How touch screens could shrug off shoulder surfers

THE touch screen is fast becoming our favourite way to interact with computers, from sleek smartphones to the upcoming tablet PCs. Brightly lit, responsive screens are certainly pleasing to use, but they also make it easier for "shoulder surfers" to spy your secret pass codes.

Cellphone users typically spare little thought for such security issues, but as handsets become better equipped to deal with mobile banking and e-commerce applications, shoulder surfing will only increase. New methods of secure pass-code entry for touch screens aim to tackle the problem.

It's not just a question of finding a dark corner and shielding the screen with your hand as you punch in your codes, says Paul Dunphy, a computer scientist at Newcastle University in the UK. For one thing, this is often unpractical. "You need one hand to hold the phone," he points out. But since smartphones are used in all kinds of scenarios, the bar needs to be raised so that even if someone is watching you enter a code, they can't make use of it, says Patrick Olivier, also at Newcastle University.

Reinventing the trusty four-digit PIN is well-trodden ground and already includes a range of alternatives, such as gaze-tracking or fingerprints, but such efforts often require new hardware, says Olivier. Now, with screens that can detect multiple simultaneous touches becoming the norm, new possibilities are emerging, he says.

One example of this, called ColorRings, has been developed by Olivier and Dunphy, along with colleagues David Kim and psychologist Pam Briggs at Northumbria University, also in Newcastle. It is based on the user remembering a sequence of pictorial icons instead of numbers. When entering this code, they are presented with a screen littered with different icons, including their four secret ones. By simply using one or more fingers to drag four different coloured circles - each representing one of four positions in the pass-code sequence - the user positions them so that each encircles the correct icon.

What makes the system so resilient to snoopers is that each ring is large enough to encompass up to six icons, so a snooper will have no way of knowing which icon in each ring is part of the code. Even a spy dedicated enough to observe multiple logins would still have to quickly memorise dozens of different potentially correct icons and combinations each time, says Briggs. "It's simple for the user but complex for the attacker," she says.

Some touch screens, such as Microsoft's table-top system, called Surface, are capable of sensing pressure, offering an alternative route to secure pass-code entry, says Olivier. His team has also developed a face-based authentication system. It requires the user to select a different known face in each of a sequence of grids containing lots of faces. To foil shoulder surfers, the user places three fingers on each grid, highlighting three rows or columns of faces. But they subtly apply additional pressure to the row in which the known face sits to make their actual selection, says Kim. "So the user is not directly selecting each face," he says.

Other groups are attempting to capitalise on the familiarity of PIN systems. In one, developed by Gridsure, near Cambridge in the UK, users first choose a particular pattern of squares in a five-by-five grid, marking out a pattern they can easily remember. When required to enter this they are confronted with a similar grid, with each cell containing a random number (see diagram). To login they just punch in the numbers that appear in their chosen squares. The digits entered will change each time, while the all-important pattern remains only in the user's head, says Gridsure's CEO, Stephen Howes.

Elsewhere, Volker Roth at the Free University of Berlin in Germany has come up with a hybrid approach using four-digit PINs. When entering numbers, users are shown a numerical keypad on which half the keys are coloured white and the other half black, seemingly at random. Instead of pressing these keys, the user is required to press one of two buttons - black or white, depending upon which colour that digit is. Then, the black and white pattern changes, and users must pick black or white again. After four such rounds, the system can identify which single digit corresponds to the sequence of colour changes.

The drawback is that it therefore takes 16 presses to enter a four-digit PIN. Roth admits that this is an issue, but he says that recent trials using a smartphone show that the simple nature of the input means that people learn to perform the 16 presses quickly.

"The fundamental difference is that with a traditional PIN the user always enters the same thing," says Roth, whereas here their input changes each time.

Given the resources, such as recordings of multiple logins, snoopers could potentially compromise any of these systems. "But that's a much bigger hill to climb than someone shoulder-surfing a normal PIN," says Howes. Gadget lovers, rest assured.

Courtesy Computer Crime