CipherCard: Enhancing Security on Common Touchscreen Devices using Two-factor Authentication

Thumbnail
View
2014-1063-14.pdf
Download
Author
Seyed, Teddy
Yang, Xing-Dong
Tang, Anthony
Greenberg, Saul
Gu, Jiawei
Zhu, Bin
Cao, Xiang
Accessioned
2014-10-29T21:26:44Z
Available
2014-10-29T21:26:44Z
Issued
2014-10-29
Other
User authentication, two-factor authentication, capacitive touchscreen
Subject
Information interfaces and presentation, User Interfaces, Graphical user interfaces
Type
Technical Report
Video
Metadata
Show full item record

Abstract
We present CipherCard, a physical token that defends against shoulder-surfing attacks on user authentication on touchscreen devices. Placed over a touchscreen pin-pad, CipherCard remaps a user’s touch points on the physical token to different locations on the pin-pad (i.e. as a substitution cipher). It translates a visible user password into a different system password received by a touchscreen, hiding the system password from observers. CipherCard enhances authentication security through Two-Factor Authentication (TFA), in that both the correct user password and a specific card are needed for authentication. We explore the design space of CipherCard, and describe three implemented variations each with unique capabilities. Based on user feedback, we discuss the security and usability implications of CipherCard, and describe several avenues for continued exploration.
Refereed
No
Corporate
University of Calgary
Faculty
Science
Doi
http://dx.doi.org/10.5072/PRISM/30659
Uri
http://hdl.handle.net/1880/50246
Collections