The growing importance of smart devices calls for effective user authentication mechanisms. We argue that state-of-the-art authentication mechanisms are either vulnerable to known attacks or do not meet usability needs. To address this problem, we designed NomadiKey, a user-to-device authentication mechanism based on nomadic keyboard keys. NomadiKey increases security level by placing keys at different screen coordinates each time it is activated. Besides, NomadiKey preserves usability by maintaining the traditional relative position of keys. To increase security even further, we also design an extension to NomadiKey that uses out-of-band channels to thwart shoulder-surfing adversaries. We compare NomadiKey with other user authentication mechanisms under different attacks using statistical models and simulation. We also evaluate NomadiKey's usability with 20 users. Our results show that NomadiKey increases security compared to widely deployed PIN authentication with limited impact on authentication times.

• 出版日期2018-2