{"id":"https://openalex.org/W2756320651","doi":"https://doi.org/10.1145/3134600.3134609","title":"Towards Baselines for Shoulder Surfing on Mobile Authentication","display_name":"Towards Baselines for Shoulder Surfing on Mobile Authentication","publication_year":2017,"publication_date":"2017-12-04","ids":{"openalex":"https://openalex.org/W2756320651","doi":"https://doi.org/10.1145/3134600.3134609","mag":"2756320651"},"language":"en","primary_location":{"id":"doi:10.1145/3134600.3134609","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3134600.3134609","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 33rd Annual Computer Security Applications Conference","raw_type":"proceedings-article"},"type":"article","indexed_in":["arxiv","crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/1709.04959","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":null,"display_name":"Adam J. Aviv","orcid":null},"institutions":[{"id":"https://openalex.org/I189158971","display_name":"United States Naval Academy","ror":"https://ror.org/00znex860","country_code":"US","type":"education","lineage":["https://openalex.org/I1330347796","https://openalex.org/I189158971","https://openalex.org/I3130687028"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Adam J. Aviv","raw_affiliation_strings":["United States Naval Academy"],"affiliations":[{"raw_affiliation_string":"United States Naval Academy","institution_ids":["https://openalex.org/I189158971"]}]},{"author_position":"middle","author":{"id":null,"display_name":"John T. Davin","orcid":null},"institutions":[{"id":"https://openalex.org/I189158971","display_name":"United States Naval Academy","ror":"https://ror.org/00znex860","country_code":"US","type":"education","lineage":["https://openalex.org/I1330347796","https://openalex.org/I189158971","https://openalex.org/I3130687028"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"John T. Davin","raw_affiliation_strings":["United States Naval Academy"],"affiliations":[{"raw_affiliation_string":"United States Naval Academy","institution_ids":["https://openalex.org/I189158971"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Flynn Wolf","orcid":null},"institutions":[{"id":"https://openalex.org/I79272384","display_name":"University of Maryland, Baltimore County","ror":"https://ror.org/02qskvh78","country_code":"US","type":"education","lineage":["https://openalex.org/I79272384"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Flynn Wolf","raw_affiliation_strings":["University of Maryland, Baltimore County"],"affiliations":[{"raw_affiliation_string":"University of Maryland, Baltimore County","institution_ids":["https://openalex.org/I79272384"]}]},{"author_position":"last","author":{"id":null,"display_name":"Ravi Kuber","orcid":null},"institutions":[{"id":"https://openalex.org/I79272384","display_name":"University of Maryland, Baltimore County","ror":"https://ror.org/02qskvh78","country_code":"US","type":"education","lineage":["https://openalex.org/I79272384"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Ravi Kuber","raw_affiliation_strings":["University of Maryland, Baltimore County"],"affiliations":[{"raw_affiliation_string":"University of Maryland, Baltimore County","institution_ids":["https://openalex.org/I79272384"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":[],"corresponding_institution_ids":["https://openalex.org/I189158971"],"apc_list":null,"apc_paid":null,"fwci":6.5759,"has_fulltext":false,"cited_by_count":45,"citation_normalized_percentile":{"value":0.9689648,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"486","last_page":"498"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9940999746322632,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11045","display_name":"Privacy, Security, and Data Protection","score":0.9732000231742859,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/credential","display_name":"Credential","score":0.6435999870300293},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5378999710083008},{"id":"https://openalex.org/keywords/authentication","display_name":"Authentication (law)","score":0.5343000292778015},{"id":"https://openalex.org/keywords/mobile-device","display_name":"Mobile device","score":0.5303999781608582},{"id":"https://openalex.org/keywords/android","display_name":"Android (operating system)","score":0.5282999873161316},{"id":"https://openalex.org/keywords/phone","display_name":"Phone","score":0.5034999847412109}],"concepts":[{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7644000053405762},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6891999840736389},{"id":"https://openalex.org/C2777810591","wikidata":"https://www.wikidata.org/wiki/Q16861606","display_name":"Credential","level":2,"score":0.6435999870300293},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5378999710083008},{"id":"https://openalex.org/C148417208","wikidata":"https://www.wikidata.org/wiki/Q4825882","display_name":"Authentication (law)","level":2,"score":0.5343000292778015},{"id":"https://openalex.org/C186967261","wikidata":"https://www.wikidata.org/wiki/Q5082128","display_name":"Mobile device","level":2,"score":0.5303999781608582},{"id":"https://openalex.org/C557433098","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android (operating system)","level":2,"score":0.5282999873161316},{"id":"https://openalex.org/C2778707766","wikidata":"https://www.wikidata.org/wiki/Q202064","display_name":"Phone","level":2,"score":0.5034999847412109},{"id":"https://openalex.org/C2777421447","wikidata":"https://www.wikidata.org/wiki/Q17517","display_name":"Mobile phone","level":2,"score":0.4869999885559082},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.39079999923706055},{"id":"https://openalex.org/C12725497","wikidata":"https://www.wikidata.org/wiki/Q810247","display_name":"Baseline (sea)","level":2,"score":0.382999986410141},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.37459999322891235},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.3718000054359436},{"id":"https://openalex.org/C109297577","wikidata":"https://www.wikidata.org/wiki/Q161157","display_name":"Password","level":2,"score":0.35839998722076416},{"id":"https://openalex.org/C21564112","wikidata":"https://www.wikidata.org/wiki/Q4825885","display_name":"Authentication protocol","level":3,"score":0.2524000108242035}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3134600.3134609","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3134600.3134609","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 33rd Annual Computer Security Applications Conference","raw_type":"proceedings-article"},{"id":"pmh:oai:arXiv.org:1709.04959","is_oa":true,"landing_page_url":"http://arxiv.org/abs/1709.04959","pdf_url":"https://arxiv.org/pdf/1709.04959","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:1709.04959","is_oa":true,"landing_page_url":"http://arxiv.org/abs/1709.04959","pdf_url":"https://arxiv.org/pdf/1709.04959","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1974085702","display_name":null,"funder_award_id":"N00014-15-1-2776","funder_id":"https://openalex.org/F4320337345","funder_display_name":"Office of Naval Research"},{"id":"https://openalex.org/G7931865478","display_name":null,"funder_award_id":"4-15-1-","funder_id":"https://openalex.org/F4320337345","funder_display_name":"Office of Naval Research"},{"id":"https://openalex.org/G8876996369","display_name":null,"funder_award_id":"N00014","funder_id":"https://openalex.org/F4320337345","funder_display_name":"Office of Naval Research"}],"funders":[{"id":"https://openalex.org/F4320311089","display_name":"National Security Agency","ror":"https://ror.org/0047bvr32"},{"id":"https://openalex.org/F4320337345","display_name":"Office of Naval