FakePointer: An Authentication Scheme for Improving Security against Peeping Attacks Using Video Cameras

Peeping attacks in the real world are a threat to user authentication. What is worse, an emerging attack method such as video capture makes traditional measures against peeping attack insufficient. This paper presents a unique user authentication scheme named "fakePointer'' as a solution to peeping attacks conducted by video capture. It makes it difficult for attackers to obtain a secret even if someone captures an authentication scene using a video camera. The fakePointer has two unique features to ensure security against such a peeping attack. One is that fakePointer provides a double-layered interface for a secret input. This interface makes it difficult for attackers to identify a legitimate user's secret even if they have a video record showing a target user's authentication action. The other feature is that fakePointer uses two secrets: a fixed secret and a disposable secret. This feature enables change of a secret input operation in each authentication, which is also a necessary feature for ensuring security. This feature makes it difficult to extract a secret by statistical inference even if an attacker has many video records of the same user.