Using Screen Brightness to Improve Security in Mobile Social Network Access (Aug-2018)
The main aim of this project is to propose the smart way to authenticate the social networking accounts belonging to them by using the screen brightness of android mobiles in order to avoid the spyware attack, shoulder surfing attack, and man in the middle attack.
We propose a brightness based authentication mechanism (i.e., Bright Pass) capable of enhancing the security of identity confirmation PIN codes without asking the user to memorize an additional secret value or to solve a complex cognitive task. This method introduces a new input value that is changed at every usage combining a something you know element (i.e., the PIN) with an interface element that cannot be captured by spyware, i.e., a bright or dark circle displayed on the phone screen to tell the user when to digit the correct PIN digit and when to digit a fake one.
Unlike the existing authentication schemes, Bright Pass does not prevent the spyware from stealing the user’s PIN code. On the contrary, it prevents the malware from correctly inserting the PIN code, thereby disallowing the possibility to perform critical operations without the user’s agreement. Our experiments show that Bright Pass does not hamper usability and provides adequate security for mobile and sensitive applications against different types of spyware that deal with user authentication. Thereby, Bright Pass can increase user confidence in accessing social networks. Our scheme has a level of resilience to attacks that makes it usable as a second level of authentication to guard especially sensitive data and operation, but is also shows a level of usability that makes it usable as a candidate to be the only authentication mechanism available.