CipherCard: Enhancing Security on Common Touchscreen Devices using Two-factor Authentication

Seyed, T., Yang, X.D., Tang, A., Greenberg, S., Gu, J., Zhu, B. and Cao, X (2014)
CipherCard: Enhancing Security on Common Touchscreen Devices using Two-factor Authentication. Research report 2014-1063-14, Department of Computer Science, University of Calgary, Calgary, Alberta, Canada, September. Paper plus video, video duration 3:52.

View Publication and Related Materials

PDF PaperPDF Paper (2014-Cyphercard.Report2014-1063-14.pdf)
Video FileVideo File (2014-Cyphercard.Report2014-1063-14.mp4)

Abstract

We present CipherCard, a physical token that defends against shoulder-surfing attacks on user authentication on touchscreen devices. Placed over a touchscreen pin-pad, CipherCard remaps a user's touch points on the physical token to different locations on the pin-pad (i.e. as a substitution cipher). It translates a visible user password into a different system password received by a touchscreen, hiding the system password from observers. CipherCard enhances authentication security through Two-Factor Authentication (TFA), in that both the correct user password and a specific card are needed for authentication. We explore the design space of CipherCard, and describe three implemented variations each with unique capabilities. Based on user feedback, we discuss the security and usability implications of CipherCard, and describe several avenues for continued exploration.

Keywords

User authentication, two-factor authentication, capacitive touchscreen

Bibtex entry

@TECHREPORT { 2014-Cyphercard.Report2014-1063-14,
CLASS = { REPORT },
AUTHOR = { Seyed, T. and Yang, X.D. and Tang, A. and Greenberg, S. and Gu, J. and Zhu, B. and Cao, X },
TITLE = { CipherCard: Enhancing Security on Common Touchscreen Devices using Two-factor Authentication },
YEAR = { 2014 },
MONTH = { September },
INSTITUTION = { Department of Computer Science, University of Calgary },
ADDRESS = { Calgary, Alberta, Canada },
PAGES = { 4 pages plus video figure },
NUMBER = { 2014-1063-14 },
KEYWORDS = { User authentication, two-factor authentication, capacitive touchscreen },
NOTE = { Paper plus video, video duration 3:52 },
}