Two-Thumbs-Up: Physical Protection For Pin Entry Secure Against Recording Attacks

Creator

Dae Hun Nyang, Inha University
Hyoungshick Kim, Sungkyunkwan University
Woojoo Lee, Inha University
Sung bae Kang, Inha University
Geumhwan Cho, Sungkyunkwan University

Keywords

Authentication; Personal Identification Number (PIN); Physical shielding; Recording attack; Smartphone; User studies

Abstract

We present a new Personal Identification Number (PIN) entry method for smartphones that can be used in security-critical applications, such as smartphone banking. The proposed “Two-Thumbs-Up” (TTU) scheme is resilient against observation attacks such as shoulder-surfing and camera recording, and guides users to protect their PIN information from eavesdropping by shielding the challenge area on the touch screen. To demonstrate the feasibility of TTU, we conducted a user study for TTU, and compared it with existing authentication methods (Normal PIN, Black and White PIN, and ColorPIN) in terms of usability and security. The study results demonstrate that TTU is more secure than other PIN entry methods in the presence of an observer recording multiple authentication sessions.

Publication Date

9-1-2018

Publication Title

Computers and Security

Volume

78

Number of Pages

1-15

Document Type

Article

Personal Identifier

scopus

DOI Link

https://doi.org/10.1016/j.cose.2018.05.012

Copyright Status

Unknown

Socpus ID

85048979846 (Scopus)

Source API URL

https://api.elsevier.com/content/abstract/scopus_id/85048979846

STARS Citation

Nyang, Dae Hun; Kim, Hyoungshick; Lee, Woojoo; Kang, Sung bae; and Cho, Geumhwan, "Two-Thumbs-Up: Physical Protection For Pin Entry Secure Against Recording Attacks" (2018). Scopus Export 2015-2019. 7323.
https://stars.library.ucf.edu/scopus2015/7323