A secure pin-entry method resistant to shoulder-surfing and recording attacks / Farid Binbeshr

Author

Binbeshr FaridFollow

Date of Award

9-1-2022

Thesis Type

phd

Document Type

Thesis (Restricted Access)

Divisions

fsktm

Department

Department of Computer System & Technology

Institution

Universiti Malaya

Abstract

The regular PIN-entry method has been considered the most common method of authentication for systems and networks. However, PINs are easy to be captured through shoulder-surfing and recording attacks. An adversary may shoulder surf the authentication session to obtain the PIN. He or she may use a video-recording device to record a user while performing authentication and later reproduce the PIN. It is also possible that the adversary might install spyware on the compromised device and capture the user input and screen content. This problem with the regular PIN-entry method could be attributed to the involuntary nature of entering the original PIN during authentication. A plethora of PIN-entry methods have been proposed in the literature to mitigate such attacks. They are categorised into direct input and indirect input methods according to the way of entering the original PIN. Unfortunately, these methods either provide no protection against shoulder-surfing and recording attacks (video-based and spyware-based) or hamper the PIN-entry method’s usability or compatibility. In this research, an indirect input method that employs the challenge-response approach is proposed in order to produce a One Time PIN (OTP) that obscures the original PIN. Three versions of the proposed PIN-entry method are designed. Two user studies were conducted; preliminary and primary. The preliminary user study was used to find the best version of the proposed PIN-entry method. The primary user study was used to evaluate the security and usability of the best version and compared it with the related work. The results of the user study manifest that the proposed PIN-entry method provides better security than the existing PIN-entry methods while maintaining an acceptable level of usability. Moreover, the user feedback fully supports the use of the proposed PIN-entry method in critical-security situations.

Note

Thesis (PhD) – Faculty of Computer Science & Information Technology, Universiti Malaya, 2022.

Recommended Citation

Farid, Binbeshr, "A secure pin-entry method resistant to shoulder-surfing and recording attacks / Farid Binbeshr" (2022). Student Works (2020-2029). 1319.
https://knova.um.edu.my/student_works_2020s/1319