Research","ror":"https://ror.org/00rk2pe57"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":37,"referenced_works":["https://openalex.org/W170161968","https://openalex.org/W1963728774","https://openalex.org/W1976081290","https://openalex.org/W1982771491","https://openalex.org/W1987485968","https://openalex.org/W1988463028","https://openalex.org/W1995628302","https://openalex.org/W2011150020","https://openalex.org/W2014338202","https://openalex.org/W2021087413","https://openalex.org/W2025553284","https://openalex.org/W2028849308","https://openalex.org/W2039031286","https://openalex.org/W2040686253","https://openalex.org/W2044798763","https://openalex.org/W2052525588","https://openalex.org/W2054626033","https://openalex.org/W2075808188","https://openalex.org/W2078483465","https://openalex.org/W2083295738","https://openalex.org/W2097267243","https://openalex.org/W2113580342","https://openalex.org/W2115034095","https://openalex.org/W2121800893","https://openalex.org/W2139094422","https://openalex.org/W2157007820","https://openalex.org/W2159837114","https://openalex.org/W2187107375","https://openalex.org/W2191312859","https://openalex.org/W2254621492","https://openalex.org/W2315247372","https://openalex.org/W2404167293","https://openalex.org/W2512823838","https://openalex.org/W2574685397","https://openalex.org/W2582173949","https://openalex.org/W2611019692","https://openalex.org/W2616345926"],"related_works":[],"abstract_inverted_index":{"Given":[0],"the":[1,28,38,47,120,125,133,204],"nature":[2],"of":[3,23,40,45,75,88,95,168],"mobile":[4],"devices":[5],"and":[6,97,100,200,206],"unlock":[7,9,81,102],"procedures,":[8],"authentication":[10,82,121],"is":[11,53],"a":[12,21,62,73,89,93,139,153],"prime":[13],"target":[14],"for":[15,79,177,231],"credential":[16],"leaking":[17],"via":[18],"shoulder":[19,41,76,212],"surfing,":[20,42],"form":[22],"an":[24,165],"observation":[25,141,201],"attack.":[26],"While":[27],"research":[29],"community":[30],"has":[31],"investigated":[32],"solutions":[33],"to":[34,113,118,143,163,181,195,211,221],"minimize":[35],"or":[36],"prevent":[37],"threat":[39],"our":[43],"understanding":[44],"how":[46],"attack":[48,166],"performs":[49],"on":[50,104,124],"current":[51,80],"systems":[52],"less":[54],"well":[55,190,227],"studied.":[56],"In":[57],"this":[58],"paper,":[59],"we":[60,110],"describe":[61],"large":[63],"online":[64],"experiment":[65],"(n":[66],"=":[67],"1173)":[68],"that":[69,129],"works":[70],"towards":[71],"establishing":[72],"baseline":[74],"surfing":[77,213],"vulnerability":[78,214],"systems.":[83],"Using":[84],"controlled":[85],"video":[86],"recordings":[87],"victim":[90],"entering":[91],"in":[92],"set":[94],"4-":[96],"6-length":[98,155],"PINs":[99,131],"Android":[101,156],"patterns":[103,178],"different":[105,108],"phones":[106],"from":[107],"angles,":[109],"asked":[111],"participants":[112],"act":[114],"as":[115,189,191,226,228],"attackers,":[116],"trying":[117],"determine":[119],"input":[122],"based":[123],"observation.":[126],"We":[127],"find":[128],"6-digit":[130],"are":[132],"most":[134],"elusive":[135],"attacking":[136],"surface":[137],"where":[138],"single":[140],"leads":[142],"just":[144],"10.8%":[145],"successful":[146],"attacks":[147],"(26.5%":[148],"with":[149,158,171,184],"multiple":[150,172,185],"observations).":[151,173,186],"As":[152],"comparison,":[154],"patterns,":[157],"one":[159],"observation,":[160],"were":[161],"found":[162],"have":[164],"rate":[167],"64.2%":[169],"(79.9%":[170],"Removing":[174],"feedback":[175],"lines":[176],"improves":[179],"security":[180,224],"35.3%":[182],"(52.1%":[183],"This":[187],"evidence,":[188],"other":[192],"results":[193],"related":[194,210],"hand":[196],"position,":[197],"phone":[198],"size,":[199],"angle,":[202],"suggests":[203],"best":[205],"worst":[207],"case":[208],"scenarios":[209],"which":[215],"can":[216],"both":[217],"help":[218],"inform":[219],"users":[220],"improve":[222],"their":[223],"choices,":[225],"establish":[229],"baselines":[230],"researchers.":[232]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":5},{"year":2023,"cited_by_count":9},{"year":2022,"cited_by_count":7},{"year":2021,"cited_by_count":6},{"year":2020,"cited_by_count":4},{"year":2019,"cited_by_count":6},{"year":2018,"cited_by_count":3}],"updated_date":"2026-04-10T15:06:20.359241","created_date":"2017-09-25T00:00:00"}