
      journal = {American Journal of Computer Science and Technology},
      volume = {6},
      number = {3},
      pages = {102-108},
      doi = {10.11648/j.ajcst.20230603.12},
      url = {https://doi.org/10.11648/j.ajcst.20230603.12},
      eprint = {https://article.sciencepublishinggroup.com/pdf/10.11648.j.ajcst.20230603.12},
      abstract = {Shoulder surfing attacks pose a significant threat to the security of sensitive information, such as passwords, social security numbers, and credit card details. In these attacks, malicious individuals strategically position themselves to observe a victim's screen and keyboard inputs covertly. As the security landscape evolves, researchers are actively exploring alternative authentication methods to replace traditional textual passwords. However, evaluating the resilience of these authentication systems against shoulder surfing attacks has been a complex task. This research aims to provide a comprehensive framework for objectively assessing the vulnerability of authentication mechanisms to shoulder surfing attacks. Through a systematic analysis, our study reveals intriguing insights. Notably, it demonstrates that pictorial passwords are more susceptible to shoulder surfing than their textual counterparts. This susceptibility arises from the ease with which attackers can visually capture and recall graphical representations. However, our research also highlights the potential for designing graphical authentication schemes that can resist shoulder surfing attempts effectively. While visual passwords exhibit inherent vulnerability due to their visibility, creative design choices can mitigate these risks. Furthermore, we found that textual passwords, while less susceptible to shoulder surfing, face limitations due to their smaller character pool size. In conclusion, this study sheds light on the nuanced landscape of authentication mechanisms and their susceptibility to shoulder surfing attacks. By providing a robust set of measures for objective analysis, our research serves as a valuable resource for developing and implementing secure authentication solutions. It emphasizes the importance of considering both usability and security factors when designing authentication systems to combat the persistent challenge of shoulder surfing attacks.},
     year = {2023}
    }
    

    Copy | Download

  • TY  - JOUR
    T1  - Role of Shoulder Surfing in Cyber Security (Experimental Study to the Comparative Framework)
    AU  - Marran Aldossari
    AU  - Abdullah Albalawi
    Y1  - 2023/09/18
    PY  - 2023
    N1  - https://doi.org/10.11648/j.ajcst.20230603.12
    DO  - 10.11648/j.ajcst.20230603.12
    T2  - American Journal of Computer Science and Technology
    JF  - American Journal of Computer Science and Technology
    JO  - American Journal of Computer Science and Technology
    SP  - 102
    EP  - 108
    PB  - Science Publishing Group
    SN  - 2640-012X
    UR  - https://doi.org/10.11648/j.ajcst.20230603.12
    AB  - Shoulder surfing attacks pose a significant threat to the security of sensitive information, such as passwords, social security numbers, and credit card details. In these attacks, malicious individuals strategically position themselves to observe a victim's screen and keyboard inputs covertly. As the security landscape evolves, researchers are actively exploring alternative authentication methods to replace traditional textual passwords. However, evaluating the resilience of these authentication systems against shoulder surfing attacks has been a complex task. This research aims to provide a comprehensive framework for objectively assessing the vulnerability of authentication mechanisms to shoulder surfing attacks. Through a systematic analysis, our study reveals intriguing insights. Notably, it demonstrates that pictorial passwords are more susceptible to shoulder surfing than their textual counterparts. This susceptibility arises from the ease with which attackers can visually capture and recall graphical representations. However, our research also highlights the potential for designing graphical authentication schemes that can resist shoulder surfing attempts effectively. While visual passwords exhibit inherent vulnerability due to their visibility, creative design choices can mitigate these risks. Furthermore, we found that textual passwords, while less susceptible to shoulder surfing, face limitations due to their smaller character pool size. In conclusion, this study sheds light on the nuanced landscape of authentication mechanisms and their susceptibility to shoulder surfing attacks. By providing a robust set of measures for objective analysis, our research serves as a valuable resource for developing and implementing secure authentication solutions. It emphasizes the importance of considering both usability and security factors when designing authentication systems to combat the persistent challenge of shoulder surfing attacks.
    VL  - 6
    IS  - 3
    ER  - 

    Copy | Download

Author Information
  • Department of Computer Science, College of Computing and Information Technology, Shaqra University, Shaqra, Saudi Arabia

  • Department of Computer Science, College of Computing and Information Technology, Shaqra University, Shaqra, Saudi Arabia

  • Sections