— The user authentication is widely used in the automatic teller machines (ATMs) and many Internet services. Recently, the crimes that ATM passwords are stolen using a small charge-coupled device (CCD) cameras have increased. In addition, in the mobile environment, there is a high risk of observation attacks that steal passwords, because many people possess devices such that camera-equipped mobile phones and miniature cameras. In this paper, we propose the authentication methods that are secure against the brute-force and video recording attacks. In the article, a video-recording attack is defined as an attacker’s analysis of videos, in which a user’s password entry operations are recorded once or twice, in order to obtain the user’s password. We propose a basic method and an improved method. In the basic method, a user must provide the correct entry position of each password beforehand. On the other hand, in the improved method, a user does not need to provide any information beforehand, other than the password. The relative security of the two proposed methods is then evaluated.
— Observation attacks, password authentication method.
Y. Hirakawa is with the Information Science Engineering Department, Shibaura Institute of Technology, Tokyo, Japan (e-mail: firstname.lastname@example.org).
Cite: Y. Hirakawa, " Random Board: Password Authentication Method with Tolerance to Video-Recording Attacks," International Journal of Innovation, Management and Technology vol. 4, no. 5, pp. 455-460, 2013.