---

In the realm of digital security, the imperative for secure and ergonomic input devices is increasingly critical. The keycube, a novel cubic keyboard, introduces an innovative method of data entry by featuring key switches on five of its six faces. This design targets enhanced user mobility and reduced physical strain. In this study, we aim to investigate the effectiveness of the keycube in preventing Shoulder Surfing Attacks (SSA), providing a comparative analysis against conventional 2D input devices such as desktop keyboards, laptop keyboards, and phone keypads.

Shoulder surfing is a form of social engineering attack where an individual observes a victim's input on a device to steal sensitive information. The primary goal of SSA is to capture passwords, PINs, or other confidential data. This can occur through two main methods:

1. Direct Observation: The attacker physically positions themselves close enough to the victim to observe their input directly. This could be achieved by standing behind the victim or sitting next to them in a public place such as a cafe, airport, or office.

2. Remote Observation: This method employs various devices such as binoculars, cameras, or other recording tools to capture input from a distance. Remote observation is typically more covert, allowing attackers to remain unnoticed while still obtaining sensitive information.

For this study, we will primarily focus on remote observation due to its increasing prevalence and sophistication in real-world scenarios.

The objective of this study is to ascertain whether the keycube's unique design provides superior protection against SSA in comparison to traditional 2D input devices. The study evaluates the visibility of the input surface from various observation points and analyses the security implications of the keycube’s character layout.

A standard desktop keyboard presents a flat, 2D surface. When an observer is positioned directly above it, the entire keyboard is visible, posing a significant risk for SSA.

Similar to a desktop keyboard, a laptop keyboard is also a 2D surface. However, the raised screen can obscure some keys from certain angles, slightly reducing the risk compared to a desktop keyboard.

Phone keypads and other small input devices, such as card terminals, are 2D surfaces that can be easily moved. This mobility can provide some protection against direct SSA, but the small size makes them more vulnerable to close-up observation.

The keycube, with its 3D structure, offers a more complex surface for observation. An observer would need to stand in a specific position to view different faces of the cube, making it more challenging to capture all input.

The QWERTY layout is the most common keyboard configuration. The fixed positions of frequently used characters make it easier for an observer to guess the input based on partial visibility.

The keycube features a unique character layout. This originality, combined with the necessity for an observer to stand in a specific position to view different faces, could increases security. The irregular character distribution further complicates the observer's ability to deduce input.

Natural language, the way humans communicate, follows specific linguistic rules such as syntax (sentence structure), semantics (meaning), and pragmatics (contextual use). When creating passwords, these rules can inadvertently make certain combinations more predictable. For instance, common phrases or easily guessable patterns (like "password123") are vulnerable. Therefore, understanding and manipulating these linguistic rules can help in developing more secure passwords that are less likely to be deduced from partial observations.

To test password robustness, the study will utilise techniques from linguistic analysis and natural language processing (NLP). Key techniques include:

• Tokenisation: This process divides text into individual units such as words or characters, which can then be analysed separately. In the context of SSA, tokenisation helps in examining how partial visibility of input can still lead to recognition of certain patterns or words.

• Lemmatisation: This reduces words to their base or root forms (e.g., "running" becomes "run"). Lemmatisation helps in understanding how an observer might interpret visible characters by recognising the underlying structure of the language.

The experiment will employ these techniques to simulate SSA scenarios, evaluating how effectively different passwords withstand partial recognition attempts. By understanding these aspects of language construction and partial recognition, the study aims to highlight strategies for creating passwords that are more resistant to SSA, especially when using devices like the keycube.

This study will explore the potential of the keycube, with its 3D structure and unique character layout, to offer superior protection against SSA compared to traditional 2D input devices. The research will be conducted in two main phases:

1. Mathematical and Theoretical Approach: This phase will involve developing mathematical models and theoretical frameworks to understand the visibility and security implications of different input devices. By analysing the geometrical and spatial characteristics of the keycube versus traditional keyboards, we aim to predict their susceptibility to SSA.

2. Experimental Approach: This phase will include practical experiments to empirically test the effectiveness of the keycube against SSA. These experiments will involve simulating real-world SSA scenarios, where observers attempt to capture input from various devices. Data will be collected and analysed to compare the security performance of the keycube with that of desktop keyboards, laptop keyboards, and phone keypads.

By combining these two approaches, we aim to provide a comprehensive assessment of the keycube's effectiveness in mitigating Shoulder Surfing Attacks.

1. Chou-Tac. "How to draw a cube (2-point perspective)," The Design Sketchbook.