jump to navigation

User Authentication in Multimedia September 26, 2013

Posted by karlkaluzny in Security.

In recent years, there have been unprecedented advancements in technology.  Along with these advancements in technology, the use of technology in general has become much more widespread.  New advancements in technology and more widespread use of it will necessarily introduce more security risks.  The widespread use of technology in public settings has greatly increased the risk of the shoulder surfing attack.  The paper titled “Secure User Authentication in Multimedia Systems” [1], discusses current methods for user authentication security in multimedia systems.  The paper discusses the weaknesses in these methods and then provides a sample solution.

The authors performed a literature survey on the existing user authentication techniques.  The findings revealed that almost all user authentication techniques require the user to enter some sort of credentials in order to gain access to a system.  A main flaw in this practice is that a potential hacker could physically observe the user input this authentication.  This practice is called shoulder surfing.  Shoulder surfing is defined as “using direct observation techniques, such as looking over someone’s shoulder, to get information.” [2]. This attack is commonly used in crowded public areas where user authentication takes place, such as a ATM machines or publically accessible computers.  Two authentication methods were discussed which are resistant to the shoulder surfing attack.  These two methods were a graphical password system and a formula-based system.  However each of these methods has disadvantages, including a very slow login process.

In order to efficiently combat this shoulder surfing attack, the authors proposed a scenario in which a mobile client connects to a nearby public terminal using Bluetooth connectivity.  The system will “introduce the challenge response mechanism for authentication via low range ad hoc connectivity.” [1] It is the claim of the author that the use of Bluetooth technology would simplify the authentication process, and that the security issues in this situation would be due to the Bluetooth communication itself.

I do have a couple of issues with the conclusions made by the authors.  This solution only applies in a situation in which a mobile client is attempting to public terminal.  Additionally, this solution relies on the security of the transfer of information in Bluetooth technology, which I believe has known issues.  What is your opinion of Bluetooth security and if effectiveness in its use as method for user authentication?

Additionally, a claim made in the paper was that “Different authors have proposed their solutions to mitigate this attack but the prevailing method of authentication still require user name and password.”  This will necessarily be susceptible to attacks such as shoulder surfing.  Is this traditional method of the user entering authentication information unavoidable, or is there another way to achieve the same goal?



[1] Shakir Ullah Shah, Fazl-e-Hadi, Fahad bin Muhaya, Secure User Authentication in Multimedia Systems, Future Information Technology (Future Tech), 2010 5th International Conference on, Pages 1-4.

[2] http://searchsecurity.techtarget.com/definition/shoulder-surfing



No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: