Undercover: Authentication Usable in Front of Prying Eyes

A large number of security attacks and scams have occurred in the recent times due to the ability of the criminal to monitor user behaviors. Observation attacks include social engineering attacks like phishing. The paper focuses on foiling observation attacks for the duration of authentication, when the perpetrator proves his or her identity as someone else's. Authentication is required from activities like turning on a cell phone to accessing a computer. A legitimate user should be capable of authenticating successfully, while an unauthorized user should not be able to do that. Biometric authentication is also vulnerable to observation attacks. This paper investigates the big challenge to achieve usable and protected authentication schemes that are resilient to observation attacks. To prevent observation attacks a portion of the authentication procedure should be difficult to observe. The paper analyzes that this may be achieved by a system design that enables the user to hide the portion of the authentication procedure. It depicts the design implementation and novel class evaluation of user authentication methods that recover easily from observation attacks. A model is built based on user response got though low fidelity checks. A usability study along with a security analysis of the model with 38 participants is conducted. The results portray that users can validate within times similar to the graphical password system, with comparatively low error rates, even as being significantly better protected in opposition to observation attacks. Design and evaluation procedures enable outline designing principles for authentication systems that are observation resilient.