fakePointer:

Peeping attack in the real world (it is also called "shoulder surfing attack") is one of threats to a user authentication. Although there are some measures against it, we need an another alternative security solution. The reason is that a new attack method emerged and attackers have started to use the method. The attack method is a video capturing. An attacker captures an authentication action (i.e. both a screen and a key operation) as a video record by a miniature video camera. This emerging attack method makes traditional measures insufficient.

I consider that this is a user interface issue, and I propose a "fakePointer" for a solution. The fakePointer has two features to ensure a security against peeping attack with a video camera. One is a unique user interface for a secret input. A major reason to make this attack possible is that a user interface of an authentication forces users to point or type a secret directly. Attackers, theresfore, can identify a secret visually. fakePointer provides a unique user interface to make it hard for them to identify a secret even if they have a video record. The other feature is that the fakePointer randomizes a secret input operation in each authentication. It is also necessary feature for ensuring a security because if an attacker has many video records about a same target's authentication scene, an attacker can extract a secret by statistical analysis.