Article we choose to improve: SHOULDER SURFING The proposed structure of the project:

1.0 Introduction

2.0 Occurrences

3.0 Outcomes of the attack

4.0 Tips to prevent Shoulder Surfing Attack

5.0 Methodologies resistant to Shoulder Surfing Attack

 5.1 Graphical authentication password
 5.2 PIN Entry

6.0 See also

7.0 References

Bibliography: 1. Wu, T., Lee, M., Lin, H., & Wang, C. (2013, November 02). Shoulder-surfing-proof graphical password authentication scheme. International Journal of Information Security Int. J. Inf. Secur., 13(3), 245-254. doi:10.1007/s10207-013-0216-7 2. Lee, M. (2014). Security Notions and Advanced Method for Human Shoulder-Surfing Resistant PIN-Entry. IEEE Trans.Inform.Forensic Secur. IEEE Transactions on Information Forensics and Security, 9(4), 695-708. doi:10.1109/tifs.2014.2307671 3.Roth, V., & Richter, K. (2006). How to fend off shoulder surfing. Journal of Banking & Finance, 30(6), 1727-1751. doi:10.1016/j.jbankfin.2005.09.010 4. Goucher, W. (2011). Look behind you: The dangers of shoulder surfing. Computer Fraud & Security, 2011(11), 17-20. doi:10.1016/s1361-3723(11)70116-6

Outcomes of the attacks

edit

shoulder surfing is the act of attempting to gain knowledge through simple observation. the technical outcomes of shoulder surfing could also lead to fraud if an individual is able to view authentication processes. shoulder surfing primarily affects only confidential data, but it turn it also could attacks threats such as impersonation, could also affect integrity and availability as well.[1] The commercial use of graphical password is changing with mobile device. The android phone uses the graphical authentication method even windows 8 device has wide variety of graphical authentication with little research and yet we use and outcomes of those. the results of obtaining these graphical password with no text based or PIN based within mobile and touch device with limited keyboards, may finally lead to mainstream graphical authentication.[2]

Human Threats represents to systems based upon the individual behavior. Human threats can come from inside an organization and its trusted computing zone, or from outside an organization.[3]

Fraud

Fraud occurs when authorized users abuse their rights in order to gain additional information for committing the identity theft. for an example, if an employee try to access and gain information of their customer personal information, address and social security number to use it for commit of identity theft. fraud could significantly affect the confidentiality, integrity and availability of data.

Misrepresentation of Identity

Misrepresentation of Identity threat allows assumptions of the personal identity of someone else through the stolen including: ID cards, PIN numbers, or passwords. for committing the identity theft and this would result in the type of typically affect the confidentiality.

Curiosity

Curiosity may represent authorized users abusing access privileges and rights or curiosity may represent unauthorized users attempting to access unauthorized information. For example, an authorized user within a company who has celebrity clients. The individual user may have access to the company systems, but have no need to view the details of a particular celebrity client's file. Curiosity about the celebrity may cause the employee to attempt to access the celebrity's file.

General outcomes

shoulder surfing defines as using direct observation techniques, such as looking over someone's shoulder, to get information.[4] Shoulder surfing is particularly effective in crowded places because it is relatively easy to observe someone as they:

1. Fill Out a form

2. Enter their PIN at automated teller machine

3. Use a calling card at a public pay phone

4. Enter passwords at a cybercafe, Public and University libraries

5. Enter a code for a rented locker in a public place such as swimming pool or airport.

There are many following opportunities which can also be easily exploited by a shoulder surfer

1. Entering personal information on your laptop while sitting next to a stranger. Are you aware of where that stranger's attention is being focused?

2. Entering Credit card details on your hand-held tablet while the person in line next to you shoots video from his phone. Is that camera aimed in your direction?

3. Confirming your hotel reservation with credit card information while talking on your cell phone. can your conversation be overheard?

class assignment - 16th oct

edit

The preferred changes which i want to include in open API:

I want to add a sentence to "lead section" of open API proposed sentence was

" API's acts as a foundation for building communication channels in the Internet of Things"

Reference:

Siriwardena, P. (2014). Advanced API security: Securing APIs with OAuth 2.0, OpenID connect, JWS. Apress.

Reference: