Int. J. Trust Management in Computing and Communications, Vol. 3, No. 2, 2015 93 Copyright © 2015 Inderscience Enterprises Ltd. HoneyString: an improved methodology over tag digit-based honeypot to detect shoulder surfing attack Nilesh Chakraborty* and Samrat Mondal Department of Computer Science and Engineering, Indian Institute of Technology Patna, Patna, Bihar, India Email: nilesh.pcs13@iitp.ac.in Email: samart@iitp.ac.in *Corresponding author Abstract: Shoulder surfing attack is often a matter of concern if one is using a public computer system to submit her login credentials. Many methodologies have been proposed by the researchers to prevent such attack. Most of the schemes require high cognitive skills from user end and due to that these schemes are less implementable in real life scenario. So instead of prevention, we work on developing detection of shoulder surfing attack as the detection scheme requires less cognitive overhead than prevention schemes. In this paper, we have proposed a detection mechanism termed as HoneyString which overcomes the limitation of previously proposed tag digit-based scheme. HoneyString provides robust security against DoS attack which was a limitation in the previously proposed scheme. A comparative analysis shows that the proposed scheme has higher detection rate and requires less login time than the existing scheme. Keywords: authentication; password; partially observable; trust management; shoulder surfing attack; honeyWord; security. Reference to this paper should be made as follows: Chakraborty, N. and Mondal, S. (2015) ‘HoneyString: an improved methodology over tag digit-based honeypot to detect shoulder surfing attack’, Int. J. Trust Management in Computing and Communications, Vol. 3, No. 2, pp.93–114. Biographical notes: Nilesh Chakraborty received his Master degree from Department of Information Technology, National Institute of Technology Durgapur in 2013. He is currently pursuing his PhD in Computer Science and Engineering Department from Indian Institute of Technology Patna. His current research area includes security and privacy. Samrat Mondal is an Assistant Professor at Computer Science and Engineering Department of IIT Patna, India. He received his PhD degree from IIT Kharagpur in 2010. He is a member of the IEEE. He has published several research papers in reputed international journals and conferences. His primary research interests include security and privacy and database systems. This paper is a revised and expanded version of a paper entitled ‘Tag digit based honeypot to detect shoulder surfing attack’ presented at 2nd International Symposium of Security in Computing and Communications (SSCC) 2014, Greater Noida GCET, India, 24–27 September 2014.